The problem is the AMD PSB functionality in itself. It should be considered malware like the Intel managament engine and thus refused by users. It's a second processor that runs a proprietary firmware signed by the vendor (that the user cannot modify or substitute entirely with a FLOSS alternative) that vendors can use do harm to the user.
The AMD PSB can also be used to lock down a processor to enforce secure boot and thus don't let you run an unsigned operating system, i.e. no longer allowing you to run Linux on your machine that comes out of the factory with Windows preinstalled. That would be a very very bad thing.
Unfortunately both for Intel and AMD you don't have choices these days. I'm hoping someone develops a processor based on the RISCV architecture (a free architecture that doesn't include that shit) to be used in a computer entirely under the control of the user (hardware and software) and not the corporation that makes it.
You're conflating two different things - AMD's Platform Security Processor (PSP) and Platform Secure Boot (PSB). PSP is broadly equivalent to Intel's ME, but lives on the CPU package rather than in the chipset. PSB is equivalent to Intel's Boot Guard, a feature that verifies that the system firmware has a valid signature before letting the CPU boot it.
Both Boot Guard and PSB prevent you from modifying the system firmware (and, say, putting Coreboot on there), but because Boot Guard is implemented in the ME, and because the ME is in the chipset, not the CPU, you can take CPUs out of Intel-based systems and transfer them to somewhere else. If you do the same with a PSB-fused AMD, the firmware on the new board won't be signed with the same key and it'll refuse to boot.
None of this technology provides any real way to prevent you from booting Linux. If vendors wanted to do that, they could already just ship firmware that only supported the Windows signing key and didn't let users enroll new keys. They don't need PSP, ME, Boot Guard or PSB to do that.
You said it: it prevents you from booting a custom firmware. If the manufacturer decides to lock down the stock firmware for only booting Windows (something that is not absurd and some manufacturers already attempted in the past, and keep in mind that Microsoft is requiring TPM and secure boot with Windows 11) you are basically screwed. You can't boot Linux with the stock firmware and you can't change the system firmware.
And given that is firmware, it's worse than that: the manufacturer can with a firmware update remove (that you can't downgrade thanks to all this security bullshit) the possibility to disable secure boot and revoke the keys used by Linux distributions. Reason why I tend to never update the firmware of computers (as to me the firmware is just a bootloader to GRUB that then boots the operating system).
The real thing is, we don't need this kind of security. We don't need ME, PSP, PSB, TPM, and all kind of bullshit. I've never herd of an attack in real life that exploits the boot process. When 99% of computers runs Windows that is full of security vulnerabilities, and nearly half of them even a no longer supported version of Windows, the other half a non updated version because updates are a waste of time.
A computer that requires the firmware to be replaced to boot Linux is already at the point where 99% of users are just not going to install Linux (I've personally ported Coreboot to two of my laptops, and even I would never buy hardware that required me to do that before I could run Linux).
And, well, you may well have never heard of attacks that would be mitigated by these technologies, but I have. Firmware-based attacks have existed for over a decade, and the Hacking Team leak included a firmware implant targeted at some ThinkPads. Do I think most users need to worry about this? No, I don't, and I don't know that there's enough people who do need to worry about this that it should be the default (I have thoughts on this, I'll write them up later this evening). But to deny that some people do need to worry about this is just inaccurate.
And Microsoft has required secure boot and TPMs on all certified client systems since Windows 8.1. Almost all shipped hardware already has all this functionality. If Microsoft had any interest in being evil here, they've had the opportunity to do so for years.
Anyway! Even if you can't replace the firmware, the secure boot database is in an unprotected variable store, so you can just replace it even if PSB is enabled. You're welcome.
Ok, as promised, I wrote up my thoughts at https://mjg59.dreamwidth.org/58424.html . I think with a few small tweaks Boot Guard could be turned into something that offered the same security benefits without being as user-hostile. PSB may require more work in this respect, but it should be technically possible to achieve the same outcome.
> And, well, you may well have never heard of attacks that would be mitigated by these technologies, but I have. Firmware-based attacks have existed for over a decade
This is a pure cash grab by Lenovo and AMD, not about mitigating attacks.
If this were about platform security for the benefit of the owner, it would not be permanent, nor enabled by default. All this does is create more e-waste and nuke resale value for Lenovo systems and Ryzen CPUs.
Lenovo has been increasingly slimy for years now (I guess everyone forgets that they've been caught distributing spyware in their products multiple times?) and this is just yet another stop on the road.
If it's not permanent then it doesn't work - any plausible mechanism for allowing it to be disabled can be triggered by whoever's replacing your firmware (which makes AMD's approach somewhat bewildering here, given that you can just replace the CPU). But yes, I agree that enabling it by default is probably the wrong approach here.
> The real thing is, we don't need this kind of security
This is a real argument. While it might make sense for cloud computing for the client to verify system integrity, malware that modifies firmware is not the largest blip on the radar in these times. A good protection is actually the numerous different manufacturers.
I agree, these technologies aren't primarily for security, they are to enforce how devices are used.
It's not the largest, but against advanced targets who have a chance of detecting other attack vectors, it's a realistic threat. "We don't need this kind of security" is probably true for specific (and even broad) definitions of "we", but it's not universally true and it's not an argument for the technology not existing. Like I said elsewhere, I'm not convinced that the way it's currently being deployed provides anywhere near enough extra security to justify the loss of owner control, but we shouldn't conclude that it means this technology has no legitimate use cases.
> If you're a journalist or an activist dealing with governments that have a track record of targeting people like you, it should probably be part of your threat model.
But considering what we know about the NSA, at least Intel's Management Engine is likely backdoored. So any anti-USA journalist/activist has probably to worry about that too. And an even bigger threat is industrial and diplomatic espionage of non-USA companies and countries using these processors.
(Also could be extrapolated to other countries' secret agencies for potential Huawei, Russian processors, if those ever get popular, like Huawei's control over EU's telecommunications.)
With we don't need that kind of security I was talking about average home computer user (the one for which the personal computer was created!) that buys a computer to use it for normal everyday tasks.
There are situations where that kind of security is required, of course, but they are not something that you should worry about if you use the computer to watch YouTube videos and thus I don't think that makes any sense at all to be present on a consumer PC.
Then I believe it prudent to make such security optional. But enforcing secure boot to me is currently a Microsoft DRM feature, despite the otherwise sensible security consideration that went into the development of it.
Especially if you extend features like remote attestation, it is more about user control than user security.
> RISCV architecture (a free architecture that doesn't include that shit)
Surely you can't think the architecture itself is the differentiator. x86 didn't have all of this security 20 years ago, give engineers a few years of time to throw some locks on a risc-v chip and it'll be Enterprise Ready™ in no time.
With the (already?) expiration of x86 patents, I'd love to see a "pure" x86 implementation without any of the user-hostile crap, and see how far the community can take it; but sadly, the RISC bandwagon is diverting attention away from that.
A CPU without the user-hostile features but still able to run the massive existing software base would be ideal.
Not even amd/nvidia have their own fab at this point so it is probably safe to say you wouldn't need one for that either. You'd still need tons of cash of course but not quite as much.
The existing fabs (TSMC, Samsung, GF etc and possibly even Intel under their new strategy) would probably make the chips you designed, if you pay for enough volume that is.
Would be too difficult to implement. x86 is a very big instruction that is impossible to implement with an hardware: both Intel and AMD processors in fact run inside a virtual machine that translates x86 instructions in an internal RISC instruction set that is manageable by the real CPU architecture. If Apple decided to move away from x86 and go to ARM to have their processor, and we are talking about one of the biggest companies, I don't think any community project will ever succeed in doing another x86 compatible CPU.
On the other side RISCV instruction set is far simpler, being a RISC instruction set it decides to not have advanced optimizations in the processor (even better, none at all) and leave the optimization work to the compiler, that not only simplifies the processor, but also reduces the surface of attack of the processor (Meltown, Spectre, and all these attacks are just impossible on RISCV!). Of course that has a performance penalty, but since you simplify the processor you can just put more core in the saved space right?
I'm not sure if you're being satirical, but open source x86 cores do exist --- they're around a 486 in terms of compatibility. Look up ao486 for example.
What I'm referring to is the expiration of patents from the P6 era, which would mean all the uop-based stuff is now free to implement.
What a lot of the RISC hype doesn't understand is the huge value in backwards compatibility --- you can have your "100% free" world but it'll forever remain niche. We need to accommodate the proprietary world if we want any chance of freedom winning; and not try to divide the world of computing.
>I'm not sure if you're being satirical, but open source x86 cores do exist --- they're around a 486 in terms of compatibility.
And they will stay at that level, is the parent's point, which is 25+ years before today and thus affordable to clone and fabricate. It's not about 486 or for that matter 8086 beinh difficult...
RISC-V is not immune to Spectre and Meltdown because these are implementation vulnerabilities. Any CPU implementation that uses out-of-order and speculative execution has to constantly worry about introducing these holes.
The good news is the main manufacturers of RISC-V are Chinese vendors that allow complete access to low level processor details. They generally don't lock down their products at all.
At this point, their government has completely undermined foreign confidence in their semiconductor industry. I would be careful to avoid any processors from there, because the chance that it contains a backdoor is just too great to risk. Even if that is only a perceived risk and not a real one. American propaganda in recent years clearly set out to reach this new status quo, and it’s probably all smoke and little to no fire. But it worked. There are enough examples of China screwing over foreign companies to prove the risk could be real no matter your size (e.g. ARM China).
I still cannot understand why the US and other countries with high tech allowed themselves to become so absolutely dependent on China.
When their own companies killed of local manufacturing and went to China out of greed and increased profits then governments should have stepped in on strategic grounds, so why didn't they?
It was obvious to me some 25 years ago and I've no monopoly on this insight so they must have been well aware that this would happen. In essence, these countries have been shooting themselves in the feet for decades.
The question is why.
Edit: I can remember the time when the US military required certain components, chips etc. to be able to be second-sourced from multiple manufacturers before they were incorporated into equipment. Does anyone else remember this?
Clearly governments, not only the US, have been aware of the problem for many decades and have chosen to do nothing about it. Moreover, what brought them to abandon this once good policy in the first instance?
RISCV is an open architecture. If a manufacturer does that, simply don't buy the processor from that manufacturer and buy it from another. All your software will still be compatible since it's the same architecture.
Otherwise with x86 is more complex: you can choose between Intel and AMD (that has bought the license for the x86 instruction set - not something cheap to get), and both of them had their backdoor processor inside the computer (at least on Intel there are ways to disable it, as far as I know with AMD is more difficult if not impossible to do).
Assuming that the software is all available from source and can be recompiled.
Only the base RISC V is guaranteed thanks extensions.
Also you are forgetting that just like Android and ARM, there are other forces at play that don't make it as easy in practice as FOSS advocates wish for.
> Assuming that the software is all available from source and can be recompiled.
I remembered hearing that same line when I bought a Raspberry Pi in 2012. "It's useless! You can't run x86 software on it, so what's the point?"
Flash-forwards a decade and now Graviton instances are blowing up like nothing else in the industry. RISC-V is in a very similar position to ARM 10 years ago; the groundwork has been laid, standards have been ratified and base packages/several kernels work perfectly fine on it. The only difference is that ARM is more expensive to license and is less flexible.
> Only the base RISC V is guaranteed thanks extensions.
Yeah. Is that a problem? The situation on ARM is equally bad if not worse (frequent iterations end up throwing even relatively recent CPU models under the bus), and the reason why RISC-V divided itself into extensions is so that you didn't have to start from scratch when John RISC decides to add in 3 new floating point instructions. It's a pretty damn good compromise if you ask me, and it certainly doesn't have any bearing on software availability; RISC-V programs run on RISC-V processors. ARM does not have that same liberty.
There are plenty of genuine constraints for RISC-V (the majority of them in the manufacturing/mass production side of things, now), but the majority of these software issues have been solved and taped out years ago.
With emulation one can always run one archicture in another one, there is nothing scientific about it, provided there is enough knowledge about the source architecture.
I'm a little baffled how "licenses" for instruction sets became a thing. Old CPUs, anyone could clone them or write emulators for them. There's nothing particularly novel about an instruction set encoding, even if you have defined thousands of instructions, and the idea that they're worthy of patent protection (or whatever) is absurd.
Trusted computing environments only hurt 1% of the users anyways.
We live in a world where people talk about Thinkpads vs Macbook Pros, but for 99% of the world laptops are appliances they buy like we'd buy a toaster.
They don't care that they can't run Linux, if anything onerous code signing requirements ala mobile devices would be great for the safety of their devices with minimal effects on what they can do.
-
I'm not saying I want the market for power users to die, I'm one of them after all, but I also feel like these conversations on HN are often disconnected from the reality most people live in...
This isn't really a "they don't know better so they don't complain", this is a "even if they knew better they wouldn't complain"
The hypothetical homogeneous group 'they' you refer to doesn't exist. It's billions of people and 'they' feel many ways. By painting with a common brush, you shut down discussions of what could be and encourage fence sitters to give up. Let's talk about why it's possible, easy to do, and how to do it.
The more fence sitters you convince that things are possible, pushes the fence further and further towards the other side.
Exactly the parent commercial it's point: market segments /can/ and do change sizes and their proportional relations. And more people are beginning to understand the importance of security for privacy in a world that is increasingly digital and dependent on information technology.
Yes, several of these companies have come out of nowhere in the past decade and are now making low single digit millions in revenue. Huge growth, yes, but also, still a rounding error as far as the whole market is concerned.
I am saying that the market for people who care about these types of things is objectively niche. Large manufacturers build what they build because they fund the research to know what to build. And they are successful at selling them because they were correct.
There might be billions of people buying computers, but the set that has any opinion on boot code signing requirements is not large enough to cause any significant impact on the market as a whole.
There are companies that cater to these niche markets, like Pine/Framework/System76/Purism. They are tiny. Dell sells more computers in a single contract than all of these other companies have sold over their entire existence combined.
True. However, sometimes large buyers, such as governments or enterprises, change their policies towards purchasing requirements. For example, since 2013 France has had an Inter-Ministry Foundation of Free Software[0], which provides the preferred software to be used across France's government, as French law requires preference be given to free software (logiciel libre).
What impact might occur if a government like France were to require in the future only RISC V architectures with free boot loaders, of if the US government or a large corporation required use of measured boot to see at boot-time if the boot code or subsequent OS had been compromised?
With persistent threat actors and the falling price of processing power, I wouldn't be surprised if in the next ten years some larger organizations (or tens of thousands of small businesses) start demanding this kind if IT security from their vendors.
This is very feel good but falls short of making an actual point.
> The hypothetical homogeneous group 'they' you refer to doesn't exist
They do exist. Making wrong statements with conviction doesn't make it true.
You can look Chromebook sales figures, you can look at the best selling laptops at major retailers, you can look at what's driving record laptop sales, look at price points that are soaring, look at the mobile space...
-
> It's billions of people and 'they' feel many ways.
Which is why we draw conclusions based on a large sample size like I did above. You're never going to be able to consider billions of points of view, so yes, you need to try and find the common thread in their preferences and usages.
-
> By painting with a common brush, you shut down discussions of what could be and encourage fence sitters to give up.
No, by painting with a common brush, you can have actual useful discussions about the reality of things, rather than espousing your own personal whims.
-
> Let's talk about why it's possible, easy to do, and how to do it.
a) Where did my comment say it's impossible?
b) It's not easy to do or it wouldn't have existed in the first place. The whole point of my comment is saying that you need to figure out how to do it taking the current reality of things into context.
If the world thought how HN does we'd already have bills banning IME and PSB. So it doesn't. You can't pretend that people actually are a little nudge away from caring about this, or you'll quickly find that you're wrong and nothing will have actually changed.
-
> The more fence sitters you convince that things are possible, pushes the fence further and further towards the other side.
Again, what you could do if you believed that fence sitters were some large portion of laptop buyers is do what I've done, show some indications of this. Show us how niche efforts aimed at power users aren't the only rumblings about how awful locked down computing is.
What you're doing is still painting a group with a large brush, except you're not even showing us where you got the paint.
Huh? I like your ideas, but I'm not painting. I'm saying "don't paint". If you think of it like a nice dividing line through the people who think stuff can change and the people who don't, the folks on the line are 'on the fence'. You see? If you can convince a few of them (not large swathes of them, just a few), then the line shifts. If we all do that, we can change a lot of minds for good!
You get what I mean? So yeah, my recommendation is that we all talk like things are easy to make better, instead of saying, "too late its all over" because you'll encourage more people to try which I assume you agree is a good thing but if not, I guess to each their own.
I'm saying you're painting though, and I'm saying you can't talk like things are easy to get better and have a meaningful conversation.
Instead of trying to act like most people will ever care about locked bootloaders and PSB style co-processors, why don't we accept that they don't, they won't, and see what can happen from there?
An example of that is looking at it from a national security perspective. If you can paint it as a vulnerability to the tech industry you could see movement without the sisyphean task of convincing people that this stuff matters in their day-to-day lives
You are supposing that people would only use total control of a platform to forbid things almost nobody wants to do. This seems rather a waste. It's like being superman and using the ability to fly to get to business meetings slightly faster.
One would suppose instead that the logical thing to do is create financial opportunities that wouldn't otherwise exist by restricting what you can do without allowing them to insert themselves in the revenue stream.
I recall a long junked verizon phone I owned before android was a thing that could only ever be used with verizon. Despite paying for the phone in full including its GPS because Verizon had full control of the platform the only way to actually use the GPS was to pay Verizon $10 per month for navigation.
An environment where I could repurpose my existing phone instead of buying a new one when I switched carriers, where I could keep my phone number even, or one in which actually using the GPS didn't cost as much over time as the entire phone didn't exist but if you asked me at the time if I would like to live in our present universe or one which those restrictions remained the norm I should easily be able to answer.
I'm Joe, the guy who made takejohndown.com. Thanks for defending me on that other post, I saw a bunch of traffic from hackernews, surprised the post somebody was made was deleted, but then again I've been banned from the /r/NYC sub now just for posting a link. You won't believe how toxic it is there: https://www.reddit.com/r/nyc/comments/s5nvz0/my_landlord_doe...
I am sympathetic but if you inject it into every thread you will probably get banned and unfortunately it will be correct to do so.
Hacker news is about aggregating interesting things to read not a collection of grievances. For example this thread is about tech and if half of it was random grievances it would be a shitty website. Asking someone if they sympathize with your issue and asking them if you can paint it on the side of their house will get you two very different answers.
You and other tenants need to get together and either sue or more broadly look at how misdeeds by landlords are handled in your city and or state.
This is why we need government intervention. If laws dictated that computing equipment etc. sold to the GP couldn't have 'locks' on them then these problems would instantly disappear.
Such laws can be easily be justified on grounds of (a) stopping monopolistic practices (anti-monopoly laws), and (b) minimizing e-waste.
This won't happen unless there's pressure on government like there has been over the right to repair from the Right to Repair movement. In fact such pressure could come from an extension of the group's current activities.
You're not wrong, but what's the motivation? With x86, backdoors and coprocessors were able to be added because both AMD and Intel were pretty much the only players in the ISA. Since they were effectively the only license-holders (and American multinational companies at that), the government had no problem forcing them to both add IME/PSP.
With RISC-V, there is pretty much no such obligation. It's an open spec, there is no licensing fee and there isn't an obligation to add hardware susceptibilities. Chinese companies will (and are) manufacture chips like this at the lowest cost possible, likely eschewing any black-box m53s running Minix that you'd find on an American CPU. It also opens the possibility for more bespoke chip designs (as it's a modular ISA), and hopefully dividing the market between security-conscious products and consumer ones will stop all devices from being digitally wiretapped.
It's all speculation right now, but it's highly unlikely that RISC-V will be pozzed in the same way x86 or even modern ARM clusters are. There's too much competition, too much money to be made, and too few incentives. Suffice to say, you're probably going to hear the three-letter agencies complaining about "unsafe Chinese chips" soon or something equally stupid.
> ...the government had no problem forcing them to both add IME/PSP.
This is a false narrative, these management engines were added because large (corporate) customers of the major CPU vendors asked for them. Enterprise IT shops love stuff like this, anything to help them tame the unruly beast of asset inventory and management. This is the same reason things like iLO and DRAC exist, and they have all of the same types of bugs for the same core reason.
Not only does the government not want management engines, the ability to turn them off using HAP is courtesy of the US government (namely the NSA!) asking for a feature to disable it.
The main problem here is that the truth is boring, and the conspiracy theory sounds much more interesting.
Why are management engines not delegated to professional/enterprise machines only then? Seems like an awful lot of money to waste putting specialized hardware into every machine you ship if only a fraction of the users will actually ever take advantage of it.
Because around the same time as intel started to experiment more with the AMT stuff, the complexity level of actually starting up the CPU and keeping it running had grown to the point where having an extra controller to help it run was found useful.
Another reason is that ME (and PSP) are used to assert "security" of "Protected Media Path", which is part of streaming services DRM.
It's not the only way to do it, sure, but there's a reason why IBM POWER designs have approximately 2.1x amount of cores that is stated in the spec - pretty much every core has a smaller, simpler one dedicated to keeping the big one running without melting and helping transition to low-power states and back, and there are at least two more cores whose only job is handling some of the early loading of code from flash. Part of why they have those cores is that since POWER8 there was a shift towards more standalone operation without external controller chip (and POWER9 even describes such boot process in manual). For comparison, traditionally the FSP (aka BMC) on IBM POWER systems initialized all of hardware before the CPU would execute first instruction, puppeting the CPU buses through debug interface.
economy of scale. Cheaper by volume and priced on utilization.
There was a time when HP sold servers that could be up to say, 8 cores but only two were on by default and you cloud license the rest. It was cheaper to shop the hardware and software gate it rather than limit it and have a process in the middle.
Why does Intel, a company known for its extensive price discrimination (see ECC memory support, hardware virtualization, FPU support in the 90s) still put ME in all of its consumer CPUs when it’s only useful for the enterprise market?
Economy of scale. The ME isn't just a management tool but is also used to help initialize the CPU. No reason to write a whole custom way of doing that instead of reusing the same technology.
Also, customer CPUs are often (due to binning) rebranded Enterprise CPUs that were rejected (or just not purchased) for whatever reason, or vice versa. Easier to build ME on them all and configure it later.
Your ECC memory? It's something Intel just flips on or off depending on how they want to sell the chip - many Core i7s and i9s have it on-die but you can't use it. That's because it might be useful on a Xeon Platinum equivalent.
> As others have pointed out the ISA has nothing to do with this. Intel could start building RISC-V CPUs with ME type technology tomorrow.
From a purely technical standpoint, I agree (and wouldn't put it past Intel either). My argument is that having an open ISA makes it easier for manufacturers to compete with each other, which in turn makes it harder for interested parties to pin down every CPU manufacturer and punch holes in their individual designs.
> Sure you're open to buy RISC-V CPUs from China but how are you going to be certain that they have no backdoors?
Pragmatically, you can't. My point though was more that open ISAs give us options to buy hardware that doesn't get designed domestically, which is the main enabler for companies like AMD, Intel and Apple, and moreover, the government. If one chip is confirmed to be vulnerable in some way, you'll have legitimate competitors to choose from.
You're conflating so many different factors here: openness of architecture, diversity of design / manufacturing, market needs in different sectors etc - all of which influence what features are built into CPUs / SoCs.
There seems to be a bit of a consistent thread running through lots of discussions that RISC-V because its 'open' magically solves all sorts of problems - it does have some advantages - but it doesn't solve these issues any more than Arm does (and Arm already has massive diversity of supply and billions of CPUs shipped without ME type issues).
The motivation for other manufacturers is exactly same as the motivation for AMD to do this. To make more money by controlling resale markets. RISC-V wouldn't change any of those dynamics.
Also it's not like there aren't legitimate uses for it. My workplace started taking advantage of it to help with remote management of all of our machines. It's useful to have another way in that doesn't rely on the OS being in a good state or even for the machine to be fully powered on.
It won't be considered malware because techbros have embraced Apples closed down systems and Microsoft and every other player is just getting up to date. This ship has sailed long time ago.
I find it funny, how software, bugs, and possibly malicious intents are considered way differently than the same thing in practically any other industry.
You buy a Toyota, they screw up the floormats, causing a potentially dangerous situation, millions of cars recalled, issue fixed. Volkswagen knows about an intentional 'screwup' (the exhaust cheating), they get caught, class actions, people return cars, get monetary compensation, etc.
You buy an Intel, after Intel knows about a screwup... whoops... here's a software fix that cripples your cpus performance. Whoops, didnt fix everything, disable hyperthreading. Money back? Nope. Any other kind of compensation? Nope.
Same with software.. they put an EULA there, and they're somehow not responsible for anything anymore.
Here, you might lose a functionality that made you buy that computer in the first place, and "whoops".
The key differences are probably the "dangerous situation" and the "class action". Probably no one is going to die if they can't resell their CPU or install Linux on their laptop.
And regardless, for a class action suit there'd have to be a class, and as usual the vast majority of people buying Lenovo are not aware of this, wouldn't care if they did, or actually consider it a feature; this article is about some Lenovo machines that I think are sold primarily to businesses who would probably like it if the machine couldn't have end users overwrite the OS or fiddle with the hardware.
>>It's a second processor that runs a proprietary firmware signed by the vendor (that the user cannot modify or substitute entirely with a FLOSS alternative) that vendors can use do harm to the user.
This is EXACTLY what all the major handsets/cellphones have had in them for a very long time.
Carriers required certain side/backdoors into the devices.. which was really a tunnel for LEO/State...
I mean for that matter you can have a RISC-V core with an open source boot ROM that refuses to boot anything but Windows (pretend for a moment they deign to do a RISC-V build).
> Unfortunately both for Intel and AMD you don't have choices these days. I'm hoping someone develops a processor based on the RISCV architecture (a free architecture that doesn't include that shit) to be used in a computer entirely under the control of the user (hardware and software) and not the corporation that makes it.
That exists for the POWER architecture, but unfortunately those cpus are way behind x86 in speed and efficency, at least so far. I expect RISCV will be the same way for quite some time. Maybe someday...
Is this actually true? openSUSE is supplied with a shim bootloader apparently signed with Microsoft's keys, allowing the OS to boot on any machine with Secure Boot enabled.
Windows is signed with different keys to all other third party UEFI code, so in theory you could ship a system that trusted Windows but not anything else. "Anything else" would include the option ROMs on GPUs, so you'd never be able to plug in a new Nvidia, but if that's a price you're willing to pay you could definitely block Linux today.
The code is not malicious please do not call it malware. Your computer already has dozens of other chips running proprietary software on them. It's just a normal part of PC components except since a CPU doesn't have a board the chip is built right in.
Not sure about every single piece of software, but what do you call closed source relatively hidden software in hardware that grants you full access with empty password, running on unaccountable number of computers for many years ?
First, the security argument is nonsense in my opinion.
This "feature" only prevents an attacker from flashing a modified, malicious BIOS on to the server.
But: If an attacker manages to flash a new BIOS to your server, you're already lost. That either requires physical access (which is bad), or access to the OOB / BMC / IPMI (which is equally bad, because those usually have a remote KVM feature, so you could e.g. boot the OS into recovery mode)
It does not prevent any other attacks, because you could still swap out the CPU. The servers usually just quietly burn the CPUs, so you wouldn't notice if the CPUs were replaced by an attacker.
Second, this produces a lot of unnecessary e-waste. About 99% of all hardware (except HDDS) from datacenters is sold on the second hand market.
Locked CPUs are essentially worthlese, especially if buyers or sellers don't know and throw the CPU away because they think it's defective.
Third, this opens up a MASSIVE attack surface.
Imagine if somebody finds a bug im the PSP (Platform Security Processor, a CPU inside the CPU that handles the locking thing amon g other things) and is able to burn arbitrary keys into the CPU.
The attacker would randomly generate a key and burn them into the CPU.
You could permanently kill an entire datacenter with that within seconds.
Or if somebody manages to write a malicious BIOS version and flash it to servers which usually don't have a locked BIOS. This BIOS version would also burn a random key into the CPU with the same result:
You can easily permanently destroy an entire datacenter.
I think this is just AMD's greediness again in the cloak of "improving security"
> But: If an attacker manages to flash a new BIOS to your server, you're already lost. That either requires physical access (which is bad), or access to the OOB / BMC / IPMI (which is equally bad, because those usually have a remote KVM feature, so you could e.g. boot the OS into recovery mode)
BIOS flashing from the OS has been a thing for a long, long time now. Heck my XPS 13 running Linux even gets BIOS updates from apt-get.
> About 99% of all hardware (except HDDS) from datacenters is sold on the second hand market. Locked CPUs are essentially worthlese, especially if buyers or sellers don't know and throw the CPU away because they think it's defective.
And 99% of that hardware is sold together as a unit. It will hamper repair efforts, as the CPU & motherboard are now effectively a single unit, but it does not effectively kill or even significantly harm the second hand market.
> I think this is just AMD's greediness again in the cloak of "improving security"
Intel has this same feature. This almost certainly wasn't done by AMD's "greediness" but rather because major customers, like Lenovo, demanded it. And even as a "greed" argument it's a pretty flimsy one. Nobody is running a datacenter on second-hand hardware anyway, there's no market to cripple there.
> BIOS flashing from the OS has been a thing for a long, long time now. Heck my XPS 13 running Linux even gets BIOS updates from apt-get.
UEFI capsule updates are triggered by the OS, but don't occur in the OS. The updates are copied to the EFI system partition, and on next reboot the firmware is triggered to apply them. The flashing process involves the firmware verifying a signature on the image before applying it. The reason for this is that the firmware flash is locked down at runtime, and most of it can't be written to outside System Management Mode. Halting the entire OS for long enough to flash the firmware isn't realistic, so it makes more sense to do it in the firmware environment instead. In any case, the net effect is that while, yes, you trigger the update from the OS, the OS itself is unable to directly modify the firmware, and if you try to flash a modified image via the capsule update mechanism the firmware will reject it for having an invalid signature.
> BIOS flashing from the OS has been a thing for a long, long time now. Heck my XPS 13 running Linux even gets BIOS updates from apt-get.
Yes, I forgot to add that point. It's also just as bad as the other options, because it means that the attacker has gained root access.
Using the vendor locking as a method to remedy this issue (an attacker being able to compromise a servers' BIOS or BMC) is basically just fighting the symptoms, not the root cause (which is that inband updates from the OS for BIOS and BMC are generally a bad idea)
> And 99% of that hardware is sold together as a unit. It will hamper repair efforts, as the CPU & motherboard are now effectively a single unit, but it does not effectively kill or even significantly harm the second hand market.
This is generally not true. 90% of the hardware is sold separately, servers are mostly sold as barebones and CPUs without servers. Some vendors offer custom configurable servers and I know from many that they make the majority of their sales from barebones or single CPUs, not configured or assembled systems.
> Nobody is running a datacenter on second-hand hardware anyway, there's no market to cripple there.
Not hyperscalers, no. But many SMEs / SMBs buy refurbished hardware and running their datacenters on refurbished hardware.
With your argument, we could as well say "just toss all server hardware in the bin once it has been decommissioned" which is obviously nonsense, because if there wasn't demand for refurbished server hardware, there wouldn't be a such a big market in the first place.
You can assume that at least 95% of decommissioned server hardware (except HDDs, still too many of them are shredded) gets a second or third life.
No you can't. AMD builds the TPM in to the CPU, with AMD's encrypted memory feature (SEV), in theory you do not have to trust the data center an all.
The CPU boots, loads a verified firmware using PSB, initializes a safe environment in SEV, your entire boot procedure and data is encrypted and safe using FDE and SEV keys stored in the TPM using PCR's.
> You could permanently kill an entire datacenter with that within seconds
Damn I bet someone perhaps a state player or a well financed group is able to do this, can't wait to see this happen...But how does anyone burn it remotely?
Good analysis. My question is wouldn't it be both more secure and more user friendly to burn the BIOS signing public keys into the motherboard chipset instead of the CPU?
Most people here don't seem to understand the entire point of this is to stop hardware tampering.
The goal of AMD's SEV and other features is that the only way to compromise the system is to tamper the wires between the CPU die and the IO die, that all data going outside the CPU die is encrypted, an extra hardware TPM chip module let you MITM the keys being sent to the CPU, having the keys stored in the CPU using fTPM, and never plaintext / keys leave or enter the CPU via PCIe or memory bus.
the "chipset" is literally just a PCIe/USB multiplexer these days, the CPU has no access to external hardware until after the firmware has loaded, the firmware has routines for turning on the memory and memory controller, PCIe etc, I don't think people understand just how utterly useless the CPU is without the firmware.
This is basically what Google Titan does. Most vendors don't want to add an additional root of trust chip (and I'm not sure there are any good ones available to buy).
> An OEM who trusts only their own cryptographically signed BIOS code to run on their platforms will use a PSB enabled motherboard and set one-time-programmable fuses in the processor to bind the processor to the OEM’s firmware code signing key. AMD processors are shipped unlocked from the factory, and can initially be used with any OEM’s motherboard. But once they are used with a motherboard with PSB enabled, the security fuses will be set, and from that point on, that processor can only be used with motherboards that use the same code signing key.
Basically, the CPU once in that mode will only work with the same signing key, and cannot be put on a motherboard from another brand (or potentially another model from the same manufacturer).
> OEM who trusts only their own cryptographically signed BIOS code to run on their platforms
It's not their platform after they sell it. We should resist this trend of referring to items as still belonging to their manufacturers, legitimizing their control over them, while we are reduced to mere users, paying for items but not owning them. Let's see how it sounds:
> An OEM who wants to restrict their customers from selling their CPU, or buying one second-hand, will use a PSB enabled..
It is the OEM's product. They are selling the BIOS, motherboard, and CPU as a single unit, along with a bunch of other stuff. If you wanted individual pieces, then buy individual pieces. Why are you even shopping for these products if you had any intention of ever dealing with in-socket CPU upgrades or parting it out second hand?
Most of us aren't merchants we as a society aren't obliged to let you do business save on our terms. If they think they can get more favorable terms elsewhere they can very well sell locked down elsewhere. This is a trend we ought to have shut down 20 years ago and we should darn well shut down now.
There's precedent that they can't do this. If you buy it intending to piece it out and you can't and this was not explained to you, whoever you bought it from or AMD is liable for damages.
A much nicer solution would be a move the static root of trust off the CPU package. The motherboard’s EC could easily verify a BIOS signature before allowing boot with no CPU involvement whatsoever.
I think part of the motivation here is tying it in with the PSP and having the root of trust be the processor and not processor for some stuff and motherboard for others. For PSP related stuff it does make sense to centralize on AMD rather than having every vendor have their own implementation of some platform security standard. It's dumb to let motherboards effectively brick a CPU but there reasonably could be a way to have the root of trust on the CPU and extend that to firmware signatures so you could remotely attest BIOS versions, etc.
I've mentioned this elsewhere but they could have just added some way of writing this signature out of band or allow bypassing it via a solder bridge on the top of the package like how SPD works on memory but require a separate interface for writing to it. Requiring a $10 I2C to USB adapter to change the key is not that onerous and it would be simple enough for OEMs to flash whatever they wanted on it and it could still be cleared for resale. For protecting against an APT doing shipment interdiction attacks quite frankly that sounds like a bunch of B.S. as all locking the key on the processor does is require the processor to be swapped out during an attack as well. If someone is going through the effort to intercept hardware in transit to flash custom malicious firmware on it, the cost of swapping the processor as well is not that extreme.
If they're going to keep the strategy of blowing fuses on the CPU die then AMD should be the ones doing it and they should make a vendor specific SKU so that trying to figure out if a CPU is vendor locked or not isn't such a minefield.
As far as I know, Intel does exactly that (or at least allows vendors to do that, I think HP does that)
IIRC, in Intel's case, the chipset has the vendor keys burned into it. This is not an issue, as the chipset is not a part you would remove from the board and use elsewhere.
Intel’s or AMD’s assistance is not needed at all. There is a rather boring flash chip connected by SPI to the CPU and/or PCH. One could interpose a microcontroller that verifies whatever it pleases on that SPI link.
That’s the approach used by the Apple T2. On the Intel side, it’s the chipset soldered on the motherboard which does that verification, so CPU swapping isn’t affected.
> or potentially another model from the same manufacturer
This would allow an OEM/ODM to segment their offerings by having two or more sets of signing keys. "Oh sorry, that CPU only works in our entry-level offerings. You will need our enterprise-certified AMD CPU for your large server." "But it's the same socket!"
Notably this seems to happen to CPUs that you might purchase yourself, which seems like a huge liability. If you somehow burn a $1000 CPU on a shitty mobo I can't see most people eating that.
My first thought was, is it really a big deal to do that to your laptop's cpu? Then I saw that they're doing this to desktops. My next thought was, people buy pre-built desktops still?
Still really concerning to see Lenovo make boneheaded moves like this when they've had one of the better track records for manufacturers.
> My next thought was, people buy pre-built desktops still?
If you are enthusiast and need a one or two desktops, then probably not. If you need to procure several hundred of them every few months, then probably yes.
What this definitely will do is to affect the market price of these desktops once the lease (or depreciation time) runs out and owner will try to unload them on second hand market.
Thanks for the explanation, this is what I suspected but it wasn't made clear by the hysteria of the video because I really don't see the problem here.
Most computers end up on the dump as one unit anyways. I've built a few computers in my time but never used an old CPU from one.
And especially not one with that form factor that I probably buy as a wardrobe homelab purpose. I'd compare it to my Asus PN50 that does have a later model Ryzen so it might just make use of this PSB.
Sure it sets an interesting precedent but then again a lot of CPUs in the business are welded to their boards.
And this conspiracy theory of this being like Intel ME, or being used maliciously, is just an exciting answer to what probably has a much simpler explanation, like maybe this is vendor locking their product just like Microsoft Windows has been doing for decades.
> I've built a few computers in my time but never used an old CPU from one.
I've routinely upgraded drives, graphics cards and memory to give an older system a new lease on life. Usually they're good for a couple of years after that. Essentially the only things remaining where motherboard, CPU and the power supply.
How is it not illegal to do this without at least first ASKING the user for confirmation? I'd be annoyed but find it 'merely anti-consumer' rather than 'intentional destruction of property' if the BIOS refused to finish POST without the user confirming that yes, they want to sacrifice this CPU and make it (p)owned by $CORP.
Because this is on the marketing page or spec sheet that you see before you buy the product, thus it being bound to $manufacturer's board is a feature. It's the same reason Apple execs haven't been thrown in jail for selling iPhones that only run iOS.
Thank you for the screencap, I wasn't about to watch a video to discover this.
1) It's WAY WAY too easy for someone to not really read this and just press Y to continue, like load setup defaults.
2) There should _not_ be a way of disabling the prompt (the popup even mentions you can do this.)
3) If ever there were a time for a simple math problem (like multiply two numbers and enter the result) to indicate a user had read and understood the prompt, this is it.
> There should _not_ be a way of disabling the prompt (the popup even mentions you can do this.)
I think you are mistaken. I am presuming that the prompt is suggesting that you can disable the PSB security feature (in which case the prompt doesn’t show, which seems very sensible).
If you buy a Lenovo, then the CPU dies and you replace it with an unlocked retail one, will the motherboard blow the fuses in the new one and lock it too as soon as you power it up?
That needs to be fully determined. If it blew the fuses without prompting then it's likely the owner of the replacement chip could sue for damages (the 'replacement' chip only in the machine to test the faulty mono/CPU argument).
Also, it would be complicated for Lenovo too as warranty and consumer laws in every country are different.
Everyone, thanks for the info, once I had a high opinion of the company but it's been going steadily downhill in recent years. Reckon I'd never buy another PC from them again over this nonsense.
Could it be AMDs doing behind the scenes? I don't see the motivation for Lenovo here but I do see AMD asking vendors to do this to prevent OEM CPUs completing with retail CPUs.
The feature was implemented in 2017 the only vendors that are using it are lenovo and dell. With lenovo being the only one using it on lower tier cpus than epyc.
I imagine its Lenovo asking for lower prices on Chinese market bound CPUs and AMD being super happy killing secondary market after seeing Intel server/workstation CPUs flooding out of Asia.
That's why I said in my initial comment that lenovo is the first vendor that uses it on workstation cpus. ie. Threadripper epyc is very much a server chip.
It's probably both of their fault. Lenovo wouldn't do it unless there was something in it for them. I wouldn't be surprised if they get a better deal from AMD on these CPUs for being locked to a specific board (killing off their ability to be used in the parts reseller market).
That link doesn't explain how it improves security, as all mainboards of the vendor have the same key. All it does is prevent somebody from sneakily replacing the mainboard with a different brand! It would make more sense if the board was bound to the specific CPU (assuming the CPU is the root of trust). But then you could just encase it in some kind of thermal epoxy...
It's obvious that this is supposed to limit the second hand server parts market.
If you read the two pages and you concluded that both AMD with their statement on Page 1 nor servethehome on Page 1 and Page 2 provided any information about how PSB works I can't help you.
Or that commenter read and understood the description of how it works, and failed to see how it increases security in a meaningful way. I also struggle to think of a threat model that this protects against.
I'm a security researcher. PSB as described there is orthogonal to the specific policy of tying the board to a specific CPU key, as you can tell from per CPU keys not being in the hardware root of trust as described by cloudflare. In fact you can swap the CPUs across boards from different ODMs in your most recent citation, since the root is an AMD key that then verifies the off chip ODM cert in flash.
I was pretty sure that I made it clear that the concept under discussion was using a hardware root of trust scheme like PSB to tie a specific CPU to a particular vendor's boards.
As an aside I'm putting a lot of effort into staying civil; I'd appreciate seeing that effort be a bit more reciprocal.
PSB is there to protect you from a compromised motherboard it protects you from malware in your UEFI firmware. It's not even a vendor lock in it's signing key lock in that is used in that manner by AWS, Gcloud and Azure. Compromised UEFI Firmware is a constant point of failure in pentesting of the secure chain of trust. That you as a security researcher are dismissing the fact is honestly just unbelievable.
No, my comment talked about that some believe PSB is only there to destroy the second hand market and I wrote that it is a false statement and PSB actually provides a higher security for servers and you persisted it's not.
> The feature was implemented in 2017 the only vendors that are using it are lenovo and dell. With lenovo being the only one using it on lower tier cpus than epyc.
All of the ODMs use PSB in some way (the PSP won't start without it); it's only Lenovo and Dell that use PSB to tie CPUs to certain boards.
Perhaps not to back-door them, but to ensure when they (the government agencies) buy from Dell that the supply chain is intact and the BIOS hasn't been tampered with during shipping by a foreign agency. Like the NSA did to Cisco routers destined for international customers.
The security processor is a black box. If the nsa wants a back door, could this functionality not be the justification for the security weakness created by installing the security processor?
The motivation from Lenovo's customer perspective is theoretically the customer knows this was the processor intended for the machine by Lenovo and nobody swapped it out in between the Lenovo factory and the customer's hands.
Of course, no system is perfect so it's not a full guarantee and also there's the impact to the secondary market. But if you're an enterprise leasing these machines you don't care about the secondhand market anyways.
> The motivation from Lenovo's customer perspective is theoretically the customer knows this was the processor intended for the machine by Lenovo and nobody swapped it out in between the Lenovo factory and the customer's hands.
Except that it works the other way. You can put a generic retail processor in the machine -- which will then ruin it by locking it to that vendor.
It's been around a decade since Secure Boot first appeared and I remember well the opposition that had, along with a rallying cry based on the infamous Franklin quote. Unfortunately many of the opposition either accepted it or even defected, but the more this "security" stuff appears, the more I like that quote. It's succinct and gets the sentiment across very well.
Secure Boot is really quite separate from AMD PSB and actually does provide protection against certain attacks, no need for the double quotes. It's fortunate, not unfortunate, that we've gone past such irrational opposition to a reasonable extent.
Irrational opposition like that makes it much harder to talk about what's actually important, such as PSB/PSP, without getting lumped together with the tinfoil crowd.
It's most definitely not "irrational opposition". It's the observation that computing systems have slowly become increasingly user-hostile in the name of "security", and the associated rise of authoritarianism.
There's no doubt it "does provide protection against certain attacks", but the thing is WE DON'T CARE. We don't want our freedoms slowly being eroded, we see the edges slowly creeping in, and the best way to do that is to take a strong DO NOT WANT attitude towards any such dubious steps in that direction.
Most people thought Stallman was in "the tinfoil crowd" 20 years ago. Yet his predictions have turned out more correct than not.
It's not "rise of authoritarianism" when your bootloader does a few checks you can disable. Stop with the ridiculous overdramatisations.
> but the thing is WE DON'T CARE
YOU don't care, FTFY.
> Most people thought Stallman was in "the tinfoil crowd" 20 years ago.
Just because some things RMS has said have become true does not mean that other things he has said will. Neither does that truth value carry over to other arguments considered similar.
I'm going to guess when OEMs ship Linux (Dell, Lenovo, System76, etc...) there's no bloatware. No bloatware on Apple except their OS ;-). But yeah, it's shocking. When I bought my laptop (an Acer Swift 3) it was borderline unusable with Windows and the standard install (wasn't even using native resolution, like WTF!?). Thankfully runs perfectly and looks great with Linux (even suspend, fingerprint reader, bluetooth, etc...).
That is actually a good question. I am slowly starting to prepare to purchase a laptop for my wife. Lenovo is basically out based on principle here, but can I realistically convince her to use System76, which seems less bloat-oriented? I honestly don't know. It is not like she needs a powerful machine, but I simply do not want to support a customer-hostile company.
Isn't Lenovo the problem? CPU vendors have to implement a secure enclave somehow to fulfill requirements from the content industry for quite some time now. But there never was a nefarious actor like Lenovo in this case to my knowledge.
I understand from this case that my reasonable course of action is to inform my (non-IT-focused) peers and friends that they should avoid Lenovo by explaining the reason behind it (your device is worth less, since you won't be able to install linux or a Mac Clone!) to them.
locking:
At least some AMD CPUs (EPYC, TR PRO, Ryzen Pro) can have cryptographic keys burned into the silicon by the BIOS (Dell and Lenovo do that)
Once a CPU has those keys burned into it, it is locked to motherboards of this specific vendor, because other motherboards don't have a BIOS that is signed with the cryptographic key that was burned in.
PSB: Platform Security Boot
PSP: Platform Security Processor (a CPU inside the CPU which handles e.g. the key burn in process)
Customers often want to upgrade the processors in their servers.
Someone bought some Dell servers with 32-core processors. They upgrade to 64-core processors and have the old 32-core processors. You'd like to buy them to upgrade your servers which have 16-core processors. Sorry, even though the chips are otherwise completely identical, theirs came from a Dell and you have a Lenovo. But hey, you can buy the processors directly from Lenovo for only three times as much money.
The point of locking the CPU to a specific vendor is to reduce the trusted user base in the cloud.
Currently you have to trust AMD, the Vendor, and the data center with your data.
The goal of verification of the firmware at such a low level is to eliminate tampering by the data center.
Having another feature like SEV (encrypted memory) combined with this lets you create a secure remote box that is fully encrypted at a very early stage in the boot process.
This reduces the chance of a malicious entity at a data center from tamping with the firmware to exfiltrate your keys.
Other people here are just ignorant and think it's being done purely for profit with no benefit to the end user.
By ending the fundamental right of ownership itself, the vendor ensures no one can resell stuff and lower the value of what they "sell". It has little to nothing to do with actual security, but instead pure greed.
So to "protect" us from APTs, they've gone the same way that Intel did with their "Management Engine". In other words, you are pretty much fucked when a nation state uses the secret built-in exploits to pwn your system.
Previously it was limited to EPYC chips (the huge server parts) but it's spread down the stack to Threadripper Pro (high end workstation) chips as well now
While avoiding Chinese-made computer components approaches impossibility the deeper you go, one vendor I'd trust not to fool around with AMD's PSB is System76. Not only are they non-shady, but they also try to open the firmware of the motherboards they use. While their AMD systems aren't quite there yet, the laptops they sell are.
You misunderstood. This is about resale of base components. Go to ebay and look up 2-3 generations old Intel chips - super cheap from China. With this you wont find cheap AMD parts since they will be locked to Lenovo motherboards.
This is not correct.
The locks does happen on the CPU level. If the board cannot provide a BIOS with a valid signature from the key that was burned into the CPU, the CPU will refuse to boot (PSB prevents it from booting)
Ah, you're right, I was reading the suggestions section of TFA as a the system works like this not that it would be nice if it worked liked this. My bad!
Some models sold in Japan by Fujitsu/NEC/Lenovo/Vaio/Panasonic/HP are assembled in Japan. Lenovo acquired NEC and Fujitsu so they share factory. HP is interesting case. Some NEC/Vaio/Panasonic's laptop motherboard is also made in Japan.
Perhaps not in your social bubble, but Lenovo is the world's largest personal computer manufacturer by market share, with just under 25% of the world's computer sales (measured by number of units shipped)
The AMD PSB can also be used to lock down a processor to enforce secure boot and thus don't let you run an unsigned operating system, i.e. no longer allowing you to run Linux on your machine that comes out of the factory with Windows preinstalled. That would be a very very bad thing.
Unfortunately both for Intel and AMD you don't have choices these days. I'm hoping someone develops a processor based on the RISCV architecture (a free architecture that doesn't include that shit) to be used in a computer entirely under the control of the user (hardware and software) and not the corporation that makes it.