[TUHS] Re: Question about BSD disklabel history

["Theodore Ts'o" <tytso@mit.edu>]

On Wed, Jan 03, 2024 at 10:56:14AM -0500, Dan Cross wrote:
> Sadly the situation is even more complex than this.
> 
> Consider AMD's EPYC processors: before the x86 cores start up, the PSP
> (Platform Security Processor) starts up and does a lot of
> pre-pre-initialization: it does DRAM timing training, for instance.
> It's also responsible for loading the x86 payload out of the local
> flash and setting up the x86 environment so that when those cores come
> out of reset, they're running whatever was loaded (for instance, they
> can load %cs on the BSC so that it starts somewhere other than the
> architecturally-defined segment right below 4GiB). While cool in some
> ways ("I don't have to train DRAM? Score!") the PSP is embedded in the
> SoC and the firmware is a signed blob you get from AMD. I know there's
> an ARM Cortex-A5 in there, but don't know much more about it and even
> if I did, I have no way to generate signed images for it. :-/
> 
> The point is, even if you've got a completely open stack running on
> x86 from the reset vector, there's almost certainly something else
> somewhere that's not open (yet).

Or there's something running on a completely different x86 core with
unpatched securiy bugs in the Minix and Apache cores that you can't
even disable (unless you are the National Security Agency)....  Sadly,
Intel refuses to make it available the magic bits to disable the Intel
ME to anyone else.  :-(

     	     	     	     	 	  	   - Ted