God Mode Backdoors, AP Crowdfund vs Wikileaks Models
https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU, security researcher Christopher Domas told the Black Hat conference here Thursday (Aug. 9).
"This is really ring -4," he said. "It's a secret, co-located core buried alongside the x86 chip. It has unrestricted access to the x86."
"These black boxes that we're trusting are things that we have no way to look into," he said. "These backdoors probably exist elsewhere."
Mode enabled by default. You can reach it from userland. Antivirus software, ASLR and all the other security mitigations are useless."
On Tue, Aug 14, 2018 at 10:52 AM, Henry Baker <hbaker1@pipeline.com> wrote:
Why do we even bother encrypting, when our chips are so corrupt?
This article strengthens my belief that *all* of our current chips have hidden backdoors thanks to Uncle Sam. No wonder China wants to design & build their own chips!
Anyone who thinks Intel CPU's don't have backdoors... is fucking stupid. AMD... same, yet perhaps a slightly lesser form of corporate insidiousness. Same for all cell phone CPUs and baseband processors. Even "open" ARM and "closed" Apple cores are fully questionable. Cisco products... fuck all backdoored. Same for every Cable / DSL / Fiber / WiFi Modem / Router / Point. IBM Power9... yep, gonna be some secrets in there too. Anything with any sort of CPU running any sort of OS... backdoored. Doesn't matter where or who it comes from or who it's made for... China... backdoored. Boeing... backdoored. Only interesting thing is who has the keys. As said before, you must demand and create... #OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz You have zero trust until those happen. ZERO. That 20 key dimestore calculator on your desk isn't backdoored. If you're lucky. Publishing the backdoors in Intel's products, and all the others... makes a fine AP crowdfund target. Because the Wikileaks model so far either didn't get or hasn't published the scoop.
I am told, by a very involved developer in this field, that these concerns are a bit overhyped, limited to now outdated Via C3 CPUs. On Wed, Aug 15, 2018, 12:15 AM grarpamp <grarpamp@gmail.com> wrote:
https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU, security researcher Christopher Domas told the Black Hat conference here Thursday (Aug. 9).
"This is really ring -4," he said. "It's a secret, co-located core buried alongside the x86 chip. It has unrestricted access to the x86."
"These black boxes that we're trusting are things that we have no way to look into," he said. "These backdoors probably exist elsewhere."
Mode enabled by default. You can reach it from userland. Antivirus software, ASLR and all the other security mitigations are useless."
On Tue, Aug 14, 2018 at 10:52 AM, Henry Baker <hbaker1@pipeline.com> wrote:
Why do we even bother encrypting, when our chips are so corrupt?
This article strengthens my belief that *all* of our current chips have hidden backdoors thanks to Uncle Sam. No wonder China wants to design & build their own chips!
Anyone who thinks Intel CPU's don't have backdoors... is fucking stupid. AMD... same, yet perhaps a slightly lesser form of corporate insidiousness. Same for all cell phone CPUs and baseband processors. Even "open" ARM and "closed" Apple cores are fully questionable. Cisco products... fuck all backdoored. Same for every Cable / DSL / Fiber / WiFi Modem / Router / Point. IBM Power9... yep, gonna be some secrets in there too.
Anything with any sort of CPU running any sort of OS... backdoored. Doesn't matter where or who it comes from or who it's made for... China... backdoored. Boeing... backdoored.
Only interesting thing is who has the keys.
As said before, you must demand and create...
#OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz
You have zero trust until those happen. ZERO.
That 20 key dimestore calculator on your desk isn't backdoored. If you're lucky.
Publishing the backdoors in Intel's products, and all the others... makes a fine AP crowdfund target. Because the Wikileaks model so far either didn't get or hasn't published the scoop.
On 8/24/18, Steven Schear <schear.steve@gmail.com> wrote:
I am told, by a very involved developer in this field, that these concerns are a bit overhyped, limited to now outdated Via C3 CPUs.
Of course this anon developer will say that, they're either fiction, not in the loop, or an agent. And unless it's open, neither of you can prove that.
#OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz You have zero trust until those happen. ZERO.
Publishing the backdoors in Intel's products, and all the others... makes a fine AP crowdfund target. Because the Wikileaks model so far either didn't get or hasn't published the scoop.
Until, as Andrew "Bunnie" Hwang has written, we have fully OS CPUs and SoCs (including the pre-boot code which is still proprietary for even otherwise open designs) we can't even begin to trust them. On Sun, Aug 26, 2018, 12:22 AM grarpamp <grarpamp@gmail.com> wrote:
On 8/24/18, Steven Schear <schear.steve@gmail.com> wrote:
I am told, by a very involved developer in this field, that these concerns are a bit overhyped, limited to now outdated Via C3 CPUs.
Of course this anon developer will say that, they're either fiction, not in the loop, or an agent.
And unless it's open, neither of you can prove that.
#OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz You have zero trust until those happen. ZERO.
Publishing the backdoors in Intel's products, and all the others... makes a fine AP crowdfund target. Because the Wikileaks model so far either didn't get or hasn't published the scoop.
On 8/30/18, Steven Schear <schear.steve@gmail.com> wrote:
fully OS CPUs and SoCs (including the pre-boot code which is still proprietary for even otherwise open designs)
No, if the CPUs were truly open, proprietary boot code would be completely mooted just write your own to spec. Only stupid sheep and order takers would continue using closed shit. Yes there are no truly open CPUs, nor open Fabs, that's the problem. It's easily fixable, and extremely profitable for the first players to do it.
The pre-boot code cannot be created from only the specification. It is often the single place where the many variances found during manufacture that roll-up erratas and internal memos by the manufacturer and fab. On Wed, Aug 29, 2018 at 10:09 PM grarpamp <grarpamp@gmail.com> wrote:
On 8/30/18, Steven Schear <schear.steve@gmail.com> wrote:
fully OS CPUs and SoCs (including the pre-boot code which is still proprietary for even otherwise open designs)
No, if the CPUs were truly open, proprietary boot code would be completely mooted just write your own to spec. Only stupid sheep and order takers would continue using closed shit.
Yes there are no truly open CPUs, nor open Fabs, that's the problem. It's easily fixable, and extremely profitable for the first players to do it.
participants (2)
-
grarpamp -
Steven Schear