On Fri, 9 Dec 2016 04:17:49 -0500 grarpamp grarpamp@gmail.com wrote:
Intel ME/AMT concerns me too
AMD Family 15h itself is safe.
No one has any proof of that for any modern cpu from any maker, featureset irrelavant.
Sure, to clarify what's meant here is "it does not implement the actual backdoor-like feature (separate CPU-within-CPU running proprietary code and having super-user rights over the rest of the system and full access to everything) in the form of 'Platform Security Processor' or 'Intel Management Engine'". Point is if you wanted a desktop CPU without such feature, there's an option available today, and you don't have to go back to Pentium 200 to avoid it.
They all accept microcode updates, which btw are all encrypted closed binary blobs.
Those are applied by your BIOS or your OS. https://packages.debian.org/jessie/amd64-microcode https://packages.debian.org/jessie/intel-microcode You don't HAVE to install those. It's not like they are auto-downloaded from the Internet directly by your CPU (at least if your CPU doesn't have those AMT/PSP things :).
And the chips themselves are fully closed source containing billions of transistors. You simply have no idea what's in there and no way to economically and publicly test or negotiate to find out and openly publish it all.
Sure there still can be subtle bugs and backdoors, but those will need to be subtle, well hidden, likely more difficult to exploit, and likely having much less of a "feature set" when exploited. Not to mention the devastating reputation effect on the vendor if uncovered.
Billions of secret transistors... billions. Not good, and not necessary.
#OpenFabs printing #OpenDesigns
As far as I know there's no fully free and open chip right now which provides performance expected of a modern desktop or server. There is the TALOS project[1], but for most people it'll be a non-starter due to price. And even there from what I see you don't get it made on an open fab. So we need to choose the least evil option from what we have available, and to me the AMD FX appears to be a win in that regard.
[1] https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstatio...