From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 32102 invoked from network); 3 Jan 2024 16:42:43 -0000 Received: from minnie.tuhs.org (2600:3c01:e000:146::1) by inbox.vuxu.org with ESMTPUTF8; 3 Jan 2024 16:42:43 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id 12B0D43ED3; Thu, 4 Jan 2024 02:42:35 +1000 (AEST) Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) by minnie.tuhs.org (Postfix) with ESMTPS id 1E35343EC8 for ; Thu, 4 Jan 2024 02:42:31 +1000 (AEST) Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-2cd0d05838fso21231781fa.1 for ; Wed, 03 Jan 2024 08:42:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704300149; x=1704904949; darn=tuhs.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=msQSUZU8p63r+vnHFunNaz8lDO1tYnsOdnyBZ2T4mQA=; b=b8SrJjB6oRiWQhTVZBZNc92a4iD0H8STYC/22FJcz9bNwDy1J4EuPrVSxCf9AX+ryE 7D3Ts9Dven1XkhF9roKaZ4gEWze0j9QB/JlKnIOY8y/Wg/Zk9cuUj8rXqMzGs70mFEhJ 97NnRW+jAHpVCfmMQ0X7PWePIfAJDfWBnjJXYfEnPvULmTbd5s2SRmptXV8SvptXYkLS yCzTOPELu/w2qq15SiLajI2OeU857usM3S5HGNkyF+snFksTSUg/S4Yj+BOOpsbSv7yD 7J9uadUTow973UW0/kHDRecC7IhgPqgHIPAk4dHoLPYWT5+Bp+MAy0XcvTucQzPogJ+e qb4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704300149; x=1704904949; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=msQSUZU8p63r+vnHFunNaz8lDO1tYnsOdnyBZ2T4mQA=; b=X4sjEgwqM9DtAKCuDiVihMxh6xuA/+R9ih1dYYfG7Ij/QL883/YQqcqy3RqXaL7nj3 wyFsG/JLM2GcZVVYyj0DPkjg8xger2TV+vJTkOSqyBbdxsFI0F3CuCoxA5TPptr5DMPT sKdGga2EWmZ+cZesFjgnFMz0yJWCTgweiSi0rc4oDl99T4DjsC5vl8F3K4wZRipnRotU qulDwYf1yFFm3xzm2erSvsbGmUoRDhUP36pnlJfCaPGaTUvv3wX6clm5wLDY937Vqj6S YQQuNQaWYtReBWIk2Mh03g76WrbfrdKSZaQq84HNWzW4SoyGjJBAONHcm+lnoATc+JnD TsgQ== X-Gm-Message-State: AOJu0YxKdRvLm7yBV8VxULxsfcTfk3sls9nYjU4weLhvcHB9YyAkC9Nk Litcgk6yNfJyEn7R88NLtoscUBm/6N2mg1hHCCJU/Ka4 X-Google-Smtp-Source: AGHT+IElnQT84Qh0m4QoxidVRluNMZdfodwqcegoaLz2y4dHuh5yV13D0wK0AlKr8vNXWiQKHhe1wypD0KYmBljk4fc= X-Received: by 2002:a2e:9296:0:b0:2cc:d616:ff9b with SMTP id d22-20020a2e9296000000b002ccd616ff9bmr5271998ljh.46.1704300148781; Wed, 03 Jan 2024 08:42:28 -0800 (PST) MIME-Version: 1.0 References: <6470c59f-a1e5-418f-803d-76bcd761f530@tnetconsulting.net> <20231231224649.h45pogxycgkgs673@illithid> <20231231230615.GE19322@mcvoy.com> <20240103033345.GA108362@mit.edu> <20240103043036.GB108362@mit.edu> <20240103163700.GA136592@mit.edu> In-Reply-To: <20240103163700.GA136592@mit.edu> From: Dan Cross Date: Wed, 3 Jan 2024 11:41:52 -0500 Message-ID: To: "Theodore Ts'o" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Message-ID-Hash: MPXUY7MUQRMMMBHMVZ3EQMRISXHSSCFU X-Message-ID-Hash: MPXUY7MUQRMMMBHMVZ3EQMRISXHSSCFU X-MailFrom: crossd@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: The Unix Heritage Society X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] Re: Question about BSD disklabel history List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed, Jan 3, 2024 at 11:37=E2=80=AFAM Theodore Ts'o wrote= : > On Wed, Jan 03, 2024 at 10:56:14AM -0500, Dan Cross wrote: > > Sadly the situation is even more complex than this. > > > > Consider AMD's EPYC processors: before the x86 cores start up, the PSP > > (Platform Security Processor) starts up and does a lot of > > pre-pre-initialization: it does DRAM timing training, for instance. > > It's also responsible for loading the x86 payload out of the local > > flash and setting up the x86 environment so that when those cores come > > out of reset, they're running whatever was loaded (for instance, they > > can load %cs on the BSC so that it starts somewhere other than the > > architecturally-defined segment right below 4GiB). While cool in some > > ways ("I don't have to train DRAM? Score!") the PSP is embedded in the > > SoC and the firmware is a signed blob you get from AMD. I know there's > > an ARM Cortex-A5 in there, but don't know much more about it and even > > if I did, I have no way to generate signed images for it. :-/ > > > > The point is, even if you've got a completely open stack running on > > x86 from the reset vector, there's almost certainly something else > > somewhere that's not open (yet). > > Or there's something running on a completely different x86 core with > unpatched securiy bugs in the Minix and Apache cores that you can't > even disable (unless you are the National Security Agency).... Sadly, > Intel refuses to make it available the magic bits to disable the Intel > ME to anyone else. :-( ...and let's not even get started on SMM. :-( - Dan C.