AMD Doubles Down on Previous Spectre and Meltdown Statments

Discussion in '[H]ard|OCP Front Page News' started by Kyle_Bennett, Jan 11, 2018.

  1. Kyle_Bennett

    Kyle_Bennett El Chingón Staff Member

    Messages:
    50,513
    Joined:
    May 18, 1997
    Undoubtedly there has been some loose talk about Meltdown and Spectre and its impacts on AMD CPUs. AMD just sent this over as it wants to be perfectly clear on its position on these threats.

    We have seen some initial stories with a couple of inaccuracies so want to make sure we are being perfectly clear.

    * There is no change to AMD’s position on our susceptibility to GPZ Variant 1 or GPZ Variant 2 (collectively called Spectre in many news reports).
    * The update in relation to Variant 2 is that even though Variant 2 has not been demonstrated to work on AMD products due to differences in our micro architecture, out of an abundance of caution we are making optional micro code updates available to further contain the threat.

    Again, to make it perfectly clear we have not changed our statement erlated to our susceptibility to Variant 2. Let me know if you have questions or need additional details.




    These are Mark Papermaster's previous statements to refresh your memory.


    An Update on AMD Processor Security

    The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.

    At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.
    ** Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
    * We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
    * Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.
    * Linux vendors are also rolling out patches across AMD products now.
    ** GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
    *While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
    * AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
    *Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.
    ** GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
    * We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.

    There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats.

    We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.

    Mark Papermaster,
    Senior Vice President and Chief Technology Officer


    Discussion
     
    F.E.A.R., c3k, DigitalGriffin and 7 others like this.
  2. ng4ever

    ng4ever Flaccid 4Evar

    Messages:
    708
    Joined:
    Feb 18, 2016
    Interesting!
     
    griff30 likes this.
  3. Daarken

    Daarken [H]Lite

    Messages:
    77
    Joined:
    Jan 3, 2006
    So he called out the Fake News on AMD it seems.
     
    John721, Brutos, Wierdo and 6 others like this.
  4. RealBeast

    RealBeast Limp Gawd

    Messages:
    347
    Joined:
    Aug 4, 2010
    So will Windows 10 determine that you have an AMD processor and not load its update? Thought not. :confused:
     
    lostin3d likes this.
  5. Jim Kim

    Jim Kim 2[H]4U

    Messages:
    2,153
    Joined:
    May 24, 2012
    And if you're running an incompatible anti-vir program it will go ahead and reboot your system without warning so the bricking can commence even moar faster.
     
    lostin3d likes this.
  6. mesyn191

    mesyn191 2[H]4U

    Messages:
    2,838
    Joined:
    Jun 28, 2004
    Actually it can. Assuming MS doesn't screw something up. Software can always check the CPU type.

    Also AMD, Intel, MS, and all the OEM's know that people rarely update their BIOS's so Intel/AMD provide means for the OS (can be Windows, Linux, whatever) to load updated microcode for the CPU after the PC finishes booting and the BIOS hands off control to the OS. They've been doing that for years if not decades now.

    By installing the latest BIOS yourself though the OS won't have to do that and have more security/performance (either can happen with new microcode) during the boot process too so its still a good idea to always update your BIOS.
     
  7. heatlesssun

    heatlesssun Pick your own.....you deserve it.

    Messages:
    47,483
    Joined:
    Nov 5, 2005
    Huh? AMD just said that there is an impact here on AMD processors and that they are working with Linux developers, not just Microsoft.
     
  8. Revdarian

    Revdarian 2[H]4U

    Messages:
    2,281
    Joined:
    Aug 16, 2010
    Susceptible to spectre, just like every other modern cpu including arm, spectre is waaaaaaaaaay harder to use and is "slower", still yeah they are patching it.

    Meltdown is the biggie in every way, threat wise and performance wise, this is a problem for Intel and some models of ARM processors.
     
    Vader1975 and Johan Steyn like this.
  9. Elf_Boy

    Elf_Boy [H]ard|Gawd

    Messages:
    1,957
    Joined:
    Nov 16, 2007
    The media just doesnt seem to understand... Er Pardon Kyle, the MAIN STREAM, not computer literate media, is clueless about Intel v AMD and dont get they are different or that a company other then Intel makes CPUs for home computers.
     
  10. SixFootDuo

    SixFootDuo [H]ardness Supreme

    Messages:
    4,438
    Joined:
    Oct 5, 2004
    Well the good news is that the 9700K and 2nd Gen Zen CPU's should be free of all of these issues regardless is good enough for me.

    Main media never gets anything right.

    Anytime there is a settlement/fine to someone/corporation, I swear, one news outlet has it at 50 million, the other, 30 million. You can find these types of discrepancies all over the news outlets if you pay attention.

    The media does this with all their data.

    Glad to see AMD making the effort to keep the record straight.
     
  11. sirmonkey1985

    sirmonkey1985 [H]ard|DCer of the Month - July 2010

    Messages:
    20,048
    Joined:
    Sep 13, 2008
    what he meant was that windows ignores the cpu code(which is part of the mandatory statistics sent back to microsoft so there's no excuse for that) and downloads and installs the patch no matter what processor you have thus the issue amd athlon 64's ran into.. either way the problem is microsofts half ass lazy coding they've always been known for.
     
    Brutos, Pieter3dnow and Johan Steyn like this.
  12. Tyns

    Tyns Limp Gawd

    Messages:
    312
    Joined:
    Sep 28, 2010
    So they don’t have the problem but they’re issuing a performance hindering fix for the non-problem?
     
    Shintai likes this.
  13. Shintai

    Shintai [H]ardness Supreme

    Messages:
    5,717
    Joined:
    Jul 1, 2016
    I doubt you see a CPU free of this the next decade. The current only solution is to use slower in order designs that rely more on compilers. And the only known performance CPU in this area is Itanium.
     
  14. OrangeKhrush

    OrangeKhrush [H]ard|Gawd

    Messages:
    1,288
    Joined:
    Dec 15, 2016
    Windows does not apply patches to kernal with any brand in mind, it is blanket so what they patch will apply to Intel and AMD equally, MS don't actually care how it affects each system.
     
  15. Shintai

    Shintai [H]ardness Supreme

    Messages:
    5,717
    Joined:
    Jul 1, 2016
    The OS patch is just one of 2 components needed. Microcode is the second and now AMD is funny enough supplying this. So then you can retest Zen systems etc and see what performance impact is there. But waiting as long as possible and call it optional makes 3rd party benching of it less likely within the newsworthy timeframe.
     
  16. OrangeKhrush

    OrangeKhrush [H]ard|Gawd

    Messages:
    1,288
    Joined:
    Dec 15, 2016
    AMD has been running microcodes updates since March 2 2017, kind of not really a surprise.
     
  17. OrangeKhrush

    OrangeKhrush [H]ard|Gawd

    Messages:
    1,288
    Joined:
    Dec 15, 2016
    Last I saw it was maybe it can happen but we are confident it is unlikely, kind of the reason why there are no Zen reviews on the subject, and it is not like you can't just buy one an test it out either. the lack of articles on it seem to suggest that AMD are pretty confident with their position.
     
  18. Johan Steyn

    Johan Steyn n00bie

    Messages:
    49
    Joined:
    Dec 1, 2016

    Are you not on earth? Do you also fall prey to manipulation and fake news like most?

    AMD never said that they are immune to Variant 2, they said that there are a near zero chance of exploiting it and that it has not been shown on AMD CPU's. This is still the case and nothing has changed on that statement.

    They are doing the logical thing to do. Near zero is not zero, so patch it anyway before someone finds a way to exploit it. Spectre does not have the same performance issues as Meltdown, that the real problem for performance.

    Since you know the performance impact that this patch has on AMD CPU's, please share it with us...
     
    John721 likes this.
  19. Johan Steyn

    Johan Steyn n00bie

    Messages:
    49
    Joined:
    Dec 1, 2016
    Seriously. Please listen to yourself. Please show me where AMD said that their CPU's are 100% unaffected by variant 2? Maybe I missed them saying that. They said near zero. Is near zero, zero? They are just patching that might be an issue in the future and is not taking chances. For now it is not an issue, but who knows what might happen in the future.
     
  20. Johan Steyn

    Johan Steyn n00bie

    Messages:
    49
    Joined:
    Dec 1, 2016
    Another ignorant person. Please show me where AMD said that their CPU's are 100% not affected. Do you know what near zero means? It does not mean 100%, does it? Seriously...

    They still hold to the point that it is near zero, so how has this changed?
     
    Pieter3dnow likes this.
  21. Johan Steyn

    Johan Steyn n00bie

    Messages:
    49
    Joined:
    Dec 1, 2016
    Since you are so wise, please show us the benchmarks of this. I am not saying it will not make an impact, but we know Meltdown is the real problem, in which AMD is not affected. If your car has a .001% chance of exploding and there is a fix to prevent it, would you apply it?

    So if AMD said that their CPU's have a near zero chance of being hacked and they then decide to patch it, they are being dishonest? From where are you really? Do you work for Intel?
     
  22. Johan Steyn

    Johan Steyn n00bie

    Messages:
    49
    Joined:
    Dec 1, 2016
    It is all manipulation for stock prices. We live in a sad world.
     
  23. OrangeKhrush

    OrangeKhrush [H]ard|Gawd

    Messages:
    1,288
    Joined:
    Dec 15, 2016
    You seem confused padawan, MS imposed a OS patch that is a blanket patch without repercussions to effects on performance. AMD/INTEL are responsible for ucode fixes that mitigate that effect.
     
  24. JustReason

    JustReason razor1 is my Lover

    Messages:
    2,497
    Joined:
    Oct 31, 2015
    proof? For poor documentation.
     
  25. -PK-

    -PK- [H]ard|Gawd

    Messages:
    1,772
    Joined:
    Aug 6, 2004
    This page used to say that Microsoft was provided incorrect documentation by AMD about how some of their cpus and chipsets operate. Then they updated their page and removed that part of the official response. Still, you would think that they would've tested it. https://support.microsoft.com/en-us...urity-update-block-for-some-amd-based-devices

    Here's a cached version https://webcache.googleusercontent....some-amd-based-devi+&cd=1&hl=en&ct=clnk&gl=us
     
    Last edited: Jan 12, 2018
    JustReason likes this.
  26. bb_forrest

    bb_forrest n00bie

    Messages:
    24
    Joined:
    Mar 1, 2017
    Guys, don't engage with Shintai when it comes to AMD, he has an almost pathological hatred of the company and cannot accept that they do anything right.

    I'd love to know why this is.
     
    thesmokingman likes this.
  27. Pieter3dnow

    Pieter3dnow [H]ardness Supreme

    Messages:
    5,272
    Joined:
    Jul 29, 2009
    It stems more or less from the time AMD used to make Intel cpu and people calling x86 processors clones it goes way back. Many do not realize that AMD is the one with the 64 bit lead where Intel more or less "copied" AMD and because the most coverage goes to Intel what they are saying is gospel for the press there are only a few websites (compared to the masses that tend to be dead wrong) that really know what they are talking about regarding this whole subject.
    Did your new years resolution start with "must make the most amount of baseless claims on the www"?

    Because you are striking out pretty much on every security topic I seen you post on the PSP stuff you posted in both Intel and AMD forums and now this, where do you get all of your "knowledge" from if so I would like valid links from atleast people who would know a lot more on the subject ..
     
  28. Vader1975

    Vader1975 Limp Gawd

    Messages:
    476
    Joined:
    May 11, 2016
    Thanks for clearing that up.
     
  29. DigitalGriffin

    DigitalGriffin 2[H]4U

    Messages:
    4,083
    Joined:
    Oct 14, 2004
    If you look at the scope of total eco systems they are responsible for, their patch process is actually pretty damn good. No other vender does better with maybe the exception of Apple because Apple has a very limited CLOSED eco-system of products.
     
  30. SixFootDuo

    SixFootDuo [H]ardness Supreme

    Messages:
    4,438
    Joined:
    Oct 5, 2004
    I have a very hard time believing this.

    Check out AMD Ryzen's Wiki Page .... that's a from scratch CPU design that was started in 2012. But you would have us believe Intel cannot fix this? That it would take a decade?

    riiiiiiiiiiiiiiight .............
     
  31. DigitalGriffin

    DigitalGriffin 2[H]4U

    Messages:
    4,083
    Joined:
    Oct 14, 2004
    All they have to do is add a bounds check to the speculative address. Now if it's a physical fault of the L1 cache due to something like ROWHAMMER that corrupts jump addresses, then the L1 cache will have to be redesigned.
     
  32. legcramp

    legcramp [H]ardForum Junkie

    Messages:
    10,615
    Joined:
    Aug 16, 2004
    You must be new here... Meet Shintel.