ALERT: Massive Intel hardware bug coming

Apparently it might be related to speculative execution:
>The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

Some people are saying it might be related to this: cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/

Basically, Intel CPUs might speculatively execute privileged instructions from unprivileged code, and the results can be obtained via side channels even if the speculation was wrong.

If you use an Intel CPU, then Linux PTI/the equivalent Windows fix will be active and you'll take a significant performance hit. It seems you'll be able to disable PTI through a kernel flag in Grub for example: lkml.org/lkml/2017/12/27/145

But it might affect you even if you aren't a cloud provider. For example, mere JavaScript code executed in the browser could read/write kernel memory (and basically pwn you).

>buy AMD
I've considered it. The only reason why I put this Intel workstation together last year was because I have the option to use ME cleaner to disable the Intel ME, and it's working fine. AMD has the PSP which is even more obscure with no way to disable it, and it's a massive security risk. Non-x86 platforms don't have this problem and I can still run x86 software at reasonable speeds in VMs on it.

Lol, enjoy your fix intel

linfags btfo

PSP is a TrustZone implementation, it's much less of a risk than Intel's retardation because multiple vendors use it thus making ARM give a fuck about it.

>For example, mere JavaScript code executed in the browser could read/write kernel memory (and basically pwn you).
And I though suicidal Avoton/Rangeley Atoms were bad enough.
B R A V O I N T E L

See and >then Linux PTI/the equivalent Windows fix will be active and you'll take a significant performance hit
Well fuck. Do you know if it will also decrease the performance of software running on the bare metal? If it doesn't I guess a temporary fix would be to buy a few external hard disks and install the operating systems on those instead to use for testing. It's far less convenient than using VMs but I could work with that. Or I could give each virtual machine an extra core.

It's still untrusted hardware that's tampering with the boot process in ways that it shouldn't, so I'm not thrilled about it.

>pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
>Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November.

>It's still untrusted hardware that's tampering with the boot process in ways that it shouldn't, so I'm not thrilled about it.
ARM also has it, and POWER are useless housefires.
PSP is manageable (looks like the final 1.0.0.7 implementation would allow UEFI to kill it post-boot).

>I can still run x86 software at reasonable speeds in VMs on it.
Really? I'm very interested on this (running virtualized x86 on non-x86 hardware at acceptable speeds) but don't want to derail this thread, could you make a new thread about it and link it?

you can disable psp in asrock board,

feel bad, im using asus
fuckin jewasus still not give the option

Looks like it's a part of 1.0.0.7 implementation.
ANUS would probably have it eventually.

One (1) X299 Raid Key ($299 MSRP) has been sent to your home adress.

Thanks again for correcting the record.

/Intel CS Team

>ARM also has it

Trustzone != Intel ME
Rockchip ARM processors can be booted fully open source
No binary blobs required

Qualcomm and Exynos are botnet

see
youtube.com/watch?v=z-KpAA4_afs
github.com/ARM-software/arm-trusted-firmware

>Rockchip ARM processors can be booted fully open source
>No binary blobs required
I too love eating trash for the sake of freedumbz.
Goddamit, stalldrones are the worst.

Wait a sec. Which Asrock boards have been updated with 1.0.0.7 agesa? The x370 taichi is still stuck on 1.0.0.6b using bios 3.20.

ARM is objectively superior to X86
Fewer cycles per instructions

youtube.com/watch?v=Ii_pEXKKYUg

Different user, but can you go into more detail? I've been thinking of getting a ThinkPad and the constant news of security fuck ups form Intel make me wonder if I should save up and buy a Ryzen powered A series.

>It's still untrusted hardware that's tampering with the boot process in ways that it shouldn't, so I'm not thrilled about it.
well there haven't been as many stories about AMD fucking up the security of their processors and between the two AMD's much more likely to open source PSP, as remote is that would seem right now. Both companies should at least be showing the source code, if not publicly, to independent researchers.

>Fewer cycles per instructions
And more instructions to do the same fucking job as x86.
Eat shit stalldrone.

>AMD's much more likely to open source PSP
They will NEVER, EVER do that until hyperscale or goverment buys their CPUs.
But they do allow disabling it on some boards right now.

>ARM also has it
This doesn't make me like it.

>and POWER are useless housefires
No, not really. They run a little hot which makes it shit in laptops but in servers and desktops it's great with proper cooling.

>would allow UEFI to kill it post-boot
Here's the thing. I don't want it active at all. With Intel I have the ME firmware stripped to just the Bring Up module which does very basic hardware init and power manage and handoff to the BIOS for higher level hardware startup tasks. That's still too much and leaves a bad taste in my mouth about the whole thing. I should be able to completely remove the PSP firmware and have the thing not boot at all, and have only the BIOS handle hardware and bootloader and/or kernel startup. I don't want any blackbox co-processor bullshit at all. I don't use secure boot or disks larger than 2TB so UEFI and the PSP don't do anything for me that a $15 kensington lock and common sense can't.

>could you make a new thread about it and link it?
There's not really a good reason not to discuss alternatives here and I'm lazy. Basically I've used POWER at work and you can virtualize x86_64 hardware pretty well with it. When I say well, I mean that it's not hard to get the same speeds you would out of an average higher end laptop or a low-mid range prebuilt desktop. You aren't going to get as good performance as you would on Intel or AMD hardware but it's definitely good enough for testing out the Windows and OS X software I work on. QEMU support is really good because of the enterprise adoption of POWER hardware. As far as my consumer experience with it goes, the closest thing I've used is PPC Macs, which aren't really a good comparison except I can say that the Debian repos still have a good selection of somewhat up to date software for it.

I still don't want or need something that I can't verify to not be malicious. I don't trust it.

>Here's the thing. I don't want it active at all.
Then get a tinfoil hat and run away into the woods away from the evulz botnet.

yfw 1.3GHz ARM A11 benchmarks as high as 3.5GHz Intel laptop

idownloadblog.com/2017/09/13/geekbench-apple-a11-bionic/

Intel on suicide watch

>Geekbench
That's like measuring HPC performance with a fucking LINPACK.
Eat shit ARMdrone.

Yes, it's exactly like making an objective measure of performance and seeing the X86 architecture crumble under the load

>smallkernels in L1$
I request another "Linus against ARM shill inhabiting RWT forums" rant.

>follow @grsecurity, @scarybeasts and others on Twitter for up-to-date info

Posts like these should be fucking banned.

Stop advertising twitters. If something new comes up, you should post it here.

>it's tinfoil to not want a ring -3 hardware backdoor that could be exploited and used by criminals if it's not already being exploited by big companies or the government
You sound like one of the asshats that unironically thought UEFI was a good idea. Why are you in favor of maximizing the attack surface of system critical, low level hardware and software? Were you dropped on the head as a child? Help me understand what kind of mental retardation you're suffering from.

How the fuck can it actually be exploited?
The only currently available way to breach IME requires direct physical access to attacked PC.
And you can't even breach the fucking TrustZone, you schizo!
Fucking stalldrones.
It's also unrelated to fucking bug in the OP (you know, the one that *actually* matters.).

Well, Brad Spengler and Chris Evans are reputable security experts and they were discussing it, so I thought it would be a good recommendation to point that out. Advertising wasn't my intention.

This is actually worse than the fucking TLB bug.
EPYC sales will skyrocket Q1/Q2 2018.

>EPYC sales will skyrocket Q1/Q2 2018.
This, from the looks of things, many companies will have no choice if the "fix" effects performance as badly as people are saying.

>The only currently available way
>And you can't even
I've heard it all before. Why should I even entertain the possibility of being vulnerable to an attack like that when I don't even utilize the extra hardware for anything? It's just there for no reason and carries with it the potential for future security problems. Common sense is telling me that I should buy hardware without any management engines at all until I can fully disable it in the platforms that do have it. I don't care if the software is better written that that Jewtel is putting out. It's all bad and AMD engineers are not perfect. I've already been burned once and I'm not trying to get burned again, you fucking idiot.

>tfw you think it can never happen
>tfw you think Intel can protect your computer on a thread about the latest Intel fuckup
fucking kek m8

I hope it coincide with the release of ZEN based APU for mass market desktops.

>yfw Icelake-SP is already past the tapeout and nothing will fix it

>tfw i don’t have data i’m attached too

Feels comfy.

>I still don't want or need something that I can't verify to not be malicious. I don't trust it.
I often feel this way but my use case can't always be served by old or low performance hardware. here's a libertarian wallpaper.

>They will NEVER, EVER do that until hyperscale or goverment buys their CPUs.
maybe I'm being too optimistic but I wouldn't rule it out entirely. 4 years ago people on this board would have said the same thing about the quality of open source video drivers. News stories like the one in the op are becoming more frequent so I'm not going to completely rule out the possibility.

>But they do allow disabling it on some boards right now.
seriously? Any chance my motherboard is one of those chip sets? This would greatly please the snake

he's probably an underage normalfag from Reddit. I always suspect people with no regard for privacy or security are dumb kids from Reddit.

Who here ryzen

Might be a good time to get your shit out of "The Cloud". I don't imagine this is going to be a smooth ride for a little while.

Or you can simply move your VMs to EPYC machines.
Your happy AMD merchant would always like to help you.

I mean that there's bound to be a rough patch for customers due to server issues caused by the patch, and probably some problems caused by hardware changes, should those servers move to AMD.

poozen checking in, intelfags on suicide watch

Oy vey, this is bad

Oy vey...

Is there a list of processors affected by this bug, and the performance hit they will take?

Looks like everything remotely recent Intel.

Dude, this is not *bad*.
This is "TLB bug"-tier catastrophe.

g-guys is it happening?

twitter.com/Breaking911/status/948026131067953158

It's been said that it can decrease performance by 50%.

...

>literally too lazy to upgrade hardware
>saved
LOL is there anything better than being a lazy fuck

Guys, is this really the happening that takes down intel?

Just how 'recent' is 'recent'?
All the i7 lineup, even going as far back as the i7 2600? Core2Duo?

>it can decrease performance by 50%
From what I've seen that varies depending on the processor, which is why a list of affected models and performance hits would be handy, is it too early to tell?

Yes.
It's their own TLB bug.
This is so fucking bad.

>2018
>share same calendar as the following years
>1900, 1906, 1917, 1923, 1934, 1945, 1951, 1962, 1973, 1979, 1990, 2001, 2007
>en.wikipedia.org/wiki/Führer_of_Germany
>1934 to 1945

Oy vey, this year is antisemitic

Assuming it's related to speculative execution, the list will go up a while back.
Like, a WHILE back.

intel, not even once™

Honestly, no.
But, it's a very good start for 2018. Here's what will happen this year that will fuck them up, in no particular order.

>this
>amd's existence
>two biggest platforms (apple and microsoft) pushing ARM exclusive devices with emulation (no intel at all)
>growing anti-israel sentiment
>stale executives who can't stop fucking up

It's a good year. :)

How much better is ARM compared to x86 and x86_64?

go back to Sup Forums, kid. stop inserting this anti jew Sup Forums bullshit on the thread

Same shit, different ISA.
And most SoCs are vendor locked-in shitfests.
Enjoy!

Oy gevalt! Another Shoah! Shut it down!

Now is the time for Apple to step in. The A11 chip is already more powerful than an i5, once this happens Apple will be in a position to be a big player on the CPU market by putting A chips in their Macs.

BASED APPLE
A
S
E
D

A
P
P
L
E

It's not a direct comparison, so I can't answer that. However, all major players are turning to ARM which has had way more progress in recent years and is a complete battery beast. Which isn't so important to desktops, for obvious reasons, but desktops can still benefit due to smaller sizes, less power consumption, and less Intel.

You have to be pretty blind to not see the anti-israel sentiment building up. I don't agree with them whatsoever, but it's pretty fucking obvious. The recent UN example is one you should not ignore.
Has nothing to do with Sup Forums you sperg.

speaking of apple. grsecurity is reporting a performance hit on intel processors by almost 1/3rd. apple is already under fire for limiting the performance of their phones because muh battery, what happens when they limit the cpu speed for normies macbooks?

Oh the burn is strong. Feel the burn Intel ! Lol

Time to buy a threadripper before they all sell out lol

>1/3 perfhit

pretty xtreme desu, people will scream

Easy, they just won't patch it, so the users don't have a meltdown. If Microsoft can get away with not patching the Atom Tables bug, Apple can do it.

It’s intels fault not apples. But what a perfect time for Apple to migrate all their Macs over to A11+ chips which are on par with current i7 chips and once this performance hit kicks in they will dominate them.

APPLE A BASED.

which do you think will cause more of an issue, normies whining that their 4000$ facebook machine doesn't load 1000x compressed jpgs or shit rags like motherboard/vice posting an article that apple ignored a security vulnerability in macos kernel?

Is this being discussed in this context of a 30% performance hit for all intel processors anywhere other than Sup Forums?

Forgive me but it’s harder to trust it if Sup Forums is the only place. Also if true then I need to load up on Intel puts.

twitter.com/grsecurity/status/947268221446574080

lol that's being exceptionally optimistic in every way possible
people noticed a fucking ~200 difference in geekbench scores (~200-600mhz clocks), they're going to rage about this too
apple will be on indirect damage control for a bit

Post YFW Apple finally breaks free of intel handcufffs and starts crafting beautiful MacBooks with ARM processors which are more powerful and use less energy

>ARM
>More powerful

Wilco, fuck off already.

Intel/AMD shills BTFO

BASED APPLE
A
S
E
D

A
P
P
L
E

literally one of the few white hands that don't look like they belong to an obese person on Sup Forums

wtf america

again?

I doubt Apple will move all Macbooks to fucking ARM unless they want to lose more market share in the personal computer marketplace.
I could see it MAYBE in a sub $600 macbook air style laptop.

Those are soyboy hands, son

looks like amd shills are at work

oh wait, AMD is too poor and cheap to pay for shills, these are just sad fanbois who spend their free time researching POTENTIAL bugs

>intel shill sweating

The fact this performance hit is so big, coupled with the complexity of the bug (which normal people won't regard as something very serious), makes it impractical to patch.

Normal people will have a hard time trying to grasp why this is a serious bug, and will default to choosing the convenience of speed over security. I don't know if Apple is going to patch it, but from the point of view of users, I think they'd bend over and take it. Maybe Apple could introduce a setting where they allow the user to choose between both options.

Apple can definitely get away with it

Based Brad

So that's why Baidu has been soaking up every fucking Ebyc chip since the last quarter.

This feels like the World War Z movie where Israel knew about the zombie attack before everyone else and built the wall

What's the likelihood Intel will be forced to recall their CPUs and replace them for free? 35% performance penalty seems way too big to not issue a formal recall.

so this is the power of the average macfag...

top comfy

soyboy hands > sugaboy hands

For sure, they'll deal with it. But users will still flip out unless a compromise of sorts occurs bundled with a separation between what caused this and future apple products.