Date: Fri, 2 Feb 2018 06:18:20 -0500 From: Paul Pathiakis <pathiaki2@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: Response to Meltdown and Spectre Message-ID: <044e62f7-69ca-71fe-34a8-5c5cafc06f08@yahoo.com> In-Reply-To: <F395799E-2C94-47E9-AA1C-5CB075C50076@kreme.com> References: <CY1PR01MB12472D916F78A638731ECCE68FFB0@CY1PR01MB1247.prod.exchangelabs.com> <23154.11945.856955.523027@jerusalem.litteratus.org> <5A726B60.7040606@gmail.com> <92120E50-19A7-4A44-90DF-505243D77259@kreme.com> <CA%2BtpaK2o1nbY2W2JVRtogN=P2VM9rag_dodK=GtLWgKwNsYZkg@mail.gmail.com> <F395799E-2C94-47E9-AA1C-5CB075C50076@kreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/01/2018 22:14, @lbutlr wrote: > On 1 Feb 2018, at 16:04, Adam Vande More amvandemore@gmail.com> wrote: >> On Thu, Feb 1, 2018 at 3:48 PM, @lbutlr <kremels@kreme.com> wrote: >> >>> the trouble is that AMD's behavior has been at least as bad as Intel's, if >>> not worse, in regards to Meltdown, >>> >> Can you explain what provoked this assertion? > First, they violated (not technically, but they made it bloody obvious) the NDA so that the flaw was widely discovered a week early by adding a comment to a meltdown patch that lead every expert int he field straight to the vulnerability: "The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault." > > Second, they initially claimed they were would not release any firmware because they were entirely immune, which was untrue. > > They were almost immediately proved to be vulnerable to some of the flaws. > > Third, while Intel released (and continues to release) detailed technical information, AMD released PR statements. > > Honestly, as bad as Intel has looked in the last month, AMD looks worse since they'd behaved like children. > This is the exact opposite of what I have seen/read. What NDA is this? "A week early"? Again, this was found out about in June of last year to affect intel architecture. A flaw that existed for over 10, if not 20 years. They did not release the information, Google researchers and other independents did.... Again, they stated the are immune to all variants of 1 and almost non-zero potential to the other. They have not changed this story at all. Again, proving what they stated is just someone doing due diligence and they made a public statement as to which ones that could under the right 'blue moon' circumstances MIGHT be exploited. Their statement is that they would do 'what is necessary' to mitigate ANY risk from them no matter how small. Intels patches have 'bricked' processors. Yes, made them totally unusable as they rushed them out the door. They pulled them immediately and told people to destroy them. I consider that 'highly irresponsible' as their QA is shabby or not-fully encompassing. Intel and AMD cannot release detailed information as it will make it a lot more obvious as to hack those ships. As far as I know, making a user's product useless by bricking them due to lack of testing was the most irresponsible thing anyone can do and that wasn't AMD who did it. Another thing I find disturbing about the situation is that Intel, already knowing about the vulnerability, pushed out the i9 series knowing it had the same fundamental flaw and putting more chips out there with the issue. Also, firmware is not the only problem but OS memory management is another issue. TG for FreeBSD and it's proper design and management. P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?044e62f7-69ca-71fe-34a8-5c5cafc06f08>