News AMD's 'Sinclose' vulnerability affects hundreds of millions of processors, enables data theft — AMD begins patching issue in critical chip lines, m...

[flamingspinach]

Does this affect Zen 5? I would assume not since AMD had 10 months of prior knowledge. Would be silly to launch Zen 5 without having already addressed it.

The security bulletin from AMD doesn't contain any mention of Ryzen 9000 series processors, and since the bulletin was released today, it can't be because Ryzen 9000 wasn't out at the time it was written.

 

[Hotrod2go]

How about the states themselves? Some states do not even need to sponsor any hackers as they already have implemented backdoors inside ALL AMD and Intel CPUs since 2006. Intel Management Engine and AMD Secure Technology are both backdoors in complete NSA control (see here). And BTW, these operate completely independent of the OS and all they require is an internet connection. (See for example NotebookCheck, me_cleaner, even US controlled wikipedia)

As Intel has confirmed[84] the ME contains a switch to enable government authorities such as the NSA to make the ME go into High-Assurance Platform (HAP) mode after boot. This mode disables most of ME's functions,[76][85] and was intended to be available only in machines produced for specific purchasers like the US government

So spare me this BS fearmongering. Suddenly ppl are worried about data theft.

But that source you linked too with NSA is only for Intel, is there one for AMD?

Back to the headline story & if I'm reading this correctly & its bios level malware, why can't one just reflash the bios or flash it with a different version of bios to remove this malware?

 

[edzieba]

<<Pop the CPU out of an infected system and install it in a new system? The new system is infected.>>

Root kits are installed in the BIOS chip, other devices with RW firmware, disk MBR etc, but not the CPU itself.

This attack is against the PSP, located on the CPU die.

 

[yc1]

This attack is against the PSP, located on the CPU die.

Which means if your cpu gets infected its most likely going to have to be thrown out sense its not ment to be easy to modify any code inside the security areas of the chip

 

[slightnitpick]

This attack is against the PSP, located on the CPU die.

From Wikipedia:

On-chip phase
Firmware located directly on the PSP chip sets up the ARM CPU, verifies the integrity of the SPI ROM, using various data structures locates the off-chip firmware (AGESA) from the SPI ROM, and copies it over to internal PSP memory.

I'm flat out guessing that this is saying that there is firmware located in, hopefully ROM, memory on the processor. This on-processor firmware grabs additional firmware from off-processor, and then runs that additional firmware.

So I'm asking whether or not the on-processor PSP firmware can be modified, or whether it's only the off-processor firmware or further downstream code that can contain the malicious code. If it's the latter, then wouldn't pulling the processor effectively erase the AGESA copy in the PSP memory? I presume they are not permanently storing the AGESA code in PSP memory, but loading it anew each boot.

 

[yc1]

From Wikipedia:

I'm flat out guessing that this is saying that there is firmware located in, hopefully ROM, memory on the processor. This on-processor firmware grabs additional firmware from off-processor, and then runs that additional firmware.

So I'm asking whether or not the on-processor PSP firmware can be modified, or whether it's only the off-processor firmware or further downstream code that can contain the malicious code.

It can be modified its just extremely difficult to do so

 

[mhmarefat]

But that source you linked too with NSA is only for Intel, is there one for AMD?

Back to the headline story & if I'm reading this correctly & its bios level malware, why can't one just reflash the bios or flash it with a different version of bios to remove this malware?

I don't have one for AMD (though the wikipedia page does cite 3 sources ) but this is a US Gov decision to implement such things and outside the power/choice of both Intel and AMD. We're not safe with either. But most likely none of AMD or Intel have malicious intent themselves or any saying in this matter.
(US Gov has even approached Linus Torvalds -there is a youtube video of him confirming this himself- to implement "somethings" inside the Linux Kernel...)

 

[Guardians Bane]

No, it's worse than that. It's like getting past all those things and allowing the installation of a secret door to the vault so that even if the bank kicks the thief out of the building, gets more guards, and upgrades the alarms, the thief can let themselves right back in directly to the vault, past the guards, without triggering any of the alarms.

I like how you explained that. It is much easier for me to understand how intricate this vulnerability is. I understood the authors explanation, but you showed it goes deeper than that.

 

[NinoPino]

I was thinking the same thing about inexpensive no name pcs from places like AliExpress. And maybe Lenovo.

Why Lenovo ?

 

[NinoPino]

It can be modified its just extremely difficult to do so

Nice technical explanation. 😀

 

[greenreaper]

“Plus, AMD have decided to straight up NO FIX PLANNED the Ryzen 3000 series, so if you own one then no fix for you.”

Not a justification, the 3000 series chips are 5 years old, 2 full generations. Chips to replace them from the 5000 series are inexpensive.
My guess is that AMD reckon that there aren’t enough 3000 series chips in use now and it’s a potential way to sell some more 5000 parts.

We bought an in-box new all-in-one PC with one of them in just this year. It's not a good situation when stuff is still in the channel and isn't getting a fix.

 

[rluker5]

Why Lenovo ?

It's just an unlikely conspiracy theory based on some hypothetical demands of the Chinese gov wanting access to foreign company information.

But something I'm curious about is if this kernel level access can be achieved in a cloud vm in a custom os and corrupt the host pc?

 

[stuff and nonesense]

We bought an in-box new all-in-one PC with one of them in just this year. It's not a good situation when stuff is still in the channel and isn't getting a fix.

I don’t disagree, I’m not justifying the lack of a fix. (I’m retiring a 3900x in the next few weeks)

 

[hart832]

Does this loophole only affects Windows OS or Linux as well?

 

[dehjomz]

If this was an Intel vulnerability the pitchforks would be out predicting the end of the company. Now that it’s AMD, we get comments like “nothing burger “! lol.

 

[stuff and nonesense]

If this was an Intel vulnerability the pitchforks would be out predicting the end of the company. Now that it’s AMD, we get comments like “nothing burger “! lol.

It’s nothing to do with intel. Why go off topic?

 

[TJ Hooker]

How about the states themselves? Some states do not even need to sponsor any hackers as they already have implemented backdoors inside ALL AMD and Intel CPUs since 2006. Intel Management Engine and AMD Secure Technology are both backdoors in complete NSA control (see here). And BTW, these operate completely independent of the OS and all they require is an internet connection. (See for example NotebookCheck, me_cleaner, even US controlled wikipedia)

As Intel has confirmed[84] the ME contains a switch to enable government authorities such as the NSA to make the ME go into High-Assurance Platform (HAP) mode after boot. This mode disables most of ME's functions,[76][85] and was intended to be available only in machines produced for specific purchasers like the US government

So spare me this BS fearmongering. Suddenly ppl are worried about data theft.

I don't see how your links/quotes even remotely support your claim. Are you arguing that Intel adding a switch to toggle ME on/off for a local machine, at the behest of government agencies, is proof that those government agencies have a backdoor into ME (which in turn can compromise the whole machine) for every system with ME? Because the former in no way implies that latter.

 

[slightnitpick]

but this is a US Gov decision to implement such things and outside the power/choice of both Intel and AMD.

Your original links do not claim at all that Intel (or AMD) created these management features on the behest of the NSA, merely that they developed a way to shut them off locally (presumably you'd need firmware access, like this vulnerability, to shut them off remotely) at the behest of the NSA. This could be because the NSA wants the ability to hack into systems, or it could be because the NSA wants the ability to open up seized systems as part of an investigation, or because the NSA wants full security control of the systems it uses internally.

 

[slightnitpick]

Does this loophole only affects Windows OS or Linux as well?

This is prior to the OS. The OS is not involved.

 

[rluker5]

We bought an in-box new all-in-one PC with one of them in just this year. It's not a good situation when stuff is still in the channel and isn't getting a fix.

It looks like AM4 support isn't really full support, it just means offering stuff for sale.
If the bios is getting updated anyways, why not include microcode updates for all supported chips?
Is AMD not going to do anything for the Steam Deck? They are still selling mobile Zen2 afaik so they should have a microcode for them at least.
Holding it back from the 3000 series seems like planned obsolescence.

 

[RolandOlifant]

If this was an Intel vulnerability the pitchforks would be out predicting the end of the company. Now that it’s AMD, we get comments like “nothing burger “! lol.

Exactly. The ol' "Nothing to see here" Emperor's New Clothes syndrome.

 

[slightnitpick]

It looks like AM4 support isn't really full support, it just means offering stuff for sale.
If the bios is getting updated anyways, why not include microcode updates for all supported chips?
Is AMD not going to do anything for the Steam Deck? They are still selling mobile Zen2 afaik so they should have a microcode for them at least.
Holding it back from the 3000 series seems like planned obsolescence.

Based on stuff and nonesense's edzieba's link it is only the desktop 3000 series that is "NO FIX PLANNED". That would be these chips:

AMD Ryzen™ 3000 Series Desktop Processors (Formerly codenamed) “Matisse”

Nothing earlier than Zen2 is getting a fix except the EPYC processors.

If greenreaper's all-in-one is using a mobile processor it should have an update coming.

 

[stuff and nonesense]

Based on stuff and nonesense's link this it is only the desktop 3000 series that is "NO FIX PLANNED". That would be these chips:

It’s a slight nitpick but I only replied to the message immediately preceding, the link isn’t mine but it’s still valid…

 

[rluker5]

Based on stuff and nonesense's link this it is only the desktop 3000 series that is "NO FIX PLANNED". That would be these chips:

Nothing earlier than Zen2 is getting a fix except the EPYC processors.

If greenreaper's all-in-one is using a mobile processor it should have an update coming.

I was at work when I posted that so I didn't check AMD's link again and didn't know that the mobile Zen2 have a fix. But that kind of goes along with my statement, if they already have the fix for Zen2 and earlier, why not give them the fix? Mobile Zen2 wasn't that different from desktop. At least cover all of AM4.

They just released those couple of "new" Zen 3 SKUs, are they going to have security updates for the same amount of time as a cheap android phone? Ok that last comment was just because it made me chuckle, but the 3000 series is still relevant, better than my old Haswells and Broadwell for sure. Not giving them a security update to give people a reason to replace them when they otherwise wouldn't have one isn't consumer friendly.

 

[spongiemaster]

Has anyone done a total of the number of times a research group has said something "cannot be fixed" only for it to be patched?

They're not talking about patching to prevent getting compromised. They're talking about once you are compromised by this, the fix is so difficult that you might as well throw the computer out.