[coreboot] Does the 62xx Series Opteron work *securely* without microcode?

[Timothy Pearson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/28/2017 02:25 PM, Igor Skochinsky wrote:
> Hello Timothy,
> 
> Wednesday, January 25, 2017, 6:32:29 PM, you wrote:
> 
> 
> TP> -----BEGIN PGP SIGNED MESSAGE-----
> TP> Hash: SHA1
> 
> TP> On 01/25/2017 11:26 AM, Aaron Durbin wrote:
>>> On Wed, Jan 25, 2017 at 11:24 AM, Timothy Pearson
>>> <tpearson at raptorengineering.com> wrote:
>>> On 01/24/2017 10:55 PM, Taiidan at gmx.com wrote:
>>>>>> I know the 63xx has a very fatal NMI exploit, but according to the
>>>>>> libreboot (oh no) website the 62xx works safely out of the box without
>>>>>> microcode however I would like to confirm if this is actually true.
>>>>>>
>>>>>> I looked at the errata .pdf from the AMD website but I didn't see
>>>>>> anything that seemed significant.
>>>>>>
>>>>>>
>>>
>>> As far as we have been able to determine it does, again with the caveat
>>> that this is without microcode _updates_, not without microcode.  There
>>> is still the off chance that these CPUs ship with a backdoor inside the
>>> burnt microcode ROM that is patched out with an update.  Unlike POWER
>>> and ARM we are solely dependent on the vendor being trustworthy enough
>>> to disclose issues in their errata document; outside of that, there is
>>> simply no feasible way to know for certain what bugs are lurking inside
>>> the CPU.
>>>
>>>> POWER and ARM parts can have microcode too. That's up to the
>>>> implementation. I'm not sure how you can distinguish the difference.
>>>> Because one posts an update vs others never indicating there is an
>>>> update? Even if parts have no microcode, there's a possibility of
>>>> backdoors baked into the silicon. In all situations one needs to trust
>>>> the vendor.
> 
> TP> I am definitely aware of that; the difference is that with POWER the
> TP> microcode is open (though documentation is lacking), and most of the
> TP> mainstream ARM implementations lack microcode.
> 
> ARM1 had microcode[1], are you sure the current cores don't? The TRMs do
> mention revision numbers after all.
> 
> [1] http://www.righto.com/2016/02/reverse-engineering-arm1-processors.html

ARM's microcode is generally hardwired; i.e. it can't be updated.  You
are correct in that I was not precise enough; all modern CPUs have some
kind of microcode to make implementation practical.  ARM is interesting
in that the vast majority of manufacturers hardwire the microcode at the
gate level; this might be related to ensuring that the cores use minimal
area but this is just a wild guess.  NVIDIA is a notable exception with
Tegra; Tegra cores have updateable microcode the same as x86 and POWER CPUs.

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJYjQCXAAoJEK+E3vEXDOFbeG4H/ic8Fof5BlKwMGPUB/gHUuq4
03XPd8qujolOehhk3wpBJt2eyJS9zrPWo6Yj3OP/48q+basBRnmEq03HjkpjaAJX
8qWO428O9QOv0RNVzoyNOAo7hP/4G69/N9YmqJCLYwcdOCAmvKY0sPsUb6EiVqs5
Jen4H8DlqTBIgQ7V6UFHZ99YF8P1xf5OIt9Ziq8zxJUUgrNvq+Pvq4P/t+TX5kJK
HlchBMr/RsGArnPj2iWI/bEh+BIxNsuLLvWreRUuwiH0y+QpPB/D14tl7KtWrTzx
GjEM5pakfCvX6ys9pvTzsxnUoRz+4vnc9uGfZo+Yq/ztgUvidnmAPoVXTmPiXWQ=
=Vf25
-----END PGP SIGNATURE-----