https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/
Anyone know if this is true?
-
Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!
Does AMD have Spectre and Meltdown-like security flaws???
- Thread starter EarthDog
- Start date
Anyone know if this is true?
- Joined
- Dec 19, 2012
News to me but found a few more details https://safefirmware.com/amdflaws_whitepaper.pdf
One needs acces to the BIOS and the rest it appears you need elevated privilidges to run a program before any access is available. The Chimera wasn't clear
One needs acces to the BIOS and the rest it appears you need elevated privilidges to run a program before any access is available. The Chimera wasn't clear
- Joined
- May 29, 2005
![]-[itman](/forums/data/avatars/m/9/9309.jpg?1650325391){kind=avatar}
I posted this over at anand, but will repeat here.
There's some possible evidence that the main culprit behind all this was actually Viceroy, an "investment" company who is apparently infamous in South Africa for publishing lies as part of "market research" into companies which cause a company's stock price to crash. Of course Viceroy has heavily shorted that stock which gives them a nice payday. They've already done it twice and my guess is that the heat they were receiving was getting to be too much, so instead they decided to use a "hired gun" to do the "research" while they profit off of the short.
None of this is proven, but there does seem to be some things between Viceroy's earlier tactics that are just a little too similar to what happened here with AMD. It could be that Viceroy just happened to be hoping AMD stock price would crash when the CTS-Labs report came out so they jumped on it to make money off their position, but I actually find that to be a bit less believable given the timing of events.
There's some possible evidence that the main culprit behind all this was actually Viceroy, an "investment" company who is apparently infamous in South Africa for publishing lies as part of "market research" into companies which cause a company's stock price to crash. Of course Viceroy has heavily shorted that stock which gives them a nice payday. They've already done it twice and my guess is that the heat they were receiving was getting to be too much, so instead they decided to use a "hired gun" to do the "research" while they profit off of the short.
None of this is proven, but there does seem to be some things between Viceroy's earlier tactics that are just a little too similar to what happened here with AMD. It could be that Viceroy just happened to be hoping AMD stock price would crash when the CTS-Labs report came out so they jumped on it to make money off their position, but I actually find that to be a bit less believable given the timing of events.
What
If this was the case, AMD would have never released the product as EVERYONE would be able to detect these vulnerabilities.
Edit 1:
They sure use a lot of fluff in this "official" document lol. Its half product advertisment, half garble for the most part with a sprinkle of circle logic.
That second bullet point is a restatement of everything they just mentioned. Again, circle logic to try and scare you.
Edit 2:
Looking in RyzanFall, they only have one sentence on how an exploit could be done. And they trail off that you need some vague secured driver from the OEMs.... Of which I don't believe have access to this region.
And now for the great twist lol:
https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/
This article was released a while back and is a known issue that AMD has been working on with Google. RyzenFall seems to be a rip off of this very exploit.
Edit 3:
LOLOLOL Man this is classic Russian strategy. Stir chaos among the idiots and let it drive a particular event. I'll give you the best [read: worst] example of how this document is complete garbage.
In the Chimera Exploit (excellently named [Ref: Russia]) The figure they use is said to come from the Crosshair VI manual, but isn't even in there. I just checked it on ASUS's website. The image also has a giant watermark for Bit-Tech.net That image looks to be stripped from an OEM PP or some official document provided by AMD/OEM for highlevel understanding of the system architecture.
Furthermore, none of these "exploits" have any credible information making them seem like they are a threat. Most of them rely on some vague process that requires completely custom malware or the like for the specific ARM processor used by the Secure Processor. Which, if there was an issue with an ARM Cortex 5, a lot of people would be VERY worried. Just about every mobile device has one of those in them.
All of the images they used are either stolen off Google or they have absolutely no meaning what so ever. The "block diagrams" they provide are nothing more than just junk information thrown at you to make it seem like there is more information to be abstracted.
Where are the references? Where is the supposed scientific process of showing that this can be done? This entire paper is a farce, and I hope that AMD melts that firm into nothing and than finds out who did this.
Source: Pdf linked above
If this was the case, AMD would have never released the product as EVERYONE would be able to detect these vulnerabilities.
Edit 1:
They sure use a lot of fluff in this "official" document lol. Its half product advertisment, half garble for the most part with a sprinkle of circle logic.
That second bullet point is a restatement of everything they just mentioned. Again, circle logic to try and scare you.
Edit 2:
Looking in RyzanFall, they only have one sentence on how an exploit could be done. And they trail off that you need some vague secured driver from the OEMs.... Of which I don't believe have access to this region.
And now for the great twist lol:
https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/
This article was released a while back and is a known issue that AMD has been working on with Google. RyzenFall seems to be a rip off of this very exploit.
Edit 3:
LOLOLOL Man this is classic Russian strategy. Stir chaos among the idiots and let it drive a particular event. I'll give you the best [read: worst] example of how this document is complete garbage.
In the Chimera Exploit (excellently named [Ref: Russia]) The figure they use is said to come from the Crosshair VI manual, but isn't even in there. I just checked it on ASUS's website. The image also has a giant watermark for Bit-Tech.net That image looks to be stripped from an OEM PP or some official document provided by AMD/OEM for highlevel understanding of the system architecture.
Furthermore, none of these "exploits" have any credible information making them seem like they are a threat. Most of them rely on some vague process that requires completely custom malware or the like for the specific ARM processor used by the Secure Processor. Which, if there was an issue with an ARM Cortex 5, a lot of people would be VERY worried. Just about every mobile device has one of those in them.
All of the images they used are either stolen off Google or they have absolutely no meaning what so ever. The "block diagrams" they provide are nothing more than just junk information thrown at you to make it seem like there is more information to be abstracted.
Where are the references? Where is the supposed scientific process of showing that this can be done? This entire paper is a farce, and I hope that AMD melts that firm into nothing and than finds out who did this.
Last edited:
- Joined
- Jan 27, 2011
- Location
- Beautiful Sunny Winfield
But, But .... It has a really kewl name! RyzenFall!
Alaric
New Member
- Joined
- Dec 4, 2011
- Location
- Satan's Colon, US
I'd like to see AMD get somebody's nuts in a vice over that.
- Joined
- Dec 6, 2010
I don't see how anything can be stored in the CPU after power is turned off unless there is flash memory in it or the CMOS battery is used to keep the cache memory alive as well as the CMOS memory, and last I checked there is no flash memory in a CPU. Now with the sTR4 and SP3 socket desktop and server CPU's I'm not sure what all is in the CPU, so I may have to go look at the specs on them and see what is in them.
Now there are CPU cache memory hacks to attack the CPU, I wonder if that's what this is all about?
Now there are CPU cache memory hacks to attack the CPU, I wonder if that's what this is all about?
Despite the names given to some of the attacks and the singling out of the Ryzen architecture, it doesn't actually have to do with the CPU (just one of the many ways this "research" is messed up). The real potential exploits happen in the PSP which is a security processor (ARM based) that has firmware that is persistent through power cycles and even attempts to re-flash a clean firmware. While the exploits could be real (still waiting independent 3rd party or AMD confirmation) they require you to basically own the system with full privileges first which makes this "exploit" have very little teeth. If true, AMD still has something to deal with but it seems like it should be patchable and given proper time, AMD should be able to have a fix. The other thing is that, as I mentioned, the PSP is actually ARM based and the trust zone I believe is licensed from or in partnership with ASmedia (an Asus subsidiary). So, then the question becomes how much of this is actually on AMD versus ARM / ASmedia implementation. Since AMD is using the technology, obviously they need to make sure it's fixed, but the onus probably isn't even on them to do it but rather make sure it gets done.
- Joined
- Jan 4, 2012
I think "may be true" is more accurate. Assuming you have access and the ability to change the bios.
I think GN did a fairly good summary of this ridiculous mess.
https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs
- Thread Starter
- #18
Well, 'I hear' left some room on the table for ambiguity already...
That said... https://wccftech.com/low-down-amd-security-exploit-saga-cts-labs/
That said... https://wccftech.com/low-down-amd-security-exploit-saga-cts-labs/
Dan Guido's team was paid to verify the results. I'm not saying the verification isn't true, but it does mean we're still lacking independent 3rd party confirmation. Even in the confirmation, Guido just said that the exploits work as described, but in the whitepaper it never actually describes how they work, so we're not entirely sure what was confirmed until someone with access to the PoC or more technical details (CTS, AMD) come out with what is actually being done.
- Thread Starter
- #20
3rd party verification is needed indeed... but, I'd be willing to bet these are all/mostly all real, just blown out of proportion.
EDIT: https://safefirmware.com/CTO+Letter.pdf
EDIT: https://safefirmware.com/CTO+Letter.pdf
