Re: Chip cheaper than chips
On Tue, 05 Dec 2017 01:41:12 -0500 > industrial SDHC with pSLC > > https://swissbit.com/products/nand-flash-products/cards/sd-memory-cards/ Glad you know atleast, I guess size is everything for you at that cost. Personally I want SATA for > 1TB at low cost. It is quite funny that the HDD is bigger than the CPU board though ;)
Re: Chip cheaper than chips
On Tue, 05 Dec 2017 01:44:03 -0500 > Article on how to disable the management engine, if you have it and > are afraid of it. > > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html?m=1 Yep but this is meant for DOD to replace the functionality with it's own micro. They state they have no idea how reliable this will be?
Re: Chip cheaper than chips
On Tue, Dec 5, 2017 at 7:44 AM, Rupert Gallagher wrote: > Article on how to disable the management engine, if you have it and are > afraid of it. > > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html?m=1 > And do you really trust that after this your CPU/platform is fully functional yet no *bits* of ME are working so there is really no remote hole in the platform?
Re: Chip cheaper than chips
50% on pSLC On Mon, Dec 4, 2017 at 12:41, Kevin Chadwick wrote: > On Mon, 04 Dec 2017 06:22:17 -0500 > > > > > We like booting from the SD, but > they have none. > > > > How do you manage flash wear? Set up mfs all over the > place? I much > > prefer and need SATA anyway. > > > This might have been an > issue 20 years ago. > It is not any more. > Please stop spreading FUD. I > assume SD means microSD or something other than SSD. If not I apologise. The > latest atom boards come with 16-64 GB emmc onboard. Apparently emmc may? > perform wear levelling, SD would not unless you pay a fortune for a special > SD card. There seems to be a lot of misinformation in this area which is > quite dangerous considering what some of these devices may be used for. > http://eu.mouser.com/new/Swissbit/swissbit-industrial-SD-memory/ There are > special embedded filesystems (often pay for) that do wear leveling for > standard SD, not sure if they reserve 20% of the space. I am fairly sure even > emmc does not reserve 20% like sandforce/SSD does and so a full filesytem > could fail quickly. Perhaps an unused partition could solve that??
Re: Chip cheaper than chips
Article on how to disable the management engine, if you have it and are afraid of it. http://blog.ptsecurity.com/2017/08/disabling-intel-me.html?m=1 Sent from ProtonMail Mobile On Sun, Dec 3, 2017 at 19:52, Brian McCafferty wrote: > On 12/03/17 03:23, Rupert Gallagher wrote: > The bug on Atom C2000 was solved > in the new C3000 series. It was a minor bug anyway. > > I have no evidence > that the management engine is part of the new chip. It is an expensive > extension that Intel would not include for free. Besides, if available, I > think I would use it! > > Sent from ProtonMail Mobile > > On Sun, Dec 3, 2017 > at 03:47, wrote: > >> https://danluu.com/cpu-bugs/ It's included in this > notice: > https://www.intel.com/content/www/us/en/support/articles/25619/software.html > And shown on the diagram in this product brief: > https://www.intel.com/content/www/us/en/design/products-and-solutions/processors-and-chipsets/denverton/ns/atom-processor-c3000-series.html > @openmailbox.org>
Re: Chip cheaper than chips
industrial SDHC with pSLC https://swissbit.com/products/nand-flash-products/cards/sd-memory-cards/ On Mon, Dec 4, 2017 at 11:05, Kevin Chadwick wrote: > On Sat, 02 Dec 2017 19:03:05 -0500 > We like booting from the SD, but they > have none. How do you manage flash wear? Set up mfs all over the place? I > much prefer and need SATA anyway.
Re: Chip cheaper than chips
Better yet, get rid of such insane rubbish in the first place. Why would you want a remote admin tool built into the CPU out of all things? On Mon, 4 Dec 2017 13:46:02 + Kevin Chadwick wrote: > Dangerous Bugs aren't new such as with core2duo but this is looking > insane. The Apollo Lake chips are really impressive, just a shame they > are intrinsically covered in #*&%. Hopefully public pressure might > cause Intel to release firmware with a proper safe mode switch.
Re: Chip cheaper than chips
Dear Rupert, It is well-documented that the ME hardware is built in to all Intel hardware since 2006. This may not include the "enterprise" AMT offering (hence lack of "vPro" branding), which is just a module that runs on the ME hardware. To clarify: the "vPro" branding and the Intel ME hardware (and base firmware that runs on it) are not tied together. This page gathers some information: https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F Just going by the Intel page on the recent horror-show vulnerability, we see that Intel Atom C3xxx processors are indeed affected: https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr You should make up your own mind (I think the new Intel hardware is pretty neat in many respects, actually). Maybe you should consider running the (above) me_cleaner tool, as that is thought to remove much of the network stack. All the best, Duncan Rupert Gallagher: > Do you have any reference on Intel M.E. being present on Atom C3308? > > Sent from ProtonMail Mobile >
Re: Chip cheaper than chips
On Mon, Dec 04, 2017 at 11:41:56AM +, Kevin Chadwick wrote: > On Mon, 04 Dec 2017 06:22:17 -0500 > > > > > > > > > We like booting from the SD, but they have none. > > > > > > How do you manage flash wear? Set up mfs all over the place? I much > > > prefer and need SATA anyway. > > > > > This might have been an issue 20 years ago. > > It is not any more. > > Please stop spreading FUD. > > I assume SD means microSD or something other than SSD. If not I > apologise. > > The latest atom boards come with 16-64 GB emmc onboard. > Apparently emmc may? perform wear levelling, SD would not unless you > pay a fortune for a special SD card. There seems to be a lot of > misinformation in this area which is quite dangerous considering what > some of these devices may be used for. > > http://eu.mouser.com/new/Swissbit/swissbit-industrial-SD-memory/ > > There are special embedded filesystems (often pay for) that do wear > leveling for standard SD, not sure if they reserve 20% of the space. In my experience, even the cheap microsds from big brands support some type of wear leveling. The "industrial" labels in the microsds are only related to the temperature tolerance. Almost every BSD/Linux filesystem will kill your microsd pretty quickly, even in controllers/cards with support for ERASE. The exception is F2FS which allows to reserve a big part of your card as overprovision. I always prefer any type of external card instead of a emmc, because in the case of you break the card, you can simply change it. You can't change the emmc without soldering a new one in the board. > > I am fairly sure even emmc does not reserve 20% like sandforce/SSD > does and so a full filesytem could fail quickly. Perhaps an unused > partition could solve that?? > Modern SSDs don't reserve the 20%. The overprovisioning is very small. -- Juan Francisco Cantero Hurtado http://juanfra.info
Re: Chip cheaper than chips
On Mon, 4 Dec 2017 13:57:41 +0100 > > dealing with Intel ME or AMD Ryzens bloat. Should I wait for > > everything to be ported to RISC and hope it is as stable and secure > > or wait for an ARM CISC chip, which probably won't happen? > > I'll bite: Patches for a RISC-V port would probably be welcome. Of course but I assume that would be similar to an ARM port and quite different from amd64. I any case, way more than I could achieve in a useful time frame. Basically I have to decide if older, hotter, larger and more expensive AMD hardware is a better choice and won't be obsoleted or if mitigations will suffice. Hoping Positive Technologies BlackHat presentations over the next few days will shed more light. It is a £1400 entrance fee so will have to wait for a youtube or future info releases. Dangerous Bugs aren't new such as with core2duo but this is looking insane. The Apollo Lake chips are really impressive, just a shame they are intrinsically covered in #*&%. Hopefully public pressure might cause Intel to release firmware with a proper safe mode switch.
Re: Chip cheaper than chips
2017-12-04 11:05 GMT+01:00 Kevin Chadwick : > dealing with Intel ME or AMD Ryzens bloat. Should I wait for everything > to be ported to RISC and hope it is as stable and secure or wait for an > ARM CISC chip, which probably won't happen? I'll bite: Patches for a RISC-V port would probably be welcome.
Re: Chip cheaper than chips
On Mon, 04 Dec 2017 06:22:17 -0500 > > > > > We like booting from the SD, but they have none. > > > > How do you manage flash wear? Set up mfs all over the place? I much > > prefer and need SATA anyway. > > > This might have been an issue 20 years ago. > It is not any more. > Please stop spreading FUD. I assume SD means microSD or something other than SSD. If not I apologise. The latest atom boards come with 16-64 GB emmc onboard. Apparently emmc may? perform wear levelling, SD would not unless you pay a fortune for a special SD card. There seems to be a lot of misinformation in this area which is quite dangerous considering what some of these devices may be used for. http://eu.mouser.com/new/Swissbit/swissbit-industrial-SD-memory/ There are special embedded filesystems (often pay for) that do wear leveling for standard SD, not sure if they reserve 20% of the space. I am fairly sure even emmc does not reserve 20% like sandforce/SSD does and so a full filesytem could fail quickly. Perhaps an unused partition could solve that??
Re: Chip cheaper than chips
> Kevin, the simpler answer here is, don't buy Intel (nor AMD). > > Hopefully some day we'll have open source chips akin to SiFive > Freedom U500 > ( > https://www.sifive.com/documentation/freedom-soc/freedom-u500-platform-brief/ > . > Thanks but I wouldn't call that simple. Probably more work than dealing with Intel ME or AMD Ryzens bloat. Should I wait for everything to be ported to RISC and hope it is as stable and secure or wait for an ARM CISC chip, which probably won't happen?
Re: Chip cheaper than chips
On Sat, 02 Dec 2017 19:03:05 -0500 > We like booting from the SD, but they have none. How do you manage flash wear? Set up mfs all over the place? I much prefer and need SATA anyway.
Re: Chip cheaper than chips
On 12/03/17 03:23, Rupert Gallagher wrote: > The bug on Atom C2000 was solved in the new C3000 series. It was a minor bug > anyway. > > I have no evidence that the management engine is part of the new chip. It is > an expensive extension that Intel would not include for free. Besides, if > available, I think I would use it! > > Sent from ProtonMail Mobile > > On Sun, Dec 3, 2017 at 03:47, wrote: > >> https://danluu.com/cpu-bugs/ It's included in this notice: https://www.intel.com/content/www/us/en/support/articles/25619/software.html And shown on the diagram in this product brief: https://www.intel.com/content/www/us/en/design/products-and-solutions/processors-and-chipsets/denverton/ns/atom-processor-c3000-series.html
Re: Chip cheaper than chips (ME)
Article on how to disable the management engine, if you have it and are afraid of it. http://blog.ptsecurity.com/2017/08/disabling-intel-me.html?m=1 > @openmailbox.org>
Re: Chip cheaper than chips
The bug on Atom C2000 was solved in the new C3000 series. It was a minor bug anyway. I have no evidence that the management engine is part of the new chip. It is an expensive extension that Intel would not include for free. Besides, if available, I think I would use it! Sent from ProtonMail Mobile On Sun, Dec 3, 2017 at 03:47, wrote: > https://danluu.com/cpu-bugs/
Re: Chip cheaper than chips
Kevin, the simpler answer here is, don't buy Intel (nor AMD). https://danluu.com/cpu-bugs/ shares some insights here - with respect to low quality, an Intel ex-employee sums up the low quality as "you have no idea", and that among other things, Intel "appears to be cutting back on validation effort", and had "an exodus of formal verification folks", as they're not competing on CPU correctness, but instead compete on price and power consumption against ARM only. Intel will not get better, so why do you buy into it? Hopefully some day we'll have open source chips akin to SiFive Freedom U500 ( https://www.sifive.com/documentation/freedom-soc/freedom-u500-platform-brief/ . Klemens, https://en.wikipedia.org/w/index.php?title=Intel_Management_Engine&oldid=812959957 , ah so actually their ignorantly made, bug-prone, proprietary Xenix with full RAM access, runs on every single Intel chip now? Dear. > Kevin On Sat, 02 Dec 2017 03:11:23 -0500 > Perhaps the older ones but I doubt that. The latest Atom Apollo Lake E3s > even PROVIDE "Access to user memory". Which I believe means the entire > RAM and if so is quite ridiculous!! > > I am sure it will change however the current working exploits require > access to a USB port, though the OS has access and could turn malware > into HW resident malware. OpenBSD is as good a protection as you will > get there though and probably even better for future exploits. I am > still unclear as to whether a properly setup Trusted Execution Engine > can protect the system. I guess from persistent firmware invasion but > not protect kernel memory access or prevent an attacker gaining > knowledge for gadgets (if can get to a Debug USB from userland) or > worse. .. > The most ironic is Intels recent adverts for not trusting software > but HW instead. Can be true in an application specific fashion but > even then it has to be done right. > > Unfortunately the lastest hardware is much cheaper so it isn't .. > On Sat, Dec 02, 2017 at 03:11:23AM -0500, Rupert Gallagher wrote: >> IME (vPro) is included in Xeon and Core chips. Atom is clear of it. Just >> checked. > Check again. > > vPro is nothing but a collective name for various technologies such as > VT-x, VT-d and primarily Active Management Technology (AMT); these can > be part of the Management Engine's firmware depending on the package. > > Intel integrates their ME in *all* chipsets since 2006. Again: *every* > CPU manufactured by Intel ships it since then. Integration, architecture > and features have been changing immensly over time.
Re: Chip cheaper than chips
On Sat, Dec 02, 2017 at 03:11:23AM -0500, Rupert Gallagher wrote: > IME (vPro) is included in Xeon and Core chips. Atom is clear of it. Just > checked. Check again. vPro is nothing but a collective name for various technologies such as VT-x, VT-d and primarily Active Management Technology (AMT); these can be part of the Management Engine's firmware depending on the package. Intel integrates their ME in *all* chipsets since 2006. Again: *every* CPU manufactured by Intel ships it since then. Integration, architecture and features have been changing immensly over time.
Re: Chip cheaper than chips
TB is a tiny and inexpensive chip that could be added to pcengines. Supermicro is too expensive, because of the unnecessary ipmi and video. We need 3x m.2 slots, but they only have one. We like booting from the SD, but they have none. Pcengines is a jewel for us. We depend on it. Sent from ProtonMail Mobile On Sat, Dec 2, 2017 at 22:09, Joel Wirāmu Pauling wrote: > You can get barebone c3xxx series atom boards from Supermicro. My personal > interest is the variants that come with dual SFP+ interfaces. It's a pity > that there is no thunderbolt3 on them by default (free 10/40gbit networking). > On 3 December 2017 at 08:54, Rupert Gallagher wrote: > Do you have any > reference on Intel M.E. being present on Atom C3308? > > Sent from ProtonMail > Mobile > > On Sat, Dec 2, 2017 at 20:14, Kevin Chadwick wrote: > >> On Sat, > 02 Dec 2017 03:11:23 -0500 > IME (vPro) is included in Xeon and Core chips. > Atom is clear of it. > Just checked. Perhaps the older ones but I doubt that. > The latest Atom Apollo Lake E3s even PROVIDE "Access to user memory". Which I > believe means the entire RAM and if so is quite ridiculous!! I am sure it > will change however the current working exploits require access to a USB > port, though the OS has access and could turn malware into HW resident > malware. OpenBSD is as good a protection as you will get there though and > probably even better for future exploits. I am still unclear as to whether a > properly setup Trusted Execution Engine can protect the system. I guess from > persistent firmware invasion but not protect kernel memory access or prevent > an attacker gaining knowledge for gadgets (if can get to a Debug USB from > userland) or worse. Reminds me of IPv6 to some degree but worse. Take a small > problem and expand it until you have potential for undermining everything. > The most ironic is Intels recent adverts for not trusting software but HW > instead. Can be true in an application specific fashion but even then it has > to be done right. Unfortunately the lastest hardware is much cheaper so it > isn't necessarily as simple as just using some older stuff that may just be > less understood, unless you go further into obsolescence territory. AMD is > *maybe* an option but they are moving higher end not cheaper by the looks of > it. @gmail.com> @protonmail.com>
Re: Chip cheaper than chips
You can get barebone c3xxx series atom boards from Supermicro. My personal interest is the variants that come with dual SFP+ interfaces. It's a pity that there is no thunderbolt3 on them by default (free 10/40gbit networking). On 3 December 2017 at 08:54, Rupert Gallagher wrote: > Do you have any reference on Intel M.E. being present on Atom C3308? > > Sent from ProtonMail Mobile > > On Sat, Dec 2, 2017 at 20:14, Kevin Chadwick wrote: > >> On Sat, 02 Dec 2017 03:11:23 -0500 > IME (vPro) is included in Xeon and Core >> chips. Atom is clear of it. > Just checked. Perhaps the older ones but I >> doubt that. The latest Atom Apollo Lake E3s even PROVIDE "Access to user >> memory". Which I believe means the entire RAM and if so is quite >> ridiculous!! I am sure it will change however the current working exploits >> require access to a USB port, though the OS has access and could turn >> malware into HW resident malware. OpenBSD is as good a protection as you >> will get there though and probably even better for future exploits. I am >> still unclear as to whether a properly setup Trusted Execution Engine can >> protect the system. I guess from persistent firmware invasion but not >> protect kernel memory access or prevent an attacker gaining knowledge for >> gadgets (if can get to a Debug USB from userland) or worse. Reminds me of >> IPv6 to some degree but worse. Take a small problem and expand it until you >> have potential for undermining everything. The most ironic is Intels recent >> adverts for not trusting software but HW instead. Can be true in an >> application specific fashion but even then it has to be done right. >> Unfortunately the lastest hardware is much cheaper so it isn't necessarily >> as simple as just using some older stuff that may just be less understood, >> unless you go further into obsolescence territory. AMD is *maybe* an option >> but they are moving higher end not cheaper by the looks of it.
Re: Chip cheaper than chips
Do you have any reference on Intel M.E. being present on Atom C3308? Sent from ProtonMail Mobile On Sat, Dec 2, 2017 at 20:14, Kevin Chadwick wrote: > On Sat, 02 Dec 2017 03:11:23 -0500 > IME (vPro) is included in Xeon and Core > chips. Atom is clear of it. > Just checked. Perhaps the older ones but I > doubt that. The latest Atom Apollo Lake E3s even PROVIDE "Access to user > memory". Which I believe means the entire RAM and if so is quite ridiculous!! > I am sure it will change however the current working exploits require access > to a USB port, though the OS has access and could turn malware into HW > resident malware. OpenBSD is as good a protection as you will get there > though and probably even better for future exploits. I am still unclear as to > whether a properly setup Trusted Execution Engine can protect the system. I > guess from persistent firmware invasion but not protect kernel memory access > or prevent an attacker gaining knowledge for gadgets (if can get to a Debug > USB from userland) or worse. Reminds me of IPv6 to some degree but worse. > Take a small problem and expand it until you have potential for undermining > everything. The most ironic is Intels recent adverts for not trusting > software but HW instead. Can be true in an application specific fashion but > even then it has to be done right. Unfortunately the lastest hardware is much > cheaper so it isn't necessarily as simple as just using some older stuff that > may just be less understood, unless you go further into obsolescence > territory. AMD is *maybe* an option but they are moving higher end not > cheaper by the looks of it.
Re: Chip cheaper than chips
On Sat, 02 Dec 2017 03:11:23 -0500 > IME (vPro) is included in Xeon and Core chips. Atom is clear of it. > Just checked. Perhaps the older ones but I doubt that. The latest Atom Apollo Lake E3s even PROVIDE "Access to user memory". Which I believe means the entire RAM and if so is quite ridiculous!! I am sure it will change however the current working exploits require access to a USB port, though the OS has access and could turn malware into HW resident malware. OpenBSD is as good a protection as you will get there though and probably even better for future exploits. I am still unclear as to whether a properly setup Trusted Execution Engine can protect the system. I guess from persistent firmware invasion but not protect kernel memory access or prevent an attacker gaining knowledge for gadgets (if can get to a Debug USB from userland) or worse. Reminds me of IPv6 to some degree but worse. Take a small problem and expand it until you have potential for undermining everything. The most ironic is Intels recent adverts for not trusting software but HW instead. Can be true in an application specific fashion but even then it has to be done right. Unfortunately the lastest hardware is much cheaper so it isn't necessarily as simple as just using some older stuff that may just be less understood, unless you go further into obsolescence territory. AMD is *maybe* an option but they are moving higher end not cheaper by the looks of it.
Re: Chip cheaper than chips
IME (vPro) is included in Xeon and Core chips. Atom is clear of it. Just checked. Sent from ProtonMail Mobile On Sat, Dec 2, 2017 at 06:42, wrote: > Not yet thanks. Not if it has that flawed Intel ME in it, I don't want it > running on my routers. I have enough trouble coming to grips with AMD's > Platform Security Processor rubbish, but at least that hasn't got any known > exploits, and the firmware blob for it appears much smaller. On Fri, 01 Dec > 2017 14:48:59 -0500 Rupert Gallagher wrote: > I am drooling for an Intel Atom > C3308. Two cores, but who cares? Higher context switch: so what? It is faster > than quad-core pcengines! It supports m.2, to finally replace mPCI and mSATA > with a single universal connector. It has both aes-ng and qat, to make vpn > faster than fast! It costs 32$!!! Give it to me! GIVE IT TO MEEE!!! > > Can > we setup an *hail mary* to pcengines and ask them to upgrade? > > > http://ark.intel.com/products/97935?ui=BIG @protonmail.com>
Re: Chip cheaper than chips
IME is not listed in the specs. Unless hidden, looks good to me. Sent from ProtonMail Mobile On Sat, Dec 2, 2017 at 06:42, wrote: > Not yet thanks. Not if it has that flawed Intel ME in it, I don't want it > running on my routers. I have enough trouble coming to grips with AMD's > Platform Security Processor rubbish, but at least that hasn't got any known > exploits, and the firmware blob for it appears much smaller. On Fri, 01 Dec > 2017 14:48:59 -0500 Rupert Gallagher wrote: > I am drooling for an Intel Atom > C3308. Two cores, but who cares? Higher context switch: so what? It is faster > than quad-core pcengines! It supports m.2, to finally replace mPCI and mSATA > with a single universal connector. It has both aes-ng and qat, to make vpn > faster than fast! It costs 32$!!! Give it to me! GIVE IT TO MEEE!!! > > Can > we setup an *hail mary* to pcengines and ask them to upgrade? > > > http://ark.intel.com/products/97935?ui=BIG @protonmail.com>
Re: Chip cheaper than chips
Not yet thanks. Not if it has that flawed Intel ME in it, I don't want it running on my routers. I have enough trouble coming to grips with AMD's Platform Security Processor rubbish, but at least that hasn't got any known exploits, and the firmware blob for it appears much smaller. On Fri, 01 Dec 2017 14:48:59 -0500 Rupert Gallagher wrote: > I am drooling for an Intel Atom C3308. Two cores, but who cares? Higher > context switch: so what? It is faster than quad-core pcengines! It supports > m.2, to finally replace mPCI and mSATA with a single universal connector. It > has both aes-ng and qat, to make vpn faster than fast! It costs 32$!!! Give > it to me! GIVE IT TO MEEE!!! > > Can we setup an *hail mary* to pcengines and ask them to upgrade? > > http://ark.intel.com/products/97935?ui=BIG
