back to article AMD to plunk ARM core onto Fusion, Opteron chips

In February, when the new management team at Advanced Micro Devices presented revised roadmaps for PC and server processors that were a bit more conservative than what the old AMD might have drawn up, the company's top techies hinted that they were interested in integrating other intellectual property into Fusion and Opteron …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    And the wheel completes another turn

    First there was real mode.

    But it wasn't enough to protect the programs.

    So then was created protected mode, and an operating system kernel to manage the programs.

    But it wasn't enough to protect the programs.

    So then was created System Management Mode, and a BIOS to manage the system.

    But it wasn't enough to protect the programs.

    So then was created system virtual machines.

    But it wasn't enough to protect the programs.

    And so was created TPM, and code to use it.

    But it wasn't enough to protect the programs.

    So now is created a separate processor.

    1. Anonymous Coward
      Anonymous Coward

      Re: And the wheel completes another turn

      First there was the mainframe, which did all this stuff and midrange hardware which also did this well.

      Then there were cheap micro-processors and cheapskate OS vendors who valued performance and integration over everything.

      And behold, the third-party vendors saw it and it was a great selling opportunity. And the OS vendors saw it and behold, putting the cost of engineering on third party products was a great way to make their own stuff cheaper.

      And all decided it was very good and an ecosystem was born.

      Those who knew better looked at the abomination which had been spawned and spake thus: "thy toys are piffling in design, an offense to my wallet and not fit for enterprise usage but only for playing games - begone!"

  2. Anonymous Coward
    Anonymous Coward

    Deep Joy

    Another single point of failure for the hackers to go after.

    Only this time....never mind

    Time to dig the abacus out of storage.

  3. Anonymous Coward
    Anonymous Coward

    What 'arm can it do.

    ARM on the desktop and x86 on phones, whatever next?

  4. Anonymous Coward
    Anonymous Coward

    "it wasn't enough to protect the programs."

    It's 2012.

    Who's interested in protecting my programs or my data? I'm only the end user or maybe IT manager in charge of thousands of desktops, take your pick, either way we get no say in the products which are available to buy (not until BYOD gets serious anyway).

    The Wintel zombie army define the products available to buy, and they take their orders from the pigopolists, the media companies, whose "protection" needs include having a trusted copy-proof channel all the way from Blu-Ray to HDCP-connected screen (or from DRM-infested stream to screen, take your pick).

    That's what Wintel "trusted computing" has meant for a few years now.

  5. Steve Knox
    FAIL

    Oh Please God NO!

    ..Intel has its own ideas about ... weaving its McAfee security software into the Core and Xeon processors.

    And on the day after that happens, AMD will have over 90% share of the x86/x64 market.

  6. Christian Berger

    There would be ways to achieve real security

    For example you could have an enhanced type systems where every variable can contain complex types. Types like "this is an integer containing a prime number", or "this is a block of data which must not leave the scope of this function". With such features you could comfortably write and proof the correctness of your code automatically. Research in that area is on its way. If we'd spend as much effort researching this as we spend managing virus scanner licenses, we could make substantial progress.

    You could go further and have tagged memory, where variables contain their type in memory and the hardware can check for illegal operations like multiplying a string and an integer, or sending a data-block which has a "must not leave system" flag to the network card.

    The proposed system probably won't bring any security. People who know about security will be able to make secure systems without it. It's little use storing your key on a separate little system, if the attacker simply calls the same function as your insecure PHP webshop does.

    It's also little use allowing only signed code to boot as it's extremely unlikely someone will sneak into the secure data center and covertly replace the boot sector.

    Maybe a tiny little example of how a strongly typed system can prevent errors:

    FUNCTION inttostr5(x:word):string;

    VAR s:string;

    n:integer;

    BEGIN

    s:=inttostr(x);

    WHILE length(s)<5 DO s:='0'+s;

    inttostr5:=s;

    END.

    Now if x could be negative, you'd get a string like 000-3. However the type "word" implies that this is an unsigned and always positive integer. If you try to call the function with a negative value, you will either get a compiler error or an exception. Now contrast that with C where types are just syntactical sugar and not enforced. What happens if you do a malloc(20+x) and x is -30? How can you keep an attacker from giving you unsuitable input without having to resort to manually checking everything? If you could just say, x is an integer between 2 and 500, your compiler could put in the necessary code for you at the best possible position. And as a side effect it can even optimize the code better.

    1. Steve Knox
      WTF?

      Re: There would be ways to achieve real security

      "this is an integer containing a prime number"!?

      How do you code a type validation for an infinite series with no known pattern!?

    2. Charles 9

      Re: There would be ways to achieve real security

      Type checking isn't new. The perennial problem with them, however, has been the overhead necessary to perform the checking: a real bug-a-boo in applications where speed is essential. It's the ol' tollgate problem. The gates ensure you get your revenue but slows down traffic while a high-speed gantry speeds up the traffic but increases the risk of scofflaws slipping through with switched plates or the like.

    3. Anonymous Coward
      Anonymous Coward

      "check for illegal operations like multiplying a string and an integer"

      Never mind doing it in new (or long obsolete [1]) hardware, any sensible compiler/interpreter/whatever (or equivalent runtime support) should be doing that kind of type checking already. Just because this week's trendy presentation-layer-oriented "languages" don't necessarily do that kind of thing doesn't mean it can't be done or isn't a good idea. On the other hand, some of this week's trendy presentation-layer-oriented "languages" are quite possibly a bad idea from a security point of view.

      "sending a data-block which has a "must not leave system" flag to the network card."

      That's more like it. I seem to remember stuff like that over two decades ago, before the Wintel world even thought about what security might mean to anybody.

      I won't tell you much about it here, but you can probably guess who the interested users were, and you might look up "compartmented mode workstation" as an example (and if you do, you might find a 1990 paper by someone called Berger at an outfit called MITRE - any relation?).

      [1] A 1980s microprocessor which might in principle have been used with this kind of object correctness checking might be the well known (not) iAPX432. From Intel. One of their smarter ideas, but the technology wasn't up to it.

      http://www.cs.washington.edu/homes/levy/capabook/Chapter9.pdf

  7. Mikel
    FAIL

    First use

    The first use these technologies are put to is always to protect the hardware from non-Windows operating systems. Ironic, don't you think?

  8. Skyraker
    Pirate

    This has got....

    ... DRM written all over it.

    You think they'd have learnt by now.

  9. 2cent

    A kick in the secure boot

    I am truly hoping that AMD can use this as a workaround for SecureBoot and Unified Extensible Firmware Interface (UEFI).

    It would be lovely to have at least one hardware vendor who wouldn't require a license fee just to run whatever OS you would like, and yet, actually have a secure environment.

    I just can't see RedHat asking to pay M$ for the ability to use Linux. Given that Microsoft has bamboozled everybody on patents. UEFI and its group are like guys stopping at your front door and saying "Hey, you could have fire in a place like this" wink wink nod nod, "Do you want to buy a license , errr, some insurance?".

This topic is closed for new posts.

Other stories you might like