|
Has anyone heard about this Intel problem?
What I've heard about it (from the BBC tech department) seems quite weird. Apparently Intel processors have some kind of flaw (they called it a bug but surely only software exhibits bugs) which allows them to be hacked. Maybe they are talking about some kind of firmware?
Anyway, Intel are supposed to have hushed it up while they work on a cure but the news has leaked out. Mind you, what I heard on the news this morning sounded rather muddled because they mentioned smartphones too, and as far as I know, they all use arm chips, not Intel ones. Anybody know more? PS: I just googled "intel flaw" and there's a stash of stuff. People seem to be taking this very seriously. |
the latest thing to talk about, put people in a panic so their will be room for chitter chatter, gets ratings. something to write about keeps the pay check rolling in. I'm not too worried about it some bug in a cpu, if it is not accessed then their are no problems like anything that can be exploited.
|
|
Quote:
If Larry Ellison had not been working so hard to help out Bill Gates by eliminating Oracle's recently acquired Sparc series, he would have been in a great position to move on this in the server market. |
https://meltdownattack.com has some resources.
|
Quote:
statements like this Quote:
it means they haven't got a clue. just something to talk about and do, ie fix it whatever it is. |
Hello Hazel. If I understand to what you're referring it is very likely just as you inferred, firmware and it's related hardware. For several years now Intel has been designing components inside CPUs to "improve" communication with BIOS/UEFI, or at least that's what they say. Nobody but Intel actually knows for certain since the code is not Open Source but the concern is that anyone who cares to look can see some disturbing links that previously did not exist, especially through the ME and MCH components, with which I find a curious parallel to the famed MCP in the original Tron. ;)
Here is a link to a very dry, but also very enlightening symposium on the subject by none other than the deservedly famous Joanna Rutkowska. --- The Role (and dangers) of Intel's ME --- Because it is so dry and a bit difficult for most to watch in it's entirety I include below a link to a screenie of a graphic displaying the architecture. Please note, that among other things, there is a hard-wired connection to drives and wifi. These can operate entirely on Standby power like when you assume your PC is powered down but not all of it is off. You as an "owner", or more accurately "user", have zero control over this function unless you can remove the CMOS battery and that just switches it off temporarily. Once it has power you have no control over what it does or can do and what's more you have zero access to the code regarding it's exact capabilities. This does not mean it cannot be tagged, corrupted, or added to, in short, hacked. However that condition may well pale compared to Intel's own control over everything about it and YOUR PC, your data. Take a look at the pic linked below and you will see why there is indeed legitimate concern. You will see what is connected and powered even when you assume it's off. It is rather disturbing. I do recommend watching the video since it, and a workaround, is well explained. Unfortunately many will find the workaround too constraining as it is essentially, "use somewhat older CPUs" or several of them. Hopefully the video from a few years ago and the subsequent scares will cause Intel to reconsider it's design and implementation. https://i.imgur.com/QrIsfDo.png |
Quote:
Quote:
Quote:
|
I'm running Spectre attack on my Kaby Lake i7 (same attack on an AMD computer returns score=0):
Code:
Putting 'The Magic Words are Squeamish Ossifrage.' in memory |
Bug, flaw, advanced feature, who is to say?
|
https://www.linuxquestions.org/quest...ug-4175620852/
Now I see several topics. as I wrote it, it was not clear that google named it. Most pages do not refer to google naming for spectre and meltdown. and yes afaik intel made a mess. I wish we could sue like in america. Where many people sue companies. I do not trust that 5 percent penalty stuff. I have read up to 60 percent penalty for certain tasks. and afaik cpus since 1995 affected with a few which are not, which i doubt like intel itanium |
@enorbet This isn't the Management Engine bug, it's something completely different. You can call ME spyware if you like, but it was planned and built in. This has taken everyone by surprise.
Clearly there are two bugs, and the more important one (Meltdown) only affects Intel. The Spectre bug may or may not affect amd and arm chips. Arm say no, but nobody's certain. The kernel hackers are working on a protective patch, but apparently it's going to slow our machines down badly. PS: Here is a link to the BLFS support list, describing the new kernel fix for Meltdown. Now we can all fix our systems at least partially. No doubt a fix for Spectre is coming down the line. The timing tests are interesting. It looks as if the slowdown is much less than predicted. PPS: Intel users can use Linux-4.14.11. AMD users wait for 4.14.12. |
There are at least three bugs, so far, covered by those two brand names.
https://googleprojectzero.blogspot.c...with-side.html |
I built a 4.14.11 kernel but now I can't boot the damn thing! I get a string of acpi errors and then a kernel panic. As far as I can see, it's the same as the reported panic in https://bugzilla.redhat.com/show_bug.cgi?id=1520265 which was with a 4.14.8 kernel. The poster fixed that with a bios update, which is something I would never dare to try. Too great a risk of bricking the machine.
It looks as though I'll have to stick with my old kernel for the time being until the new kernel stabilises, and just hope that nobody exploits it. |
Haven't the KPTI patches been backported to the 4.4.x and 4.9.x longterm branches?
|
| All times are GMT -5. The time now is 05:56 PM. |