Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

[Steltek]

Exactly, same technique can be used for cleaning as well.

Sure. Except, that it will also be beyond the abilities of most people to do it. And that is presuming that you can get to it before the AMD AGESA mitigations for Ryzen 5000 and up are installed. Once that is done, if that malware is in there you probably wouldn't be able to get to it to remove it.

That is why these type of UEFI exploits are so dangerous. Lenovo also had one confirmed one specific to their machines in the last couple of years.

Though, I suspect there are probably some depressed government spooks out there now throwing back a few.

 

[Steltek]

Hmm. I kinda agree, but I'm sure their suits have a reason, even if that reason kinda sucks. Like "this CPU is out of warranty". Or whatever. Would it really cost them that much to plug the hole on AM4 across the board? I should think not!

Exactly.

Especially since AM4 isn't a valid, active platform for them. I mean, they haven't released any new AM4 CPUs for two whole weeks!

Their logic regards to not fixing Ryzen 3000 and below is same kind of arrogant, stupid fuzzy logic that Intel always seems to parse out. And, hey, look where that kind of logic got Intel!

 

[JustViewing]

As a home user, does it really matter? If hacker gets physical access to your machine and knows your password then it is game over for you anyway.

 

[moinmoin]

As a home user, does it really matter? If hacker gets physical access to your machine and knows your password then it is game over for you anyway.

Yeah, if you never buy or sell used I guess you are not affected.

 

[Steltek]

Yeah, if you never buy or sell used I guess you are not affected.

This is really my only concern about this.

I used to prefer buying older hardware so I wouldn't have to pay the "new and greatest stuff" tax, especially with the way prices have skyrocketed in recent years. The longevity of AM4 has really helped in that regard.

These days, it is difficult to find a GPU that probably hasn't been mined to death and hard drives/SSDs that are disguised worn out data center drives. Now we have to worry about what someone selling motherboards might have done to them.

Getting to the point where it isn't worth the risk of messing with it anymore.

 

[JustViewing]

Just curious, what type of network protocol it uses? Can't they be blocked in router?

 

[Steltek]

Just curious, what type of network protocol it uses? Can't they be blocked in router?

I don't follow the question.

 

[JustViewing]

I don't follow the question.

A hacker to utilize the exploit(after the exploit), they need to access the machine through Internet. So what I am wondering is, if we disable the protocols/ ports used for PSP/Management engine, this should theoretically block access to the exploit.

 

[Steltek]

A hacker to utilize the exploit(after the exploit), they need to access the machine through Internet. So what I am wondering is, if we disable the protocols/ ports used for PSP/Management engine, this should theoretically block access to the exploit.

SMM isn't accessible via Internet - it is only accessible via the CPU during the boot cycle. Once the malware is installed via the SMM exploit, the SMM isn't ever needed again.

As previously stated, due to the nature of the flaw direct physical access to the machine would be needed to do it in the first place (which, the seller of a used motherboard for instance, would have at their convenience). However, once it is done, it never needs to be re-accessed again as the UEFI SMM memory section is infected. Especially if they infect it and then install the AMD AGESA mitigation update to prevent it from ever being accessible again.

Now, how it could be used is up in the air as nobody has really seen a malicious exploit of this yet. Doesn't mean there isn't one out there, though, given hackers tend to be very creative and this exploit has existed for 18 straight years....

 

[igor_kavinski]

A hacker to utilize the exploit(after the exploit), they need to access the machine through Internet.

I think for this SMM flaw, they need physical access to the machine. Hence my concern over used AMD hardware from dubious sources.

 

[JustViewing]

I think for this SMM flaw, they need physical access to the machine. Hence my concern over used AMD hardware from dubious sources.

Assume you bought a compromised hardware. You format and install fresh software. So after this, how can a hacker access this PC? To be useful for hacker, the hacker needs to send command to the PSP. Without internet access, I would assume it is pretty much useless for hacker. The management engine can be accessed through internet, that is how in enterprise environment they manage (my speculation). So my question is, can this be blocked from the router?

 

[Steltek]

Assume you bought a compromised hardware. You format and install fresh software. So after this, how can a hacker access this PC? To be useful for hacker, the hacker needs to send command to the PSP. Without internet access, I would assume it is pretty much useless for hacker. The management engine can be accessed through internet, that is how in enterprise environment they manage (my speculation). So my question is, can this be blocked from the router?

That is a question I can't answer as I have never messed with AMD SMM or even Intel's own separate version.

 

[igor_kavinski]

So my question is, can this be blocked from the router?

Possibly, if you maintain a strict whitelist or maybe configure the router to strictly use 9.9.9.9 or 1.1.1.1 for DNS resolution.

But hackers, especially state sponsored ones, can easily get VMs from a cloud provider and pose them as genuine business servers whilst receiving traffic from compromised hosts. And even the 9s or 1s DNS trick may fail there coz they sure as hell won't block traffic going to a cloud provider. That would cause all sorts of outage for essential and e-commerce sites hosted on the popular cloud services.

 

[JustViewing]

According to ChatGPT, AMD PSP doesn't have direct network access. It has to work with host OS. Intel's one uses ports 6992, 16993 for network.

The AMD Platform Security Processor (PSP) does not typically expose itself directly through specific network ports in the same way that Intel's Management Engine (IME) and its associated Intel Active Management Technology (AMT) do. The PSP is primarily focused on secure operations within the system, such as cryptographic functions, secure boot, and memory encryption, rather than remote management over a network.

Key Points about AMD PSP and Network Ports:​

1. No Direct Network Interface:
   • Unlike Intel AMT, which uses specific network ports (e.g., 16992, 16993) for remote management, the AMD PSP doesn't have a direct network interface exposed for remote management tasks.
2. Internal Communication:
   • The PSP operates within the system's hardware, communicating directly with the CPU and other components, rather than over a network. Its primary functions involve securing the boot process, managing cryptographic keys, and enabling features like Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV).
3. Management Overhead:
   • While the PSP is involved in security management, any remote management functions (if implemented) are typically handled by other layers of the system, such as the system's operating system, BIOS/UEFI firmware, or additional enterprise management software, rather than the PSP directly.

Blocking or Managing PSP Functions:​

Since the PSP doesn’t use specific network ports for direct communication, there isn’t a straightforward way to block it via network port blocking as you might with Intel AMT. Instead, any concerns about the PSP's activity are typically addressed through:

• BIOS/UEFI Settings: You may have options to disable certain security features that rely on the PSP, like Secure Boot or specific encryption technologies, although disabling the PSP entirely is generally not possible.
• Firmware Updates: Ensuring your system's firmware is up-to-date is critical for addressing any vulnerabilities related to the PSP.

Summary:​

The AMD PSP is primarily a security-focused processor embedded within AMD systems and does not utilize specific network ports for remote management like Intel's AMT. Therefore, it cannot be managed or blocked via network port filtering in the same way. Concerns about its activity are typically addressed through BIOS/UEFI settings and firmware updates.

 

[PingSpike]

It seems like you could install the patch for 5000 series, buy an infected motherboard and still be screwed.

It was never clear to me if Intel management engine can access the network unless you're using an Intel NIC (common). Logically the management engine needs some kind of low level driver integration and Intel dogfooding probably provides that, but since AMD doesn't make any NICs they'd need a close partnership to make that a reality. That may limit the blast radius on this one.

 

[DAPUNISHER]

AMD will patch 3000 series after all - https://www.tomshardware.com/pc-com...es-course-and-will-patch-ryzen-3000-after-all

 

[Steltek]

AMD will patch 3000 series after all - https://www.tomshardware.com/pc-com...es-course-and-will-patch-ryzen-3000-after-all

I'm glad for this, as the 3000 series were a pretty popular CPU family and I'm sure a lot of them are still in service.

 

[Paratus]

I’ve got a 2950. That rounds up to 3000 so I’m good. Right?

 

[moinmoin]

AMD will patch 3000 series after all - https://www.tomshardware.com/pc-com...es-course-and-will-patch-ryzen-3000-after-all

AMD should stop this inane procedure of first stating no support of older products and then partially reversing course on that soon after. A clear messaging from the start would be much more appreciated, even if it were of the kind of "old unsupported products are not our priority anymore, but we will eventually get to them at some point".

 

[Steltek]

AMD should stop this inane procedure of first stating no support of older products and then partially reversing course on that soon after. A clear messaging from the start would be much more appreciated, even if it were of the kind of "old unsupported products are not our priority anymore, but we will eventually get to them at some point".

They originally clearly said they had no intention of doing it. Probably if only to encourage the sales of new chips (it is not like they didn't have the ability to easily and cheaply issue a new AGESA release for Ryzen 3000).

But most corporations are PR creatures and will bow to public demand to avoid bad PR (especially one coming off a PR flop as bad as the one related to the Ryzen 9000 launch debacle).

Look at Intel. Despite being Intel, they actually had to take notice of what all the peons where saying and were (eventually) forced to bow to pressure.

 

[moinmoin]

They originally clearly said they had no intention of doing it.

That's exactly what I dislike about the situation (they did exactly the same about supporting older chips using newer chipsets on AM4). Stick to it if you think that's really what you want to state. Don't even state it to begin with if there's even a tiny chance you may renege on it anytime soon anyway.

 

[igor_kavinski]

Unfortunately, everyone tries to get away with doing the least possible amount of work. Doing the right thing is not the first priority for most people/companies these days.

It could also be some sort of PR ploy. First say no. Then say we'll do it because we care about our customers so much.

Doing it right away wouldn't have generated so much publicity.

Faced this issue with a Chinese seller on Aliexpress who was refusing to flash the mobo before shipping. He was like, no way I'm gonna do it. Several times no. I kept telling him that the CPU I'm gonna install may not work (i7-5775C). Finally, he said, yes I will do it. Just like that. I don't know what made him change his mind. But I think he did it on purpose. To show me that it was a big deal for him and he was going to give me special treatment by flashing it now. So I would feel grateful. Psychological manipulation crap.