• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Flaws, Fastforwarding to 2020: Any concerns with Zen 2 / x570 Chipsets?

rugabunda

New Member
Joined
May 22, 2018
Messages
24 (0.03/day)
NSA says "Purchase business-class AMD machines that lack "gamer" features such as overclocking, firmware modding support (etc)

Here is the NSA's github guide for Firmware: https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance

3.2 Ryzenfall, Chimera, Fallout, and Masterkey
Together, these four named attacks constitute what is publicized as "AMD Flaws" and over a dozen vulnerabilities. Many vulnerabilities assume the compromise of administrator credentials or completely inept software-vetting processes. Some of the vulnerabilities are a direct result of debug features left enabled for use in advanced system tweaking common in the overclocking and gaming communities.

To mitigate AMD Flaws, purchase business-class machines that lack "gamer" features such as overclocking, fan control, custom thermal management, RGB lighting, and firmware modding support. Also ensure that all firmware, microcode, and software updates are applied. Carefully analyze software before using it in conjunction with the AMD Secure Processor (SP) or Platform Security Processor (PSP) protected enclaves.
I GUESS they mean HP all in one PC/laptops exclusively. Anything future Zen 2 that is offered under the same product lines listed here should be the most secure platform you can get.

HP's Chimera/Fallout/Ryzenfall/Masterkey was patched in products that date back as far as 2015:

HP ProDesk 405 G2, uses "AMD Pro A8-8600B" cpu, released on 06/03/2015
HP Slimline 450, AMD E1-6015; 2nd quarter 2015
HP OMEN 870-0xx patch features an intel chipset (obviously a patch for Asmedia's chimera, which affects both AMD & Intel chipsets)
HP Pavilion 24-xa0xxx patch features an intel chipset (obviously a patch for chimera, which affects both AMD & Intel chipsets)

Meanwhile, I had spoken to Asus in First quarter of 2019, they had told me they were STILL working on patches for these fatal exploits in their latest motherboards, some released in 2018. Meanwhile patches were already released months earlier by the only company that confirmed AMD Flaw patches were released, HP. I was unable to get any straight answer or response from MSI, Gigabyte, or Asrock inquiring into AMD flaw patches.

However, I was told by Asus quote: "Once the patch has passed through quality assurance, it will then be distributed to AMD’s OEM partners through AGESA"

As of x570 AMD stopped outsourcing their chipset to Asmedia and started printing their own in-house, including USB & PCIe chipset. ASMedia was responsible for chimera, a back door built into their USB chipsets hardware and firmware... affecting USB ASM1042, ASM1142, ASM1143. SATA, ASM1061, among others. This one I assume we can be confident is taken care of.

I assume the Zen 2 platform and x570 will have patched all of these flaws. Should we take the NSA's advice and use business class machines ONLY with the x570 chipset and avoid the gaming rig? Should we wait until Zen 3? Any tips?
 
Last edited:
Joined
Feb 3, 2019
Messages
1,069 (2.24/day)
Location
Chicago Land
Processor Lidless PGA 2700X
Motherboard Asus B450-I Gaming
Cooling Stock Air
Memory Corsair 3000nhz 13-15-15-15-32-53 2T
Video Card(s) Asus strix GTX 980 OC
Storage SSD
Display(s) 21" - 55"
Case None
Power Supply Antec CP series 850w
Mouse Razar Mamba Tournament Edition
Keyboard Logitech G910
Software W7
Benchmark Scores Max Cpu clock 7685Mhz FX-8300 WPrime 32m 2.886 seconds AMD 2700x
Oh no, what does this mean??!!

No seriously, I'm not holding my hands to my cheeks......
 
Joined
Jun 24, 2015
Messages
1,648 (0.92/day)
Location
Western Canada
System Name Ol' Beastie R3.1
Processor R7 3700X
Motherboard B450I Aorus Pro Wifi (F50)
Cooling NH-U9S
Memory 32GB Trident Z RGB (3600 16-19-19-37, DJR)
Video Card(s) NVIDIA RTX 2060 Super FE
Storage 2.75TB - SX8200, MX300, Blue3D
Display(s) BenQ GW2765HT
Case NCASE M1v5 + Pelican 1514
Audio Device(s) DT 770 80Ω - Blue Snowball iCE
Power Supply Corsair SF600G/Cablemod custom lengths
Mouse Endgame XM1
Keyboard various customs
Software Windows 10 1909
X570 eliminated Promontory's flaws, because it's literally a Zen 2 client I/O die manufactured on the 14nm process normally used for EPYC 7xxx I/O dies. Problem is, a good chunk of the Zen 2 userbase doesn't use the Bixby chipset, because they opt for B450/X370/X470, which is obviously still Promontory.

NSA's blanket suggestion to essentially avoid aftermarket hardware sounds a little stupid, but it's not entirely without merit. Motherboard vendors are notoriously bad at releasing microcode and BIOSes to patch vulnerabilities in older hardware. Look at how many years the Intel vulnerabilities have been in the media. They just can't be bothered; there are so many boards, and by their calculations, so few users who might actually suffer security issues in their uses. I'd bet that in 2020, they probably just assume that those hardware generations have either died off / are in the process of dying / have been replaced by newer hardware. The Microcode Boot Loader tool, found right here on TPU, is proof of what users had to do to fill that void.

My main concern lies with PSP. It's, at its core, AMD's take on the Management Engine, and from its closed-off design, there's both very little information available on it and a very high likelihood it'll suffer the same fate as Intel's ME. "Our design works differently than Intel, and isn't vulnerable" isn't going to work here.

Problem there is, Intel is cagey and scummy when it comes to exploits, but they pay people to find the vulnerabilities. AMD doesn't, and AMD's first reaction to any vulnerability-related discussion in the past is "oh, we're not Intel, we're fine. We're fine. Listen, really, there aren't any problems with our products."

Muddying the waters further is the whole controversy around whether CTS Labs really exists, and/or whether they're a paid Intel shill. They probably are, but Ryzen isn't perfect. I can't remember the exact vulnerability affecting Zen and Zen+, but AMD's response was basically "hey look, it's been completely fixed with Zen 2, so you should upgrade to Zen 2."

@biffzinker I don't think it was the RDRAND bug, since there were still reports on Zen 2. Probably not segfault, I'm thinking of an article most likely on Anand that was published between Zen+ and 2.
 
Last edited:

GLD

Joined
May 13, 2006
Messages
1,610 (0.31/day)
Location
City 17, California, U.S.A.
Processor AMD Ryzen 5 3600, AMD Wraith Prism.
Motherboard ASUS TUF X570-Plus (Wi-Fi).
Cooling Antec 120mm RGB case fans.
Memory 4x8gb, G.SKILL F4-3600C16D-16GVKC.
Video Card(s) Sapphire Pulse RX 5600 XT.
Storage Crucial P1 1TB NVMe with EKWB heatsink.
Display(s) ASUS VP278QG 27", 1080p, 75hz, FreeSync.
Case Antec GX202.
Audio Device(s) Onboard sound, Logitech 2.1's, Logitech G430 headphones.
Power Supply Seasonic Prime GX-750.
Mouse Logitech G203 Prodigy.
Keyboard Logitech G213.
Software Windows 10 PRO, x64.
I have an Asus Tuf X570 board and a Ryzen 3600 on the way. Seeing as the X570 chip is built by AMD themselves, I fell secure, and happy for the new kit.
 
Joined
Mar 23, 2016
Messages
3,683 (2.42/day)
Processor Ryzen 5 3600
Motherboard MSI B450 Tomahawk ATX
Cooling Cooler Master Hyper 212 Black Edition
Memory PNY Anarchy-X XLR8 Red DDR4 3200 MHz C15-17-17-17-35
Video Card(s) MSI GeForce RTX 2060 GAMING Z 6G
Storage Samsung 970 EVO NVMe M.2 500 GB, SanDisk Ultra II 480 GB
Display(s) Samsung SyncMaster C27H711 OC refresh rate 110Hz
Case Phantek Eclipse P400S (PH-EC416PS)
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse SteelSeries Rival 310
Keyboard Logitech G G413 Silver
Software Windows 10 Professional 64-bit v1903
I can't remember the exact vulnerability affecting Zen and Zen+, but AMD's response was basically "hey look, it's been completely fixed with Zen 2, so you should upgrade to Zen 2."
The segfault issue with first generation Ryzen?

AMD's RDRAND instruction?
 
Last edited:

Fourstaff

Moderator
Staff member
Joined
Nov 29, 2009
Messages
9,537 (2.49/day)
Location
Home
System Name Orange!
Processor 3570K
Motherboard ASRock z77 Extreme4
Cooling Stock
Memory 2x4Gb 1600Mhz CL9 Corsair XMS3
Video Card(s) Sapphire Nitro+ RX 570
Storage Samsung 840 250Gb + Toshiba DT01ACA300 3Tb
Display(s) LG 22EA53VQ
Case NZXT Phantom 410 Black/Orange
Power Supply Corsair CXM500w
What are the odds that Zen 2 platform will have patched all of these flaws? Should we take the NSA's advice and use business class machines ONLY with the x570 chipset and avoid the gaming rig? Any tips? Should we wait until Zen 3?
Different people will have different risk tolerances. For example I don't have anything super important on my PC, losing it is no big deal for me. However, a lot of people manage their business/life around their machines. These people will need to pay more attention as an unlucky attack will turn their life upside down. Using x570 will eliminate some risks, but will certainly not eliminate the yet to be found ones. Best to do proper backups and practice good security habits.
 
Joined
Dec 10, 2014
Messages
568 (0.28/day)
Location
Nowy Warsaw
System Name SYBARIS
Processor AMD Ryzen™ 5 3600
Motherboard MSI Arsenal Gaming B450 Tomahawk
Cooling Cryorig H7 Quad Lumi
Memory Team T-Force Delta RGB 2x8GB 3200CL16
Video Card(s) Colorful GeForce RTX 2060 6G V2
Storage WD Black WD1003FZEX 1TB + Crucial MX500 500GB
Display(s) LG 22MP68VQ-P 22" 75hz IPS
Case In Win Mana 136
Audio Device(s) HyperX Cloud X | iVOOMi iVO-169SUFBT 2.1
Power Supply Cooler Master G550M
Mouse Logitech G102 Prodigy | Logitech G402 Hyperion Fury
Keyboard Fantech MK871 RGB TKL Outemu Blue mechanical keyboard
Software Windows 10 Education 1909 x64
I wonder now how long before a mod locks the OP from posting. I'm from a third world Asian country that has no Jewish population to speak of but even I'm squeamish about saying anything negative about Israelis on the Internet.
 
Joined
Aug 20, 2007
Messages
12,955 (2.78/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 55" LG 55B9-OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
Lets leave political theories and conspiracies out of this. Also lets refrain from attacking complete ethnic groups over theoretical security flaws.

All I have to say re the supposed NSA guidance is consider their use case. Does it match yours? If not, quit worrying. No one is going to go to this trouble over you and most of these vulnerabiluties are old news at this point.
 
Joined
Dec 10, 2014
Messages
568 (0.28/day)
Location
Nowy Warsaw
System Name SYBARIS
Processor AMD Ryzen™ 5 3600
Motherboard MSI Arsenal Gaming B450 Tomahawk
Cooling Cryorig H7 Quad Lumi
Memory Team T-Force Delta RGB 2x8GB 3200CL16
Video Card(s) Colorful GeForce RTX 2060 6G V2
Storage WD Black WD1003FZEX 1TB + Crucial MX500 500GB
Display(s) LG 22MP68VQ-P 22" 75hz IPS
Case In Win Mana 136
Audio Device(s) HyperX Cloud X | iVOOMi iVO-169SUFBT 2.1
Power Supply Cooler Master G550M
Mouse Logitech G102 Prodigy | Logitech G402 Hyperion Fury
Keyboard Fantech MK871 RGB TKL Outemu Blue mechanical keyboard
Software Windows 10 Education 1909 x64
Mayhap OP's a contractor/supplier for some Irani department or agency looking to upgrade their systems, who knows? :twitch:
Lets leave political theories and conspiracies out of this.

All I have to say re the supposed NSA guidance is consider their use case. Does it match yours? If not, quit worrying. No one is going to go to this trouble over you and most of these vulnerabiluties are old news at this point.
 
Joined
Aug 20, 2007
Messages
12,955 (2.78/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 55" LG 55B9-OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
Excuse me, stay on topic. This is not your thread to hijack. This thread is about the facts and truth regarding the situation, not political correctness or avoiding obvious facts and historical truth. Start your own thread if you want to boss people around and dictate the content of the discussion.
Then don't go offtopic with theories you can't substantiate. My comment was out of a desire to stay on topic, not viceversa.

I personally don't like the PSP because it is little understood (other than portions coming from Qualcomm patents, and not good ones) and can't be disabled like Intel's solution. Both are equally bad in concept, but at least one can eventually be disabled.
 
Joined
Apr 12, 2013
Messages
3,186 (1.22/day)
CTS disclosed their flaws prematurely which gave AMD someone to blame and excuse their PR in dealing with this; perhaps not a good move, but they're making up for it! My god they are doing a great job with their latest architecture and cpus.
No CTS was a hit job, that's what it was. If you're giving that kind of leeway to CTS then there's a host of other companies which could be hit with multiple zero day attacks, including yours truly competitor A :rolleyes:

CTS did no one any good, except trying to make a big splash outing "major" flaws. The fact that they've done nothing since will solidify many theories about their true intentions!
 
Joined
Aug 20, 2007
Messages
12,955 (2.78/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 55" LG 55B9-OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
No CTS was a hit job, that's what it was. If you're giving that kind of leeway to CTS then there's a host of other companies which could be hit with multiple zero day attacks, including yours truly competitor A :rolleyes:
It also was a real set of vulnerabilities. Overblown perhaps, but lets please analyze the facts of the security issues here rather than taking sides, political or brand-related.

My opinion is that short of local attacker access, or a specially prepared infected usb device, these vulnerabilities are nothing for end users to worry about.
 
Joined
Apr 12, 2013
Messages
3,186 (1.22/day)
Sure they were & then after the much publicized "flaws" went public not a peep from CTS. What are they doing now, what's their history? If anyone had to be blamed in that fiasco it was CTS, not in the least because their disclosures were not in good faith let alone responsible.
 
Joined
Aug 20, 2007
Messages
12,955 (2.78/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 55" LG 55B9-OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
Sure they were & then after the much publicized "flaws" went public not a peep from CTS. What are they doing now, what's their history?
Frankly, in relation to the OPs query, that is completely irrelevant.
 

AlienIsGOD

Vanguard Beta Tester
Joined
Aug 9, 2008
Messages
5,079 (1.18/day)
Location
Kingston, Ontario Canada
System Name Aliens Ryzen Rig | Hand Me Down Special
Processor Ryzen R7 2700 @ 3.8ghz all cores | i5 3570K
Motherboard Gigabyte B450 Aorus Elite (F50a BIOS) | EVGA Z77 FTW
Cooling CM HYPER 212 RGB Black edition | CM Hyper 212+
Memory 8GB X 2 DDR4 3000mhz Team Group Vulcan | 4 x 2GB DDR3
Video Card(s) Sapphire Pulse RX 5700 8GB | Sapphire RX 480 Reference
Storage Adata XPG 8200 PRO 512GB SSD OS / 240 SSD+480 GB M.2 SSD Games / 1000 GB Data | SSD + HDD
Display(s) Acer ED273 27" VA 144hz Freesync |Asus VA32AQ 32" IPS 60hz 1440P
Case NZXT H500 Black | NZXT 810 Switch
Audio Device(s) Onboard Realtek | Onboard Realtek
Power Supply EVGA SuperNOVA G3 650w 80+ Gold | EVGA SuperNOVA G2 750w 80+ Gold
Mouse Steelseries Rival 500 15 button mouse w/ Razor Goliathus Chroma XL mousemat | Logitech G502
Keyboard Logitech G910 Orion Spark RGB w/ Romer G tactile keys | Logitech G513 Carbon w/ Romer G tactile keys
Software Windows 10 Pro | Windows 10 Pro
Leave Jewish ppl out of tech conversations please. I could care less if you are using it as an analogy... Also don't tell ppl what to comment or not comment as it makes you look pushy and rude as a new member.
 

rugabunda

New Member
Joined
May 22, 2018
Messages
24 (0.03/day)
@R-T-B did you end up starting that new thread on flipping the hap on Intel-ME firmware?

Remote in this context means same lan subnet I think, which USUALLY is not an issue. It also depends on very old firmware nearly no one will be running. Just update your bios.

This is not usually a web accessible vulnerability.
Yeah; unless you were hit with rowhammer via browser jit or something as such perhaps (dunno)
 
Last edited:
Joined
Aug 20, 2007
Messages
12,955 (2.78/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 55" LG 55B9-OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
I did. I have a few boards I need to update though, time is tricky to find:

 
Joined
Jan 8, 2017
Messages
5,011 (4.06/day)
System Name Good enough
Processor AMD Ryzen R7 1700X - 4.0 Ghz / 1.350V
Motherboard ASRock B450M Pro4
Cooling Scythe Katana 4 - 3x 120mm case fans
Memory 16GB - Corsair Vengeance LPX
Video Card(s) OEM Dell GTX 1080
Storage 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) 4K Samsung TV
Case Zalman R1
Power Supply 500W
About the RDRAND bug, it is completely beyond me why would anyone use that in the boot process of an OS. For one thing, this extension isn't present in most other CPUs out there so why use it now ? Actually, using RNG in the boost process of anything seems like a terrible idea in general and it's asking for a lot problems.
 
Joined
Mar 10, 2010
Messages
7,552 (2.03/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R7 3800X@4.350/525/ Intel 8750H
Motherboard Crosshair hero7 @bios 2703/?
Cooling 360EK extreme rad+ 360$EK slim all push, cpu Monoblock Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in two sticks./16Gb
Video Card(s) Sapphire refference Rx vega 64 EK waterblocked/Rtx 2060
Storage Samsung Nvme Pg981, silicon power 1Tb samsung 840 basic as a primocache drive for, WD2Tbgrn +3Tbgrn,
Display(s) Samsung UAE28"850R 4k freesync, LG 49" 4K 60hz ,Oculus
Case Lianli p0-11 dynamic
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Iksu force fx
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
No problems here just using the stuff.
 
Joined
Aug 20, 2007
Messages
12,955 (2.78/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 55" LG 55B9-OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
About the RDRAND bug, it is completely beyond me why would anyone use that in the boot process of an OS. For one thing, this extension isn't present in most other CPUs out there so why use it now ? Actually, using RNG in the boost process of anything seems like a terrible idea in general and it's asking for a lot problems.
Entropy is gathered in boot process in nearly all major OSes. Yes, RDRand is used if present on Windows. I imagine they work around the AMD Zen 2 series issue though.
 
Last edited:
Joined
Jan 8, 2017
Messages
5,011 (4.06/day)
System Name Good enough
Processor AMD Ryzen R7 1700X - 4.0 Ghz / 1.350V
Motherboard ASRock B450M Pro4
Cooling Scythe Katana 4 - 3x 120mm case fans
Memory 16GB - Corsair Vengeance LPX
Video Card(s) OEM Dell GTX 1080
Storage 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) 4K Samsung TV
Case Zalman R1
Power Supply 500W
Entropy is gathered in boot process in nearly all major OSes. Yes, RDRand is used if present on Windows.
Why doesn't Windows crash at boot then ?
 
Joined
Mar 23, 2016
Messages
3,683 (2.42/day)
Processor Ryzen 5 3600
Motherboard MSI B450 Tomahawk ATX
Cooling Cooler Master Hyper 212 Black Edition
Memory PNY Anarchy-X XLR8 Red DDR4 3200 MHz C15-17-17-17-35
Video Card(s) MSI GeForce RTX 2060 GAMING Z 6G
Storage Samsung 970 EVO NVMe M.2 500 GB, SanDisk Ultra II 480 GB
Display(s) Samsung SyncMaster C27H711 OC refresh rate 110Hz
Case Phantek Eclipse P400S (PH-EC416PS)
Audio Device(s) EVGA NU Audio
Power Supply EVGA 850 BQ
Mouse SteelSeries Rival 310
Keyboard Logitech G G413 Silver
Software Windows 10 Professional 64-bit v1903
Why doesn't Windows crash at boot then ?
Maybe Microsoft issued a patch for Windows after the issue on Linux/Systemd came to light? TPM in the Ryzen SoC might be another reason?
 
Joined
Aug 20, 2007
Messages
12,955 (2.78/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 55" LG 55B9-OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
Why doesn't Windows crash at boot then ?
It shouldn't even crash systemd really. As noted in the article, technically the value returned is a possible random number. Issue is that's ALL it returns. What causes hard freezes is when code expects a different result on a retry (which should happen in nearly all instances).

If I had to guess, I'd say they have a work around for this or entropy is silently compromised. Also Windows tends not to use KASLR, making it less essential to system stability.
 
Joined
Jan 8, 2017
Messages
5,011 (4.06/day)
System Name Good enough
Processor AMD Ryzen R7 1700X - 4.0 Ghz / 1.350V
Motherboard ASRock B450M Pro4
Cooling Scythe Katana 4 - 3x 120mm case fans
Memory 16GB - Corsair Vengeance LPX
Video Card(s) OEM Dell GTX 1080
Storage 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) 4K Samsung TV
Case Zalman R1
Power Supply 500W
What causes hard freezes is when code expects a different result on a retry (which should happen in nearly all instances).
It should happen but this still sounds like terrible design. If you have something that takes some random bits as input and you're calling that function again already expecting it to give you something in particular, or, if certain outputs brake things, well, that just sort of defeats the purpose of doing that in the first place. RNG screwed up a lot of systems because of silly things like that.

Anyway it appears that Windows treats this in a sensible manner, at least to the level that it doesn't outright crashes, unlike the Linux kernel.
 
Last edited:
Joined
Aug 20, 2007
Messages
12,955 (2.78/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 55" LG 55B9-OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
It should happen but this still sounds like terrible design. If you have something that takes some random bits as input and you're calling that function again already expecting it to give you something in particular, or, if certain outputs brake things, well, that just sort of defeats the purpose of doing that in the first place.
It's not that a few duplicate returns break it. It's using the RNG in systemd's case to generate ids that must be unique, ie not in use. Guess what happens when every return is the exact same? It's waiting forever for a "different" id that will never, ever come.

Anyway it appears that Windows treats this in a sensible manner
Depends. If it's silently using this as it's entropy pool, that could be even worse.

at least to the level that it doesn't outright crashes, unlike the Linux kernel.
Systemd simply hangs. The linux kernel is fine.
 
Top