AMD could have patched them months before hand as a normal security update and no one would ever know who CTS-Labs are and Viceroy couldn't have shorted their stock for profit (which they probably didn't anyways because AMD barely budged).
Now we need ASMedia to speak because their flaw(s) affect lots of boards out there.
This is as a fact the fourth consecutive post not adding anything to the analysis. Without a single argument. Hardly invalidate it.It is the inverse occam's razor approach.
AMD has responded to the reports last week of a range of security flaws affecting its Platform Security Processor (PSP) and chipset. The company acknowledges the bugs and says that, in coming weeks, it will have new firmware available to resolve the PSP bugs. These firmware fixes will also mitigate the chipset bugs.
Israeli firm CTS identified four separate flaw families, naming them Masterkey (affecting Ryzen and Epyc processors), Ryzenfall (affecting Ryzen, Ryzen Pro, and Ryzen Mobile), Fallout (hitting only Epyc), and Chimera (applying to Ryzen and Ryzen Pro systems using the Promonotory chipset).
Masterkey, Ryzenfall, and Fallout are all problems affecting the Platform Security Processor (PSP), a small ARM core that's integrated into the chips to provide certain additional features such as a firmware-based TPM security module. The PSP has its own firmware and operating system that runs independently of the main x86 CPU. Software running on the x86 CPU can access PSP functionality using a device driver, though this access is restricted to administrator/root-level accounts. The PSP is also typically not exposed to guest virtual machines, so virtualized environments will typically be protected.
In theory, the PSP is able to keep secrets even from the x86 CPU; this ability is used for the firmware TPM capability, for example. However, the Ryzenfall and Fallout bugs enable an attacker to run untrusted, attacker-controlled code on the PSP. This attacker code can disclose the PSP's secrets, undermining the integrity of the firmware TPM, AMD's encrypted virtual memory, and various other platform features.
The Masterkey bug is worse; the PSP does not properly verify the integrity of its firmware. A system that enabled a malicious firmware to be flashed could have a malicious PSP firmware permanently installed, persisting across reboots.
The Chimera bug affects a chipset found in many, but not all, Ryzen systems. The chipset includes its own embedded processor and firmware, and flaws in these mean that an attacker can again run untrusted, attacker-controlled code on the chipset. CTS said that these flaws represent a backdoor, deliberately inserted to enable systems to be attacked, but offered no justification for this claim. As with the PSP flaws, exploiting this requires administrator access to a system.
AMD's response today agrees that all four bug families are real and are found in the various components identified by CTS. The company says that it is developing firmware updates for the three PSP flaws. These fixes, to be made available in "coming weeks," will be installed through system firmware updates. The firmware updates will also mitigate, in some unspecified way, the Chimera issue, with AMD saying that it's working with ASMedia, the third-party hardware company that developed Promontory for AMD, to develop suitable protections. In its report, CTS wrote that, while one CTS attack vector was a firmware bug (and hence in principle correctable), the other was a hardware flaw. If true, there may be no effective way of solving it.
The nature of these problems does not seem substantially different from an earlier PSP flaw publicized in January; that flaw concerned the firmware TPM and, again, allowed the execution of attacker-controlled code on the PSP. That bug appeared to receive little fanfare or attention. Neither do they seem to be significantly different from the numerous flaws that have been found in Intel's equivalent to PSP, the Management Engine (ME). Indeed, some of the Intel ME bugs are rather worse, as they can in some situations be exploited remotely.
The striking thing about the bugs was not their existence but rather the manner of their disclosure. CTS gave AMD only 24 hours notice before its public announcement that it had found the flaws. Prior to reporting the problems to AMD, CTS also shared the bugs, along with proofs of concept, with security firm Trail of Bits so that Trail of Bits could validate that the bugs were real and could be exploited the way that CTS described. While the computer security industry has no fixed, rigid procedure for disclosing bugs to vendors, a 90-day notice period is far more typical.
This short notice period led Linux creator Linus Torvalds to say that CTS' report "looks more like stock manipulation than a security advisory."
This perception wasn't helped when short-seller Viceroy Research (which claims to have no relationship with CTS) said that the flaws were "fatal" to AMD and, that its share price should drop to $0, and that the company should declare bankruptcy. Such a valuation is obviously absurd: the PSP is non-essential (some Ryzen firmware allows it to be disabled, albeit at the loss of some functionality), its flaws can be repaired with a firmware update, and the flaws can only be exploited by an attacker with superuser access to the system. To suggest that such bugs should not merely hurt AMD's share price, but drive the company out of business entirely, with nothing salvageable from the Zen architecture, AMD's x86 license, its long-term contracts with Microsoft and Sony, or its GPU architecture, plainly has no possible factual justification.
What has that to do with this?I'm not buying intel processor again ever, as long as I have option to buy a good amd processor.
I can't see what would provoke such a reaction regarding the topic, except that you were looking for the excuse to make such a post.I'm not buying intel processor again ever, as long as I have option to buy a good amd processor.
I'm not buying intel processor again ever, as long as I have option to buy a good amd processor.
WTF? Why? I am actually thinking of buying an Intel CPU just because of their long(er) term value on the used market.
I can't see what would provoke such a reaction regarding the topic, except that you were looking for the excuse to make such a post.
Well, I believe AMD chips are badly flawed then, and I'm not buying any.Or because I believe Intel sponsored this bs.
Well, I believe AMD chips are badly flawed then, and I'm not buying any.
There, now you are countered.
All mine show as patched for Meltdown, so no problem. Only one reports being slower, and that's the oldest Intel chip and I can't tell in normal use.Except that's not believable, because we know that intel's chips have the more serious Meltdown flaw/bug.
All mine show as patched for Meltdown, so no problem. Only one reports being slower, and that's the oldest Intel chip and I can't tell in normal use.
Sure, but I think the patches are not really noticeable to average home users except when running benches.Patched or not, it is still a far more serious flaw/bug. So what if you say you can't notice any slow downs in normal use, in many cases the patches do affect performance. That's been proven, let's not rewrite history. Whether it's noticeable in certain scenarios is a subjective measurement, that's why we have industry standard benchmarks. Anyway this is off topic, my post was just meant to be tongue in cheek as i'm sure yours was.
Your going to buy the top dog for the chipset? In the end it's the only one that really holds it's value.
Nice to see the way overblown issues are going to be taken care of in a reasonable amount of time.
In one year zen2 is here in 7nm. I wouldnt bet on residual value on anything cpu related when it hits market. Then zen3 on euv aprox 1.5 year later. Those times are gone where much value is kept. At least in the next 3-4 years until it perhaps stalls due to the process wall.Well i doubt i need to buy the top dog, i think that the i5 8400 will be worth buying... But then again what are AMD's new cpu's going to do? Intel is still king on the used market, but who knows that might change in the future...
Yeah eventually Intel's used CPU's will take a dive. The biggest reason the value stalls out is that Intel still produces them new for years after a new CPU release and never ever fluctuates on price. What is going to happen with Zen2 and on is basically anything pre- Coffee Lake, is going to find itself not being as valuable, outside repairs and system critical uses. Maybe Kaby Lake unlocks might hold up as a beacon of the last great ST performer might hold off a drop. But it is really going to be hard as Intel competes with AMD on cores, and AMD itself lowering the cost of highly competitive cores, for these low core models to hold any real value.In one year zen2 is here in 7nm. I wouldnt bet on residual value on anything cpu related when it hits market. Then zen3 on euv aprox 1.5 year later. Those times are gone where much value is kept. At least in the next 3-4 years until it perhaps stalls due to the process wall.
We will see latency on zen plus but if its solid improved and added to some freq uplift the corrosion of used stuff is already starting slowly in a month.
CTS-LABS RESPONSE TO AMD’S INITIAL ASSESSMENT OF VULNERABILITIES
- We believe AMD is attempting to downplay the significance of the vulnerabilities
- Our view is AMD’s suggested timeline for its patches roll out is drastically optimistic – we believe a number of the fixes are likely to take months, not weeks
- We believe the AMD flaws have potential to turn a local problem into a network-wide problem
- Notably, AMD did not provide a time estimate for patching CHIMERA
Our view is that AMD is attempting to downplay the significance of its vulnerabilities by emphasizing that they require local administrative access. Let us be clear: AMD’s argument that administrative access “effectively grants the user unrestricted access to the system” is factually false and contradicts the company’s own past statements. If administrative access grants users complete access to the system, then why did AMD design and implement security measures such as the Secure Processor? In fact, isolation of secure information from admin-privilege users is a central design idea behind the Secure Processor.
Attackers think of computers as nodes in a network. Successful cyber-attacks always begin with a complete compromise of a single computer which includes local administrative access. Phishing attacks are routinely successful in modern organizations. The challenge for attackers is then to spread out into other computers. This is exactly what the AMD vulnerabilities provide by allowing Windows Credential Guard to be bypassed.
AMD’s flaws turn a local problem into a network-wide problem. Furthermore, once attackers have reached an AMD machine, they can become entrenched there beyond the reach of almost all security products, likely forcing a CISO to physically remove that machine from the network.
We firmly believe that AMD’s suggested roll-out timeline for its patches is also drastically optimistic. In our view, any change in the Secure Processor firmware must undergo two consecutive layers of integration and Quality Assurance (QA). First, the patching must pass AMD’s own QA. Second, it must be transferred over to the OEMs for OEM-specific QA for every product that includes affected AMD processors. In the case of the Ryzen chipset affected by CHIMERA, there is yet another layer of QA for ASMedia -- the IP provider.
Notably, AMD did not provide a time estimate for patching CHIMERA. This vulnerability includes two sets of manufacturer backdoors on Ryzen chipsets identified by CTS, one of which is scorched into the hardware itself -- implemented in ASIC and fabricated into the chip. These backdoors cannot be physically removed and would require either a complicated workaround or hardware replacement. We therefore believe that AMD’s unrealistic estimate that it will take “weeks” to deliver the patches to AMD customers will be proven false. Time will tell, but we see a timeline where ‘weeks’ could turn into months.
Furthermore, the manufacturer backdoors left in its Ryzen and Ryzen Pro chipsets – a central motherboard component – portray, in our opinion, a level of neglect that is reminiscent of the late 1990s. This raises questions about whether this IP was audited before integration.
In addition, it appears that the chipset and the Secure Processor are missing industry standard mitigations against exploitation such as Stack Canaries. The lack of such mitigations makes it exceedingly easy for attackers to exploit security vulnerabilities once they are discovered.
If AMD customers had the capability to disable the Secure Processor by severing its communications interface with the main processor, as advertised in the description of the recently released “Disable PSP” feature, this would have provided AMD customers with a solution against at least some of the vulnerabilities. Currently, the feature only disables the fTPM, while leaving the vulnerabilities exploitable.
Finally, and perhaps most concerning of all, is the fact that six security researchers, albeit highly experienced, managed to identify 13 distinct security vulnerabilities in the flagship products of an $11B company with comparably infinite budget for security, and over a period of only six months.
Regardless of views on how we communicated the information, the fact remains that this further raises a red flag about the overall state of affairs in AMD Product Security.
wow they are going the double down option, did not expect that one.CTS-Labs is at it again. Basically saying AMD is lying. I don't want link to their site, but its on their main page if you want a couple extra paragraphs.
All I can say, is that after round one, their credibility is ZERO, and they still have not proved anything AMD said is wrong, just opinion.