I am told, by a very involved developer in this field, that these concerns are a bit overhyped, limited to now outdated Via C3 CPUs. On Wed, Aug 15, 2018, 12:15 AM grarpamp <grarpamp@gmail.com> wrote:
https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU, security researcher Christopher Domas told the Black Hat conference here Thursday (Aug. 9).
"This is really ring -4," he said. "It's a secret, co-located core buried alongside the x86 chip. It has unrestricted access to the x86."
"These black boxes that we're trusting are things that we have no way to look into," he said. "These backdoors probably exist elsewhere."
Mode enabled by default. You can reach it from userland. Antivirus software, ASLR and all the other security mitigations are useless."
On Tue, Aug 14, 2018 at 10:52 AM, Henry Baker <hbaker1@pipeline.com> wrote:
Why do we even bother encrypting, when our chips are so corrupt?
This article strengthens my belief that *all* of our current chips have hidden backdoors thanks to Uncle Sam. No wonder China wants to design & build their own chips!
Anyone who thinks Intel CPU's don't have backdoors... is fucking stupid. AMD... same, yet perhaps a slightly lesser form of corporate insidiousness. Same for all cell phone CPUs and baseband processors. Even "open" ARM and "closed" Apple cores are fully questionable. Cisco products... fuck all backdoored. Same for every Cable / DSL / Fiber / WiFi Modem / Router / Point. IBM Power9... yep, gonna be some secrets in there too.
Anything with any sort of CPU running any sort of OS... backdoored. Doesn't matter where or who it comes from or who it's made for... China... backdoored. Boeing... backdoored.
Only interesting thing is who has the keys.
As said before, you must demand and create...
#OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz
You have zero trust until those happen. ZERO.
That 20 key dimestore calculator on your desk isn't backdoored. If you're lucky.
Publishing the backdoors in Intel's products, and all the others... makes a fine AP crowdfund target. Because the Wikileaks model so far either didn't get or hasn't published the scoop.