‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

nzmaa@lemy.lol · 3 months ago

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

mesamune@lemmy.world · edit-2 3 months ago

Agreed. Im hoping to see more RISC-V processors make it to commercial hardware. We are starting to see it with some experimental single board computers and laptops, but they are still much too slow. But its getting there!

https://milkv.io/mars#buy might be a good place to start, although im looking for the spec sheet…

Ive been on the lookout for a “good enough” server with RISC-V. Would love to play around with it.

deafboy@lemmy.world · 3 months ago

"GhostWrite is the result of an architectural flaw, a hardware bug in the XuanTie C910 and C920 CPU. These are only two of many RISC-V CPUs, but they are widely used for a variety of applications. According to the research team, vulnerable devices include:

Scaleway Elastic Metal RV1, bare-metal C910 cloud instances

Milk-V Pioneer, 64-core desktop/server
Lichee Cluster 4A, compute cluster
Lichee Book 4A, laptop
Lichee Console 4A, tiny laptop
Lichee Pocket 4A, gaming console
Sipeed Lichee Pi 4A, single-board computer (SBC)
Milk-V Meles, SBC
BeagleV-Ahead, SBC"

https://www.tomshardware.com/pc-components/cpus/ghostwrite-vulnerability-exploits-architectural-bug-in-risc-v-cpu-to-gain-root-access

Vik@lemmy.world · edit-2 3 months ago

RISC-V ISA isn’t magically exempt from vulnerabilities. You can still be hit at a microcode level.

https://www.phoronix.com/news/GhostWrite-Vulnerability-RISC-V

For AMD, I’m wondering if OpenSIL can help prevent similar, deep system firmware vulnerabilities from lingering cross numerous product generations.

mesamune@lemmy.world · edit-2 3 months ago

It would improve the number of eyes if you had full specs. You can arguably identify exploits and bugs much faster.

I also just want RISC-V :)