Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There is chance that POWER8 and future POWER9 based hardware might work, but it's very expensive. There was already an attempt to create backdoor-free hardware, but for now it's failed:

https://www.raptorengineering.com/TALOS/




Dark times when even good old AMD is doing anti-consumer crap. I don't even get how this is helping their cause against Intel. They could have simply not done the stupid things Intel is doing and carved a niche. But this is just showing they want to be another Intel, not a better Intel.


AMD has recently stated they'd like to do something about this during an AMA on reddit: https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_crea...

This probably won't happen for a while, though...


Fact that anyone official commented on matter is big deal, but it's still worth nothing and change nothing. AMD for instance has proprietary firmware on GPU too and their highly technical Linux staff (John Bridgman and others) confirmed many times they simply can't open it even if they wanted to due to all DRM-related certification, agreements with IP partners, etc.

And it's much worse in case of PSP because first of all it's ARM IP and they wouldn't be able to change anything without agreement with them. Also after a little of Google-fu I find interesting document:

http://fileshare.arseniyshestakov.com/mirror/AMD_PSP_Briefin...

That's mirror, but you can easily find source. So AMD actually pitch it not just to governments, but also defence institutions and this is just much much worse than story with DRM.


Sadly I don't think there is any market for secure hardware.

Simply no one care; not even enterprises and governments.


Post-Snowden, I think you will find there are more who care about this than there were in the past. The only reason any of us take this seriously is because of what we factually know about government agencies snooping on us.


Problem is that bunch of nerds (myself included) is not viable market. PSP / ME it's just one of problems on hardware layer: almost every single device have closed source firmware or microcode inside drivers and there no device on motherboard that have DMA and can be trusted. Hardware manufacturing is hard and even if some company would be able to produce viable hardware there just not enough customers who going to pay 10-20 times of price premium just for security.

And even if you can mitigate hardware issues your "secure" system will be practically useless because on software layer best you can get it's PoC like CubesOS since desktop Linux is just damn insecure.

So if you want solution that actually let you have work done then you have to sacrifice something: keep important data on isolated always offline PC, get older hardware without PSP / ME (or deactivated one) for online and pray. Then always put newer untrusted hardware behind hardware firewall / VPN / etc.

In the end several completely isolated devices for different use cases give you much better practical security than one backdoor-free PC / server.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: