[ihalip]

> billions of devices in the wild which will become e-waste overnight

Not just e-waste, they can also become a huge liability. In a presentation, the authors mention that one of the CPU families which have this vulnerability were used in Tesla cars. Tesla apparently switched to AMD APUs around December 2021.

[alophawen]

AMD have much the same thing.

https://en.wikipedia.org/wiki/AMD_Platform_Security_Processo...

[astrange]

This is about microcode, not the Intel ME. AMD does also have updatable microcode though.

[stefan_]

AMD processors have much the same backdoor-"management" coprocessors. Just about the only processors without this stuff is your own softcore design running on an FPGA.

[femto]

Then you have to worry about any "management" modes on the FPGA.

https://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf

[jgtrosh]

What's left, RISC-V?

https://en.wikipedia.org/wiki/RISC-V

[pjmlp]

Not really, because most deployments use UEFI alongside them.

https://github.com/riscv-admin/riscv-uefi-edk2-docs

So if it isn't from door A, door B will do.

[zekica]

It is not just for booting. UEFI has Runtime Services that an OS can call.

[yjftsjthsd-h]

How is UEFI like ME/PSP? I thought it was just for booting.

[robotnikman]

Its surprisingly more complex than that. You can run Doom in UEFI

https://github.com/Cacodemon345/uefidoom

[classichasclass]

POWER8 and POWER9 say hi.

[LargoLasskhyfv]

Money says bye.

[_kbh_]

At least for AMD the PSP isn’t externally exposed which means the attack surface is drastically reduced.

[aqfamnzc]

When you say externally exposed, do you mean to the network, or physically exposed, or what?

[_kbh_]

It doesn’t sit on the network (unlike the ME) so an attacker needs to have access to the host already to be able to exploit any vulnerabilities on the PSP.

[rkangel]

This is not about the management engine. Microcode is part of the actual core processor itself, but an updatable layer. One sort off correct mental model might be to think of x64 hardware as being a RISC-ish processor that runs microcode that runs your code.

[yjftsjthsd-h]

What about POWER?

[greggsy]

It’s not a backdoor until it’s proven that it’s used for that propose. Until the it’s just (yet another) potential side channel.

[CoastalCoder]

I don't understand that logic.

It's like saying I haven't been robbed until I discover that my stuff is missing.

[oasisbob]

> It's like saying I haven't been robbed until I discover that my stuff is missing.

Well, robbery is theft under threat of force, so it would be very hard to be robbed and remain unaware of it.

[jsjohnst]

Yep, I assume they just don’t know the difference between robbery and burglary.

[CoastalCoder]

Actually, I do know the difference, but forgot the distinction when writing the comment :)

[atq2119]

That's literally true, though?

To make the analogy work for you, you have to add something about doors being unlocked, or somebody else having the key to your home.

[bee_rider]

I think in the original analogy, the actual robbery is just used as an event which may occur without our knowledge. Your analogy is better, the mapping makes more sense.

Something like: The locksmith has made a copy of your keys without notifying you. They could hypothetically use those keys to enable a robbery, but you won't know definitively either way until you find something stolen. But it is a pretty weird thing for them to do, right?

[na85]

>That's literally true, though?

There's no Schrodinger's Burglar. You've been robbed once I take your wallet, whether you've discovered it or not.