rugabunda
New Member
- Joined
- May 22, 2018
- Messages
- 24 (0.01/day)
NSA says "Purchase business-class AMD machines that lack "gamer" features such as overclocking, firmware modding support (etc)
Here is the NSA's github guide for Firmware: https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance
I GUESS they mean HP all in one PC/laptops exclusively. Anything future Zen 2 that is offered under the same product lines listed here should be the most secure platform you can get.
HP's Chimera/Fallout/Ryzenfall/Masterkey was patched in products that date back as far as 2015:
HP ProDesk 405 G2, uses "AMD Pro A8-8600B" cpu, released on 06/03/2015
HP Slimline 450, AMD E1-6015; 2nd quarter 2015
HP OMEN 870-0xx patch features an intel chipset (obviously a patch for Asmedia's chimera, which affects both AMD & Intel chipsets)
HP Pavilion 24-xa0xxx patch features an intel chipset (obviously a patch for chimera, which affects both AMD & Intel chipsets)
Meanwhile, I had spoken to Asus in First quarter of 2019, they had told me they were STILL working on patches for these fatal exploits in their latest motherboards, some released in 2018. Meanwhile patches were already released months earlier by the only company that confirmed AMD Flaw patches were released, HP. I was unable to get any straight answer or response from MSI, Gigabyte, or Asrock inquiring into AMD flaw patches.
However, I was told by Asus quote: "Once the patch has passed through quality assurance, it will then be distributed to AMD’s OEM partners through AGESA"
As of x570 AMD stopped outsourcing their chipset to Asmedia and started printing their own in-house, including USB & PCIe chipset. ASMedia was responsible for chimera, a back door built into their USB chipsets hardware and firmware... affecting USB ASM1042, ASM1142, ASM1143. SATA, ASM1061, among others. This one I assume we can be confident is taken care of.
I assume the Zen 2 platform and x570 will have patched all of these flaws. Should we take the NSA's advice and use business class machines ONLY with the x570 chipset and avoid the gaming rig? Should we wait until Zen 3? Any tips?
Here is the NSA's github guide for Firmware: https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance
3.2 Ryzenfall, Chimera, Fallout, and Masterkey
Together, these four named attacks constitute what is publicized as "AMD Flaws" and over a dozen vulnerabilities. Many vulnerabilities assume the compromise of administrator credentials or completely inept software-vetting processes. Some of the vulnerabilities are a direct result of debug features left enabled for use in advanced system tweaking common in the overclocking and gaming communities.
To mitigate AMD Flaws, purchase business-class machines that lack "gamer" features such as overclocking, fan control, custom thermal management, RGB lighting, and firmware modding support. Also ensure that all firmware, microcode, and software updates are applied. Carefully analyze software before using it in conjunction with the AMD Secure Processor (SP) or Platform Security Processor (PSP) protected enclaves.
I GUESS they mean HP all in one PC/laptops exclusively. Anything future Zen 2 that is offered under the same product lines listed here should be the most secure platform you can get.
HP's Chimera/Fallout/Ryzenfall/Masterkey was patched in products that date back as far as 2015:
HP ProDesk 405 G2, uses "AMD Pro A8-8600B" cpu, released on 06/03/2015
HP Slimline 450, AMD E1-6015; 2nd quarter 2015
HP OMEN 870-0xx patch features an intel chipset (obviously a patch for Asmedia's chimera, which affects both AMD & Intel chipsets)
HP Pavilion 24-xa0xxx patch features an intel chipset (obviously a patch for chimera, which affects both AMD & Intel chipsets)
Meanwhile, I had spoken to Asus in First quarter of 2019, they had told me they were STILL working on patches for these fatal exploits in their latest motherboards, some released in 2018. Meanwhile patches were already released months earlier by the only company that confirmed AMD Flaw patches were released, HP. I was unable to get any straight answer or response from MSI, Gigabyte, or Asrock inquiring into AMD flaw patches.
However, I was told by Asus quote: "Once the patch has passed through quality assurance, it will then be distributed to AMD’s OEM partners through AGESA"
As of x570 AMD stopped outsourcing their chipset to Asmedia and started printing their own in-house, including USB & PCIe chipset. ASMedia was responsible for chimera, a back door built into their USB chipsets hardware and firmware... affecting USB ASM1042, ASM1142, ASM1143. SATA, ASM1061, among others. This one I assume we can be confident is taken care of.
I assume the Zen 2 platform and x570 will have patched all of these flaws. Should we take the NSA's advice and use business class machines ONLY with the x570 chipset and avoid the gaming rig? Should we wait until Zen 3? Any tips?
Last edited: