From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 31353 invoked from network); 3 Jan 2024 16:37:18 -0000
Received: from minnie.tuhs.org (2600:3c01:e000:146::1)
  by inbox.vuxu.org with ESMTPUTF8; 3 Jan 2024 16:37:18 -0000
Received: from minnie.tuhs.org (localhost [IPv6:::1])
	by minnie.tuhs.org (Postfix) with ESMTP id 0688C43EB9;
	Thu,  4 Jan 2024 02:37:14 +1000 (AEST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
	by minnie.tuhs.org (Postfix) with ESMTPS id C645443EB6
	for <tuhs@tuhs.org>; Thu,  4 Jan 2024 02:37:08 +1000 (AEST)
Received: from cwcc.thunk.org (pool-173-48-116-86.bstnma.fios.verizon.net [173.48.116.86])
	(authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
	by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 403Gb0DB015982
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 3 Jan 2024 11:37:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing;
	t=1704299822; bh=N8f9wqCILtZbs2SqlddwmG0l8f6ymx/+fwPPFpmzXkw=;
	h=Date:From:Subject:Message-ID:MIME-Version:Content-Type;
	b=b1/7F04xM4mk6cb82xiYpnqo/IsoCqzf6N2pHfOOLmoLV+h17wrZINeAx+x1pFEeF
	 wZKDSOoclvTYBRx4FDmqnrSeuGPEXaHnwkGQP4y3FAcTz0RqZrUYi9nnb893P9uyH/
	 Vkoa74N3XqBvHtR7FOwoR7Anc2bhVFHjmFTXCqCgMEJGoGdnZdcTWc0vhmRcwpYiiJ
	 9cZhCPBx/d9rCpBqqrJ9mB1w/07fhFSDFD0fBlxArRgvohxlfRB8YVxofZmOo0XZ4J
	 aNQlwimRVomydZaSE52LJiZ7yqaEfE5YFVysqykwlBO5vowgakG9ERDjh2Ob5Tzs2C
	 +G0B9e9tBsO9Q==
Received: by cwcc.thunk.org (Postfix, from userid 15806)
	id A608F15C17F9; Wed,  3 Jan 2024 11:37:00 -0500 (EST)
Date: Wed, 3 Jan 2024 11:37:00 -0500
From: "Theodore Ts'o" <tytso@mit.edu>
To: Dan Cross <crossd@gmail.com>
Message-ID: <20240103163700.GA136592@mit.edu>
References: <6470c59f-a1e5-418f-803d-76bcd761f530@tnetconsulting.net>
 <CAC20D2My_R8mmuV3kgApdW2WZOBBuHzmOpzKDxKx=ZaNgmmVZw@mail.gmail.com>
 <20231231224649.h45pogxycgkgs673@illithid>
 <20231231230615.GE19322@mcvoy.com>
 <CAEoi9W7VAsQaXGc5YCFQ8m=WcYPyNvsL0dnDdt-fjp8EgLxygw@mail.gmail.com>
 <20240103033345.GA108362@mit.edu>
 <CANCZdfr7Z=dhW2i9izv4hi69Sigh=6tB05_gksmcZcvf3RDDcA@mail.gmail.com>
 <20240103043036.GB108362@mit.edu>
 <CANCZdfq8Z3tqmnBZVc=VrohhOrBy3Am2aurGTb6xNuwSyCNvpw@mail.gmail.com>
 <CAEoi9W4033qf7krHEvdBV1ZasLdp2DiLO8CX6x_kYZuw=041dQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAEoi9W4033qf7krHEvdBV1ZasLdp2DiLO8CX6x_kYZuw=041dQ@mail.gmail.com>
Message-ID-Hash: POK4DRDOC4YSDJMO4YTLZOTKVPETQCP2
X-Message-ID-Hash: POK4DRDOC4YSDJMO4YTLZOTKVPETQCP2
X-MailFrom: tytso@mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The Unix Heritage Society <tuhs@tuhs.org>
X-Mailman-Version: 3.3.6b1
Precedence: list
Subject: [TUHS] Re: Question about BSD disklabel history
List-Id: The Unix Heritage Society mailing list <tuhs.tuhs.org>
Archived-At: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/message/POK4DRDOC4YSDJMO4YTLZOTKVPETQCP2/>
List-Archive: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/>
List-Help: <mailto:tuhs-request@tuhs.org?subject=help>
List-Owner: <mailto:tuhs-owner@tuhs.org>
List-Post: <mailto:tuhs@tuhs.org>
List-Subscribe: <mailto:tuhs-join@tuhs.org>
List-Unsubscribe: <mailto:tuhs-leave@tuhs.org>

On Wed, Jan 03, 2024 at 10:56:14AM -0500, Dan Cross wrote:
> Sadly the situation is even more complex than this.
> 
> Consider AMD's EPYC processors: before the x86 cores start up, the PSP
> (Platform Security Processor) starts up and does a lot of
> pre-pre-initialization: it does DRAM timing training, for instance.
> It's also responsible for loading the x86 payload out of the local
> flash and setting up the x86 environment so that when those cores come
> out of reset, they're running whatever was loaded (for instance, they
> can load %cs on the BSC so that it starts somewhere other than the
> architecturally-defined segment right below 4GiB). While cool in some
> ways ("I don't have to train DRAM? Score!") the PSP is embedded in the
> SoC and the firmware is a signed blob you get from AMD. I know there's
> an ARM Cortex-A5 in there, but don't know much more about it and even
> if I did, I have no way to generate signed images for it. :-/
> 
> The point is, even if you've got a completely open stack running on
> x86 from the reset vector, there's almost certainly something else
> somewhere that's not open (yet).

Or there's something running on a completely different x86 core with
unpatched securiy bugs in the Minix and Apache cores that you can't
even disable (unless you are the National Security Agency)....  Sadly,
Intel refuses to make it available the magic bits to disable the Intel
ME to anyone else.  :-(

     	     	     	     	 	  	   - Ted