16

Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at this moment? Why? Have the patches achieved the objective? Personally, after the many security and privacy scandals published in the past year, my levels of information security and privacy paranoia have escalated.

forest
  • 64,616
  • 20
  • 206
  • 257
user3770060
  • 163
  • 1
  • 5
  • 1
    Possibly relevant - Black Hat conference talk on reverse engineering x86 instruction set and discovering that both Intel and AMD have a whole bunch of undocumented instructions shared across both. https://www.youtube.com/watch?v=KrksBdWcZgQ – razethestray Sep 06 '18 at 07:34
  • 1
    Was that Black Hat? I know there was a DEF CON talk on discovering undocumented instructions via timing attacks (and a previous DEF CON talk by the same guy, IIRC, about an x86 instruction fuzzer). Thankfully pretty much all of the dangerous undocumented instructions require CPL0, with the exception of a few silly ones that appear to be duplicates of existing unprivileged instructions. – forest Sep 06 '18 at 07:35
  • 1
    Was a Black Hat 2017 talk I think. He (Christopher Domas) has given several talks on the subject that I have seen. The scary thing for me is less to do with the ease of exploiting these instructions, more that two highly secretive competitors seem to have identical hidden instruction sets. – razethestray Sep 06 '18 at 07:40
  • 1
    Looks like same talk given at DEF CON 25 https://www.youtube.com/watch?v=ajccZ7LdvoQ – razethestray Sep 06 '18 at 07:40
  • See also [Do the Spectre and Meltdown CPU bugs affect AMD in addition to Intel?](https://security.stackexchange.com/questions/176703/do-the-spectre-and-meltdown-cpu-bugs-affect-amd-in-addition-to-intel), [Why are AMD processors less vulnerable to Meltdown and Spectre?](https://security.stackexchange.com/questions/177100/why-are-amd-processors-not-less-vulnerable-to-meltdown-and-spectre/177101#177101), [Do the Spectre and Meltdown CPU bugs affect AMD in addition to Intel?](https://security.stackexchange.com/questions/176703/do-the-spectre-and-meltdown-cpu-bugs-affect-amd-in-addition-to-intel) – Sjoerd Sep 06 '18 at 07:54

2 Answers2

10

They are both about equally terrible and still highly vulnerable to Spectre.

Unfortunately, you would have to have access to confidential design documents in order to even begin answering this question. From (quasi-privileged) anecdotal evidence, AMD used to be really bad with setting lock bits (MMIO/MSR defaults, if I recall correctly), whereas Intel puts a lot of effort into security. On the other hand, Intel has recently gotten rid of a lot of its security personnel and even outsourced the development of the ME to Israel instead of doing it in-house (for MEv11, I think).

In terms of architecture, they are quite different internally. I can't say whether or not the deep internal architecture (e.g. Intel using ports to send data to execution units, AMD using pipes) is relevant to security, but their co-processors are quite different. Intel uses its Management Engine (now called the Converged Security and Management Engine, or CSME) which, while bad, is not nearly as bad as people make it out to be (it actually does not have direct memory accessnote, at least not by default, for various reasons, though it does have access to VGA and PS/2). The CSME was previously an ARCompact processor running ThreadX, but is now an i486/i586 hybrid (basically a little x86 core) running Minix. AMD on the other hand uses the PSP (Platform Security Processor), an ARM-based core which, if I recall, has absolute access to everything, including memory. Unlike the AMD PSP, the Intel CSME can be disabled, as people have recently discovered.

In the end, CPU security, and hardware security in general, is a new and emerging field. Both Intel and AMD are pretty equally vulnerable to all Spectre-class attacks (the gift that keeps on giving!), even if Intel is uniquely affected by Meltdown. I would say that, overall, both Intel and AMD are really, really insecure on an architectural level. ARM less so, and MIPS less so still. Of course, as we go to the more secure CPUs, we also come with lesser capabilities and performance. I personally go with Intel, mainly because there tends to be more research into Intel processors, so discoveries and leaked datasheets are far more likely to come from them than from AMD. That doesn't mean I consider Intel to be more secure. x86 security in general? Hic sunt dracones.

forest
  • 64,616
  • 20
  • 206
  • 257
  • Any evidence for the security of MIPS? – this.josh Sep 06 '18 at 08:02
  • 3
    @this.josh It's just a simpler architecture with less gotchas embedded in the ISA, since it's RISC with a fixed instruction size and such. It's not that "it's secure" so much as "it's not as bad as x86". – forest Sep 06 '18 at 08:08
  • I completely DISAGREE with this answer. AMD did not cheat on by compromising security for gaining performance (like in the stated case). Much of the AMD code is open source and can be independently analyzed. What intel did is like allowing a login while having only half of the password correct. – Overmind Nov 20 '19 at 13:55
  • 1
    @Overmind AMD is open source? Say what? It's hardware, not software, and the HDL is 100% closed. – forest Nov 21 '19 at 09:59
2

An answer that maybe requires less technical knowledge:

Spectre was discovered in 2007.
Spectre is a vulnerability that is based upon the instruction set architecture (ISA) of x86 processors.
The architecture of processors has not changed too much in the last 20 years.[citation needed]
It was theoretically possible to discover Spectre in ~2010, but for a long time there was little focus on hardware security and hardware vulnerability exploitation.
If new AMD processors - which also have an x86 architecture - are built the same way, that older processors are built, it is very likely, that we will see new and/or similar vulnerabilities like Spectre.

This will only change if we see at least one of two things (but maybe we need both):

  1. vendor's awareness for hardware security
  2. a fundamental change in the ISA of modern processors
Tom K.
  • 7,913
  • 3
  • 30
  • 53
  • I don't think Spectre was an issue in 1995 (correct me if I'm wrong). The Pentium Pro only had very primitive speculative execution. – forest Sep 06 '18 at 08:48
  • 1
    You are correct - if the list of affected products by Intel really does include all affected products and not just the most recent ones. I could not find a source that claims an older processor is affected by Spectre. I edited the post accordingly. – Tom K. Sep 06 '18 at 09:52
  • 2
    Pentium had a very primitive speculative execution. Pentium Pro being a total redesign was the basis for Intel processors until Pentium 4 and the speculative execution was quite sophisticated. – Konrad Gajewski Sep 07 '18 at 02:43
  • 1
    Also, Spectre is not unique to x86 processors. Variants also affect ARM. – forest Sep 09 '18 at 01:14