This Turing Award Winners talk is quite insigtful. Full title: "A New Golden Age for Computer Architecture: Domain-Specific Hardware/Software Co-Design, Enhanced Security, Open Instruction Sets, and Agile Chip Development" The speakers are key figures in the RISC revolution. John L. Hennessy and David A. Patterson <https://www.acm.org/hennessy-patterson-turing-lecture> Note: they mean that it is a golden age for researchers. Not so good for users.
On Sun, Aug 12, 2018, 12:38 PM D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
This Turing Award Winners talk is quite insigtful.
Full title: "A New Golden Age for Computer Architecture: Domain-Specific Hardware/Software Co-Design, Enhanced Security, Open Instruction Sets, and Agile Chip Development"
The speakers are key figures in the RISC revolution. John L. Hennessy and David A. Patterson
<https://www.acm.org/hennessy-patterson-turing-lecture>
Note: they mean that it is a golden age for researchers. Not so good for users.
Interesting stuff thanks. I just came across this info on the hidden RISC in VIA chipsets now aka the rosenbridge backdoor. Apparently it was discovered by reading through some linked patent records. He has fuzzy tools so you can check your own hardware. Some wag deemed it a "ring 4" exploit. https://github.com/xoreaxeaxeax/rosenbridge The rosenbridge backdoor is a small, non-x86 core embedded alongside the main x86 core in the CPU. It is enabled by a model-specific-register control bit, and then toggled with a launch-instruction. The embedded core is then fed commands, wrapped in a specially formatted x86 instruction. The core executes these commands (which we call the 'deeply embedded instruction set'), bypassing all memory protections and privilege checks. ---
Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 08/12/2018 01:26 PM, Russell Reiter via talk wrote:
Some wag deemed it a "ring 4" exploit.
Many years ago, I was a computer tech, working on a variety of systems, including the VAX 11/780 and Data General Eclipse. Both of those had a writable control store and the VAX even loaded it's microcode from a floppy at boot. One ot the things I had to do, when repairing Eclipse computers was work my way through the microcode, using a very large listing and a logic probe, along with the microstep switch on the front panel. The Eclipse used 4 AMD 4 bit slice processors and, IIRC, over 100 bits wide ROM to contain the instruction set. With the WCS, I expect it would be fairly easy to insert malware.
On Sun, Aug 12, 2018, 1:44 PM James Knott via talk <talk@gtalug.org> wrote:
On 08/12/2018 01:26 PM, Russell Reiter via talk wrote:
Some wag deemed it a "ring 4" exploit.
Many years ago, I was a computer tech, working on a variety of systems, including the VAX 11/780 and Data General Eclipse. Both of those had a writable control store and the VAX even loaded it's microcode from a floppy at boot. One ot the things I had to do, when repairing Eclipse computers was work my way through the microcode, using a very large listing and a logic probe, along with the microstep switch on the front panel. The Eclipse used 4 AMD 4 bit slice processors and, IIRC, over 100 bits wide ROM to contain the instruction set. With the WCS, I expect it would be fairly easy to insert malware.
Thats an interesting paradigm shift. Searching through the physical setup using logic tools old school, vs new school; searching through patent records just to be able to find the hardware.
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
participants (3)
-
D. Hugh Redelmeier -
James Knott -
Russell Reiter