The link refers basically to laptops. I was wondering if there are issues with second-hand desktop parts for the last couple of generations.
Is a second-hand CPU safe? CPU vulnerabilities seem to be corrected with microcode updates applied to the motherboard BIOS or the OS, and not directly to the CPU. That makes me think that there is no firmware to speak of within a CPU; at least not one that can be changed. On the other hand (if I understand correctly) modern CPUs include integrated controllers for peripherals, RAM, graphics etc. (Let alone AI modules or whatever, and the “plasticity” those imply.) Does that mean that the CPUs themselves run their own firmware or software of any kind? And more importantly can a CPU be infected in a permanent or contagious manner? “in a permanent manner” : remains infected when installed on another motherboard? “in a contagious manner” : the malware propagates to the next motherboard the CPU is installed on? CPUs also contain eDRAM. Which leads me to my next question. Is second-hand RAM safe? If the DIMM itself has a controller or firmware (other than the IMC in the CPU) , then it might be infected too. Is that correct? A second reason of concern is the issue of Data Remanence, a property that allows “removing a computer's memory modules, cooling them to prolong data remanence, then transferring them to a different computer to be read out.” according to the Dynamic_random-access_memory article on Wikipedia. Admittedly the phenomenon refers to “ data retention of seconds to minutes at room temperature and "a full week without refresh when cooled with liquid nitrogen."” according to the Data_remanence article. The aforementioned articles address the matter through the perspective of forensics rather than security. But am I right to assume that it would allow file-less malware infections? P.S.: I don’t have a particular threat model in mind. My questions are strictly hardware related. I realize the problems of an official endorsement and I understand that nobody can predict future vulnerabilities or exploits. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ada5b955-25d5-4cc1-8240-62b5d090f15c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
