[HN Gopher] Trustworthy Computing in 2021
___________________________________________________________________
Trustworthy Computing in 2021
Author : hasheddan
Score : 93 points
Date : 2021-10-20 11:05 UTC (11 hours ago)
(HTM) web link (ariadne.space)
(TXT) w3m dump (ariadne.space)
| blueflow wrote:
| Is the author the same person that talks about Inclusivity, and
| then posts screencaps of other people they are having
| disagreements with to twitter, for their followers to sneer at?
| [1]
|
| Is this the same person who uses the departure of a developer as
| a reason to "fix" a community [2], when the mailmap of one of
| their projects shows they are referring to their own faked
| departure? [3]
|
| This stuff doesn't make the Alpine Linux project look good. I
| totally see that its very rude to attack a person like this, but
| i think its abusive behavior and needs to be called out.
|
| [1] https://twitter.com/ariadneconill/status/1445586541040979971
|
| [2] https://ariadne.space/2021/08/08/on-the-topic-of-
| community-m...
|
| [3]
| https://github.com/pkgconf/pkgconf/commit/c7c3ddbfcf67a1b46d...
| hyperstar wrote:
| What was the thing that detracted from the corebooted Thinkpad's
| trustworthiness?
| rangerdan wrote:
| Corebooted Thinkpads are the gold standard. Don't listen to
| this article - it's utter nonsense - the author even recommend
| Libreboot which is effectively abandonware barely maintained by
| one unstable individual.
| hyperstar wrote:
| The machines that get 5/5, do they have open hardware? I heard
| somewhere that there's this thing called microcode that resides
| in the processor and could contain backdoors. Is that taken into
| account here?
| tenebrisalietum wrote:
| It's not.
|
| Microcode (insofar as how the term is used for x86/AMD)
| controls the operation of the CPU itself and the implementation
| of certain CPU instructions that aren't hardwired. It's too
| low-level to do things on its own like send a copy of RAM
| through a network adapter, etc.
|
| Nonetheless, if you could manage to reverse engineer the
| microcode (which is likely different per CPU manufacturer and
| microarchitecture), and decrypt it (I do know AMD's microcode
| was not encrypted for a time, but is now), you could probably
| alter the behavior of some CPU instructions. Maybe you could
| manipulate some CPU instructions into allowing code to be
| executed where it wouldn't previously be executed, e.g.
| ignoring privilege checks, etc. and maybe you could do it
| without introducing side effects and causing existing code to
| misbehave or crash.
|
| However it's a thousand times easier to modify the actual code
| the CPU is executing from RAM somehow - through OS
| vulnerabilities, etc. Any CPU code is either going to be
| running in kernel mode with full privileges or eventually
| interacting with code that does through some sort of interface.
| Operating system code is either available (open source) or
| widely distributed (Windows). Modern software development is
| further and further abstracted away from real hardware with
| ever increasing layers which are also either open source or
| widely distributed.
|
| The possibility for finding human error somewhere in this
| scheme is vastly more likely to produce useful vulnerabilities
| - not the CPU microcode which is completely unknown,
| undocumented, encrypted, changes which each CPU, and updates
| thereof provided by the manufacturer.
| guerrilla wrote:
| None of it is open hardware but some of it has been reverse
| engineered. I know some x86 CPU's have had their microcode
| reverse engineered, starting with the 8086 but also AMD's K8
| and K10. There are lots of die photos of the 486DX chips and a
| patent says the microcode was pretty small (only 250 "lines",
| 12kbits.) About the POWER CPUs I have no idea. They're RISC so
| do they even have microcode?
| [deleted]
| joe_the_user wrote:
| What would be a trustworthy motherboard to use to build a solid
| machine learning system, with a budget of say $5-10K?
| nine_k wrote:
| A Talos workstation?
|
| But the question is moot because GPUs have proprietary
| firmware, and NVidia drivers that give you CUDA are also
| closed-source.
|
| Maybe air-gapping your sensitive machines is a more viable
| approach for ML.
| ilaksh wrote:
| Weird to me that more people are not working on Redox OS in this
| context.
| guerrilla wrote:
| Why would that be necessary? They can if they want, I'm excited
| about Redox too, but Linux and the GNU ecosystem is already
| free software.
| rangerdan wrote:
| Stopped reading at "Macbook is ... as trustworthy as the
| Libreboot ThinkPad". Anyone who trusts closed source,
| proprietary, for-profit platforms from PRISM partners doesn't
| know what they're talking about.
| ariadneconill wrote:
| Strictly from a hardware POV. That wasn't intended to be praise
| for Apple, but rather an indictment of the industry at large
| that Apple designed hardware that is easier to extend trust to.
| ece wrote:
| How would the HiFive Unmatched stack up here? Seems like it would
| do rather well:
|
| https://starfivetech.com/uploads/hifive-unmatched-sw-referen...
|
| https://sifive.cdn.prismic.io/sifive/28560457-c5a4-4f88-866c...
| ariadneconill wrote:
| It would, but I don't have an Unmatched board so I didn't
| evaluate it.
|
| Same reason why I did not mention the Pine64 stuff: I don't own
| any of it.
| guerrilla wrote:
| It's great to see that more people are still working on this and
| that people have an interest.
|
| If you are interested in this kind of thing, then you'll also
| want to check out LibreBoot[1] and Bootstrappable Builds[2]. The
| latter is working with stage0 [3] and mes [4] to bootstrap Guix
| (among other projects.) All of that is further down the chain,
| but we'll need it if we want to build trustworthy systems.
|
| 1. https://libreboot.org/
|
| 2. https://www.bootstrappable.org
|
| 3. https://github.com/oriansj/stage0/
|
| 4. https://www.gnu.org/software/mes/
| matheusmoreira wrote:
| Wish modern hardware had better support for this. I don't think
| I'll ever trust their proprietary firmwares. The problem is
| becoming so widespread. All kinds of peripherals have firmware
| now. Who knows what they're doing. Did that storage device
| really delete the data or is it just pretending? Only way to be
| sure is to physically destroy the device.
| tenebrisalietum wrote:
| > Only way to be sure is to physically destroy the device.
|
| Or ... never write unencrypted data to the device.
| matheusmoreira wrote:
| Yeah, that was my solution as well. It's much easier to
| destroy a small secret key than terabytes of data.
| kragen wrote:
| Especially with N-of-M secret sharing.
| galcerte wrote:
| I thought something along these lines when it comes to
| peripherals, too, but don't these (mice and keyboards
| chiefly) communicate with PCs through a subset of the USB
| standard which only handles HID and nothing else?
|
| Would any snooping be possible through an input device if it
| only did HID?
| matheusmoreira wrote:
| > PCs through a subset of the USB standard which only
| handles HID and nothing else?
|
| Yes. Is the device truly limited to doing just that,
| though? No way to know. I don't know enough electronics to
| tear it down and analyze its parts, much less dump firmware
| and reverse engineer it.
|
| >Would any snooping be possible through an input device if
| it only did HID?
|
| For all I know, it could be silently storing every
| keystroke in some small memory module hidden somewhere.
| roywiggins wrote:
| We had that problem with PS/2 keyboards too, you can buy
| hardware keyloggers for those.
| nimbius wrote:
| conspicuously, infuriatingly absent:
|
| https://www.pine64.org/
|
| https://puri.sm/
| jonchang wrote:
| This article appears to be focused on laptops, desktops, and
| servers, and the author uses the term "system" to collectively
| refer to these. If this really is "infurating" (and you're not
| just using the term to be hyperbolic) then I think recognizing
| that sometimes blog authors write about topics that are more
| specific or have a different focus than you'd prefer would help
| calm you down a bit.
| mepian wrote:
| The pine64 page has laptops, e.g.
| https://www.pine64.org/pinebook/
| ariadneconill wrote:
| I was only evaluating hardware I actually own. I don't own any
| of the PINE64 SBCs or laptops. And while I have a PinePhone, I
| rarely use it, it sits in my junk drawer basically.
___________________________________________________________________
(page generated 2021-10-20 23:01 UTC)