this post was submitted on 18 Jun 2023
101 points (100.0% liked)

Gaming

30566 readers
115 users here now

From video gaming to card games and stuff in between, if it's gaming you can probably discuss it here!

Please Note: Gaming memes are permitted to be posted on Meme Mondays, but will otherwise be removed in an effort to allow other discussions to take place.

See also Gaming's sister community Tabletop Gaming.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 36 points 1 year ago (4 children)

There are several vulnerabilities in bootloaders that have not been fixed. Namely, there is an entire tiny operating system that is used to initialize the processor before the main bootloader begins. Then the bootloader creates a bunch of handles to control the hardware, and hands them over to the operating system kernel. The i-core/ryzen processors include the second generation of this tiny underlying operating system that runs before everything else. This tiny operating system was originally marketed as a way to remotely monitor and troubleshoot data center servers, but this is a very weak and flawed marketing strategy. The way this system runs before everything else, it has root/admin privileges and access that supersede everything that comes after it. A bad actor accessing this system is absolutely game over for all hardware including the bootloader itself. Well this tiny operating system is tied to the microcode for the processor generation.

If you know anything about old computers that had a bunch of boards and chips inside the case, modern computers still have all of these chips and systems, but they are all integrated into just a few chips. These systems are still complicated and have a certain way they must be powered up and initialized so that each system begins in a specific state along a long chain. The "microcode" in a modern computer is really just a bunch of "software" that controls the order that the hardware is brought online. In the i-core/ryzen generation of hardware the microcode is proprietary and copyright protected. This is a way to get around many x86 patents expiring. It has long been speculated that the tiny operating system is also a back door for governments as it can completely own any system regardless of encryption or any other security measures.

There is a way to mostly disable this tiny operating system but there is no way to monitor or confirm its activity at run time. OpenSIL is like having access to the control room of this tiny operating system for the first time. It means it is now possible to completely secure and verify the state of a system. There is no security in obscurity. OpenSIL is the removal of a major failed attempt at security through obscurity.

Ultimately, at the most fundamental level, openSIL means full ownership over your hardware. I can buy AMD, but can only rent Intel. Intel keeps ownership of this tiny little corner of the hardware and they have done a terrible job of managing what they own. When faced with that buying choice the outcome should be obvious, assuming you are able to run the software that can take advantage of this. It will take at least a few months, but there should soon be a completely open source version of Coreboot that will use openSIL. Hope this helps.

[–] [email protected] 6 points 1 year ago

Thank you, a lot of stuff there I didn't know! 👍

[–] [email protected] 5 points 1 year ago

This is bestof material right here. Thanks.

[–] [email protected] 5 points 1 year ago

Thank you for the in depth explanation!

[–] [email protected] 2 points 1 year ago (1 children)

Isn’t there a speculation that Intel CPUS are actually RISC chips with microcode emulating x86?

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

It's not speculation, it's verified fact ever since the Pentium 6 in the mid-90's. See eg this or this

[–] [email protected] 2 points 1 year ago

Ah my bad, I did a quick search before commenting and couldn’t find anything concrete.