:: Re: [DNG] OT: most processors are i…
Top Page
Delete this message
Reply to this message
Author: Alessandro Selli
Date:  
To: dng
Subject: Re: [DNG] OT: most processors are insecure (was Re: Nvidia Drivers)
On Wed, 16 Aug 2017 at 07:59:34 +0200
Narcis Garcia <informatica@???> wrote:

> El 15/08/17 a les 21:33, Simon Hobson ha escrit:
>> Narcis Garcia <informatica@???> wrote:
>>
>>> As Far As I Know, CPU makes what software asks to do.
>>> If software doesn't call some CPU functions, those functions will not
>>> work.
>>
>> Well, maybe, but these days you can't take that on trust. Your OS no
>> longer runs native on the processor - there's EFI as a shim between your
>> code and the processor, hence no guarantees that *ONLY* your code is
>> running. As a side effect, the EFI can permit or deny access to processor
>> functions as well - eg by disabling the virtualisation support features
>> for "entry level" machines. So these days, you can't assume that there
>> isn't any form of backdoor - with hidden code in the EFI, using hidden
>> functions in the CPU, and making backdoor use of the onboard NIC to call
>> out to someone. OK, that's perhaps into "tinfoil hat" territory - but the
>> point is that we can no longer completely trust the hardware we
>> supposedly buy (sometimes feels like rental !)
>
> Isn't EFI a software installed by person who formats disk?


No, it's the "new" (designed in the second half of the '90s and succeded by
UEFI in 2005) motherboard firmware that replaced the kegacy BIOS:
https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface

If you also take in consideration the several proprietrary, closed-source
firmwares that routinely run inside "your" box (disk controller, HD/SSD,
network controller, WiFi controller and so forth), turns out it's pretty
difficult knowing what "your" CPU is actually running and what it's not
running. And this does not even take into consideration such aberrations
like IME (Intel Management Engine) and friends:
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

    Intel Active Management Technology (AMT) is hardware and firmware
    technology for remote out-of-band management of personal computers


In fact I thing the list of Intel primary customers omits a list of
several government agencies...


Alessandro