[heresWaldo]

Yeah these types of security issues will be used by politicians to force hardware makers to lockdown hardware, embed software in chips.

The go fast startups habit of “import the world to make my company products” is a huge security issue IT workers ignore.

The only solution politics and big tech will chase is obsolete said job market by pulling more of the stack into locked down hardware, with updates only allowed to come from the gadget vendor.

[georgyo]

I'm not saying political forces won't try legislating the problem away, but that won't even help here.

A supply chain attack can happen in hardware or software. Hardware has firmware, which is software.

What makes this XZ attack so scary is that it was directly from a "trusted" source. A similar attack could come from any trusted source.

At least with software it is much easier to patch.

[heresWaldo]

Like you said it has firmware which is flashable. Secure enclaves are never 100% secure but if only, for example, Apple can upload to them, it dramatically reduces some random open source project being git pulled. Apple may still pull open source but they would be on the hook to avoid this.

Open sources days of declaring “use at your risk” have become a liability in this hyper networked society. It’s now becoming part of the problem it was imagined up to solve.

[avidiax]

The NSA demands that Intel and AMD provide backdoor ways to turn off the IME/PSP, which are basically a small OS running in a small processor inside your processor. So the precedent is that the government wants less embedded software in their hardware, at least for themselves.

If we relied on gadget vendors to maintain such software, I think we can just look at any IoT or router manufacturer to get an idea of just how often and for how long they will update the software. So that idea will probably backfire spectacularly if implemented.

[BlueFalconHD]

What does the IME or PSP do?

[timschmidt]

Short answer: anything it wants.

IME has privileged access to the MMU(s), all system memory, and even out-of-band access to the network adapter such the the OS cannot inspect network traffic originating with or destined for the IME.

[CobrastanJorji]

Lots. It's basically an extra processor that runs at all times, even when your computer is supposedly "off." Its firmware is bigger than you'd think, like a complete Unix system big. It's frankly terrifying how powerful and opaque it is. It provides a lot around remote management for corporations, lots of "update the BIOS remotely" sort of features, and also a bunch of those stupid copy protection enforcement things. Plus some startup/shutdown stuff like Secure Boot.

[berkes]

Why would "embed software in chips" be a solution?

If anything, I'd expect it to be an even bigger risk, because when (not if) a security issue is found in the hardware, you now have no way to fix it, other than throwing out this server/fridge/toothbrush or whatever is running it.

[heresWaldo]

A flashable secure enclave segment in the hardware stack is an option to patch around embedded bugs.

I haven’t worked in hardware design since the era of Nortel, and it was way different back then but the general physics are the same; if, else, while, and math operations in the hardware are not hard.

In fact your hardware is a general while loop; while has power, iterate around refreshing these memory states with these computed values, even in the absence of user input (which at the root is turning it on).

Programmers have grown accustomed to being necessary to running ignorant business machines but that’s never been a real requirement. Just a socialized one. And such memes are dying off.

[WesolyKubeczek]

Which will make updates either expensive or impossible. You will be able to write books about exploitable bugs in the hardware, and those books will easily survive several editions.