Skip to main content

lemmy - Link to source

Europe built sovereign clouds to escape US control. Then forgot about the processors
Intel ME and AMD PSP: The silicon layer nobody certifies


About cloud sovereignty and the often-ignored and unknown on-CPU management engine running below the OS and BIOS.

The article is quite long; it explains how CPUs run firmware that can include remote management over the network, and can be running even when the OS is not. They can be vulnerable to supply chain attacks and firmware replacements. Because it's on hardware, the firmware with open security vulnerabilities is often not updated.

Regarding cloud, the French SecNumCloud is a framework for cloud infrastructure security requirements. It doesn't cover these hardware attack vectors specifically but may mitigate risks through surrounding practices and isolation.

In conclusion, even a cloud provider that meets SecNumCloud must be asked whether and how they manage CPU management engine attack vectors.


Europe built sovereign clouds to escape US control. Then forgot about the processors

Kim Loohuis (theregister)
#technology
in reply to Kissaki

HappyFrog
lemmy - Link to source
HappyFrog
Are there even any European companies that explore the usage of risc-v?
in reply to HappyFrog

greyscale
lemmy - Link to source
greyscale
The EU is tryin'...

Advancing European Sovereignty in HPC with RISC-V

Supported by EuroHPC JU funding, the DARE project launched to develop cutting-edge HPC hardware and software based on RISC-V, an open instruction set architecture poised to power exascale and post-exascale supercomputers.
European High-Performance Computing Joint Undertaking
in reply to greyscale

HappyFrog
lemmy - Link to source
HappyFrog
Damn, that's interesting, just wished they tried harder.
in reply to Kissaki

PrivateNoob
lemmy - Link to source
PrivateNoob
Good luck in trying to make a non-AMD or non-Intel x86 CPU. Maybe the chinese will find success in 10 years.
in reply to PrivateNoob

greyscale
lemmy - Link to source
greyscale

I dunno man, ARM and RISC-V are pretty dope.

It'd be nice if, say, ST would shit out a EU market RISC-V linux SoC akin to the CV1800B or SG2002 or BL808. But like, europe fabs.

in reply to greyscale

realitista
lemmy - Link to source
realitista
Would need a ton of investment but at least ASML is also a European company.
in reply to greyscale

Wahots
lemmy - Link to source
Wahots
Does Europe have fabs? Or are they purely reliant on Asia and the US fabs?
in reply to Kissaki

Feyter
lemmy - Link to source
Feyter
Why the heck do we have such a technology in CPUs?
in reply to Feyter

Kevin
lemmy - Link to source
Kevin
One usual use case is for IPMI-style server management, being able to remotely monitor and interact with the machine before even the BIOS is ready, so particularly more relevant to server deployments. For example, adjusting BIOS settings over a dedicated management LAN for several thousand rack servers
This entry was edited (5 days ago)
in reply to Kevin

Feyter
lemmy - Link to source
Feyter
ok so it's the classic compfort vs. security... kind of.
in reply to Feyter

ɔiƚoxɘup
lemmy - Link to source
ɔiƚoxɘup

So, Ignoring security for a moment, it makes remote resolution of severe machine issues much easier. It is great for IT, it even allows remote OS reinstall.

Now, considering security issues and the lack of parity between AIs ability to attack and defend (better at breaking than fixing) it is sure to become a huge vulnerability, IMO.

in reply to Kissaki

vrek
lemmy - Link to source
vrek

cs.umass.edu/~emery/classes/cm…

The lower you go the harder it is to be able to identify security risks