Slashdot Mirror
AMD Releases Spectre v2 Microcode Updates for CPUs Going Back To 2011 (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: AMD has released CPU microcode updates for processors affected by the Spectre variant 2 (CVE-2017-5715) vulnerability. The company has forwarded these microcode updates to PC and motherboard makers to include them in BIOS updates. Updates are available for products released as far as 2011, for the first processors of the Bulldozer line. Microsoft has released KB4093112, an update that also includes special OS-level patches for AMD users in regards to the Spectre v2 vulnerability. Similar OS-level updates have been released for Linux users earlier this year. Yesterday's microcode patches announcement is AMD keeping a promise it made to users in January, after the discovery of the Meltdown and Spectre (v1 and v2) vulnerabilities.
Sandy bridge Intel still hasn't been patched, and that's only a few years old.
What about my 486DX-40?
#DeleteFacebook
Now to apply it to my desktops
-- Tigger warning: This post may contain tiggers! --
but not my Phenom II 840 (quad-core) from 2010. Both are still going strong after all these years.
This is the last non-backdoored x86 CPU available, so that's especially painful. I'm using a 6-way Phenom II myself, and it's adequate for pretty much all tasks I do: none of pieces of software I maintain is big enough, and despite me doing tons of mentoring, stuff that gets sponsored is no LibreOffice or llvm-toolchain.
But then, for secure tasks I can use Allwinner A64 in a Pinebook -- turns out a murderous repressive communist country produces trustworthy hardware while the "land of the free" that sports that 4th Amendment does not.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Every x86 CPU since 386SL is backdoored with SMM, on AMD side too.
The 2011 AMD CPUs were the first with PSP, IOW, backdoors built right in.
intel backdoored their CPUs back in 2009, so they need to patch well before that, too.
Please elaborate.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
It's worth noting AMD has said that Spectre 2 is virtually impossible to exploit on the Zen architecture. Even AMD engineers were unable to create a working exploit for it. Of coarse, they still have to release a patch for it to be on the safe side.
It's a special processor mode that runs above everything else, including the OS and a hypervisor (if present). It's been shown to be insecure even on UEFI-based systems allowing persistent rootkits. It's also possible to use an exploit to elevate from ring-0 to SMM therefore owning the entire computer..
https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf
But there's a lot more examples if you just searhc for it online. Including Wikileaks materials of NSA exploits for it.
I highly doubt that the motherboard makers are going to make new BIOS releases for seven year old motherboards.
So may be we'll see updates to HP's DL385 servers etc., but most private users will stay at the status quo.
but not my Phenom II 840 (quad-core) from 2010. Both are still going strong after all these years.
This is the last non-backdoored x86 CPU available, so that's especially painful.
Which backdoor do you mean? PSP (the equivalent to Intel Management Engine) is not found on the Bulldozer family, which was being developed and sold until Ryzen came out (and it's probably still available). On the mobile and low-power market, they were quicker to change into a new architecture (Bobcat to Jaguar) so PSP appeared there around 2013.
Escher was the first MC and Giger invented the HR department.
Creimer left Slashdot for YouTube. You can find him there. He started posting videos from Silicon Valley Comic Con.
Theres no way in hell i am taking a 30% performance decrease because of some theoretical memory exploit..
I have been purposely avoiding any 2018 firmwares for just this reason!
But it would be nice to get a confirmation of my bias as things may have changed. Even a 10% performance hit would be not worth it imho. So some rogue process can read a random part of the computers memory. I'm sure some clever person will figure out a way to exploit it, but I am not buying the hype that this is a super big deal at the current time.
As a potential lottery winner, I totally support tax cuts for the wealthy
I'm also running a Phenom II in my main house machine. Works fine with the things I do with it - browsing, CD ripping, etc - but I use a much more modern processor in my work machine...
I was going to build a new machine this winter, but the price of GPUs kinda discouraged me from that endeavour.
And the worms ate into his brain.
Jesus christ, asshole. No one cares about your creimer fixation. No one.
But then, for secure tasks I can use Allwinner A64 in a Pinebook -- turns out a murderous repressive communist country produces trustworthy hardware while the "land of the free" that sports that 4th Amendment does not.
How many binary blobs do you have to run to get full functionality out of your Allwinner-based system? How much do you trust those blobs? Last I checked, kernel mainlining of the A64 had stalled, do you know better?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Works perfectly on Pine64, for Pinebook I use anarsoul's tree; mainlining of that is waiting for dp work that was sluggish but recently gained pace. You also need patched u-boot, but patched ATF is in Debian (and lookie who's packaging that part :) ).
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
will supermicro update there old 6XXX boards
k10 was still being sold at that point, and a lot of us stuck with it due to Bulldozer's lackluster performance.
Better than Intel is ok, but AMD only had like 3 fucking uArches during that period and they couldn't bother to at least cover all the DDR3 ones?
The RockChip model from the Pine64 guys is across the board better, including up to 4GB of LPDDR3.
Finally a cheap SBC whose memory specs make it a 'minimal 2d desktop replacement'. It still won't do the 3d lifting for a composited desktop or gaming, but it is big enough to run a few dozen tabs in Firefox without crashing or grinding to a halt, unlike alternative boards. Or run a pretty decent sized web frontend for someone who really needs it.
Oh also in one of these discussions somebody mentioned having trouble with SATA storage adapters and Linux: You might read up on the UAS driver and how it broke a lot of devices that worked with the usb-storage driver, but whose firmware doesn't properly support the featureset that UAS probes the device for. The Hitachi Touro series of usb drives have this problem for instance, to the point of not only not booting, but not enumerating during plug and play operations either. I have yet to find a documented approach that works (blacklisting the uas driver doesn't seem to work on fedora at least.) End result unless you stick to kernel 3.12 is a variety of usb devices may be broken, if you choose the wrong one.
There is no patch for pre-2011 CPU, but are they vulnerable? If I understand correctly, Spectre stems from optimization that are present in recent CPU.
Do we have a list of affected AMD processors?
I didn't read that, but backdoored isn't the same as exploitability. So, you sound more like a tinfoiler than researcher.
WARNING!!! CREIMER IS BACK!!
Despite the fat virgin's claims of being on YouTube, the shit moth is alive and well on Slashdot!
MOD DOWN!!!!
Yet here you are, you fat pest.
Well, I have a Pine A64+, but I certainly don't trust it, and I won't until it's a) mainlined and b) functions completely without closed blobs. It's a cool little piece of kit, and it's fun to play with, but it's just a toy. I've had it do a few different minor tasks, and it actually seems like pretty good hardware.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Considering how often you accused other people of being creimer (last week it was datavirture), no one believes you. Buy a clue and get a fucking life.
Every AC is the same you, sugar tits?