Chip cheaper than chips

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Chip cheaper than chips

Rupert Gallagher
I am drooling for an Intel Atom C3308. Two cores, but who cares? Higher context switch: so what? It is faster than quad-core pcengines! It supports m.2, to finally replace mPCI and mSATA with a single universal connector. It has both aes-ng and qat, to make vpn faster than fast! It costs 32$!!! Give it to me! GIVE IT TO MEEE!!!

Can we setup an *hail mary* to pcengines and ask them to upgrade?

http://ark.intel.com/products/97935?ui=BIG
Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

bytevolcano
Not yet thanks. Not if it has that flawed Intel ME in it, I don't want
it running on my routers. I have enough trouble coming to grips with
AMD's Platform Security Processor rubbish, but at least that hasn't got
any known exploits, and the firmware blob for it appears much smaller.

On Fri, 01 Dec 2017 14:48:59 -0500
Rupert Gallagher <[hidden email]> wrote:

> I am drooling for an Intel Atom C3308. Two cores, but who cares? Higher context switch: so what? It is faster than quad-core pcengines! It supports m.2, to finally replace mPCI and mSATA with a single universal connector. It has both aes-ng and qat, to make vpn faster than fast! It costs 32$!!! Give it to me! GIVE IT TO MEEE!!!
>
> Can we setup an *hail mary* to pcengines and ask them to upgrade?
>
> http://ark.intel.com/products/97935?ui=BIG

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Rupert Gallagher
IME is not listed in the specs. Unless hidden, looks good to me.

Sent from ProtonMail Mobile

On Sat, Dec 2, 2017 at 06:42, <[hidden email]> wrote:

> Not yet thanks. Not if it has that flawed Intel ME in it, I don't want it running on my routers. I have enough trouble coming to grips with AMD's Platform Security Processor rubbish, but at least that hasn't got any known exploits, and the firmware blob for it appears much smaller. On Fri, 01 Dec 2017 14:48:59 -0500 Rupert Gallagher wrote: > I am drooling for an Intel Atom C3308. Two cores, but who cares? Higher context switch: so what? It is faster than quad-core pcengines! It supports m.2, to finally replace mPCI and mSATA with a single universal connector. It has both aes-ng and qat, to make vpn faster than fast! It costs 32$!!! Give it to me! GIVE IT TO MEEE!!! > > Can we setup an *hail mary* to pcengines and ask them to upgrade? > > http://ark.intel.com/products/97935?ui=BIG @protonmail.com>
Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Rupert Gallagher
In reply to this post by bytevolcano
IME (vPro) is included in Xeon and Core chips. Atom is clear of it. Just checked.

Sent from ProtonMail Mobile

On Sat, Dec 2, 2017 at 06:42, <[hidden email]> wrote:

> Not yet thanks. Not if it has that flawed Intel ME in it, I don't want it running on my routers. I have enough trouble coming to grips with AMD's Platform Security Processor rubbish, but at least that hasn't got any known exploits, and the firmware blob for it appears much smaller. On Fri, 01 Dec 2017 14:48:59 -0500 Rupert Gallagher wrote: > I am drooling for an Intel Atom C3308. Two cores, but who cares? Higher context switch: so what? It is faster than quad-core pcengines! It supports m.2, to finally replace mPCI and mSATA with a single universal connector. It has both aes-ng and qat, to make vpn faster than fast! It costs 32$!!! Give it to me! GIVE IT TO MEEE!!! > > Can we setup an *hail mary* to pcengines and ask them to upgrade? > > http://ark.intel.com/products/97935?ui=BIG @protonmail.com>
Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Kevin Chadwick-4
On Sat, 02 Dec 2017 03:11:23 -0500


> IME (vPro) is included in Xeon and Core chips. Atom is clear of it.
> Just checked.

Perhaps the older ones but I doubt that. The latest Atom Apollo Lake E3s
even PROVIDE "Access to user memory". Which I believe means the entire
RAM and if so is quite ridiculous!!

I am sure it will change however the current working exploits require
access to a USB port, though the OS has access and could turn malware
into HW resident malware. OpenBSD is as good a protection as you will
get there though and probably even better for future exploits. I am
still unclear as to whether a properly setup Trusted Execution Engine
can protect the system. I guess from persistent firmware invasion but
not protect kernel memory access or prevent an attacker gaining
knowledge for gadgets (if can get to a Debug USB from userland) or
worse.

Reminds me of IPv6 to some degree but worse. Take a small problem and
expand it until you have potential for undermining everything.

The most ironic is Intels recent adverts for not trusting software
but HW instead. Can be true in an application specific fashion but
even then it has to be done right.

Unfortunately the lastest hardware is much cheaper so it isn't
necessarily as simple as just using some older stuff that may just be
less understood, unless you go further into obsolescence territory. AMD
is *maybe* an option but they are moving higher end not cheaper by the
looks of it.

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Rupert Gallagher
Do you have any reference on Intel M.E. being present on Atom C3308?

Sent from ProtonMail Mobile

On Sat, Dec 2, 2017 at 20:14, Kevin Chadwick <[hidden email]> wrote:

> On Sat, 02 Dec 2017 03:11:23 -0500 > IME (vPro) is included in Xeon and Core chips. Atom is clear of it. > Just checked. Perhaps the older ones but I doubt that. The latest Atom Apollo Lake E3s even PROVIDE "Access to user memory". Which I believe means the entire RAM and if so is quite ridiculous!! I am sure it will change however the current working exploits require access to a USB port, though the OS has access and could turn malware into HW resident malware. OpenBSD is as good a protection as you will get there though and probably even better for future exploits. I am still unclear as to whether a properly setup Trusted Execution Engine can protect the system. I guess from persistent firmware invasion but not protect kernel memory access or prevent an attacker gaining knowledge for gadgets (if can get to a Debug USB from userland) or worse. Reminds me of IPv6 to some degree but worse. Take a small problem and expand it until you have potential for undermining everything. The most ironic is Intels recent adverts for not trusting software but HW instead. Can be true in an application specific fashion but even then it has to be done right. Unfortunately the lastest hardware is much cheaper so it isn't necessarily as simple as just using some older stuff that may just be less understood, unless you go further into obsolescence territory. AMD is *maybe* an option but they are moving higher end not cheaper by the looks of it.
Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Joel Wirāmu Pauling
You can get barebone c3xxx series atom boards from Supermicro.

My personal interest is the variants that come with dual SFP+
interfaces. It's a pity that there is no thunderbolt3 on them by
default (free 10/40gbit networking).

On 3 December 2017 at 08:54, Rupert Gallagher <[hidden email]> wrote:
> Do you have any reference on Intel M.E. being present on Atom C3308?
>
> Sent from ProtonMail Mobile
>
> On Sat, Dec 2, 2017 at 20:14, Kevin Chadwick <[hidden email]> wrote:
>
>> On Sat, 02 Dec 2017 03:11:23 -0500 > IME (vPro) is included in Xeon and Core chips. Atom is clear of it. > Just checked. Perhaps the older ones but I doubt that. The latest Atom Apollo Lake E3s even PROVIDE "Access to user memory". Which I believe means the entire RAM and if so is quite ridiculous!! I am sure it will change however the current working exploits require access to a USB port, though the OS has access and could turn malware into HW resident malware. OpenBSD is as good a protection as you will get there though and probably even better for future exploits. I am still unclear as to whether a properly setup Trusted Execution Engine can protect the system. I guess from persistent firmware invasion but not protect kernel memory access or prevent an attacker gaining knowledge for gadgets (if can get to a Debug USB from userland) or worse. Reminds me of IPv6 to some degree but worse. Take a small problem and expand it until you have potential for undermining everything. The most ironic is Intels recent adverts for not trusting software but HW instead. Can be true in an application specific fashion but even then it has to be done right. Unfortunately the lastest hardware is much cheaper so it isn't necessarily as simple as just using some older stuff that may just be less understood, unless you go further into obsolescence territory. AMD is *maybe* an option but they are moving higher end not cheaper by the looks of it.

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Rupert Gallagher
TB is a tiny and inexpensive chip that could be added to pcengines.

Supermicro is too expensive, because of the unnecessary ipmi and video. We need 3x m.2 slots, but they only have one. We like booting from the SD, but they have none. Pcengines is a jewel for us. We depend on it.

Sent from ProtonMail Mobile

On Sat, Dec 2, 2017 at 22:09, Joel Wirāmu Pauling <[hidden email]> wrote:

> You can get barebone c3xxx series atom boards from Supermicro. My personal interest is the variants that come with dual SFP+ interfaces. It's a pity that there is no thunderbolt3 on them by default (free 10/40gbit networking). On 3 December 2017 at 08:54, Rupert Gallagher wrote: > Do you have any reference on Intel M.E. being present on Atom C3308? > > Sent from ProtonMail Mobile > > On Sat, Dec 2, 2017 at 20:14, Kevin Chadwick wrote: > >> On Sat, 02 Dec 2017 03:11:23 -0500 > IME (vPro) is included in Xeon and Core chips. Atom is clear of it. > Just checked. Perhaps the older ones but I doubt that. The latest Atom Apollo Lake E3s even PROVIDE "Access to user memory". Which I believe means the entire RAM and if so is quite ridiculous!! I am sure it will change however the current working exploits require access to a USB port, though the OS has access and could turn malware into HW resident malware. OpenBSD is as good a protection as you will get there though and probably even better for future exploits. I am still unclear as to whether a properly setup Trusted Execution Engine can protect the system. I guess from persistent firmware invasion but not protect kernel memory access or prevent an attacker gaining knowledge for gadgets (if can get to a Debug USB from userland) or worse. Reminds me of IPv6 to some degree but worse. Take a small problem and expand it until you have potential for undermining everything. The most ironic is Intels recent adverts for not trusting software but HW instead. Can be true in an application specific fashion but even then it has to be done right. Unfortunately the lastest hardware is much cheaper so it isn't necessarily as simple as just using some older stuff that may just be less understood, unless you go further into obsolescence territory. AMD is *maybe* an option but they are moving higher end not cheaper by the looks of it. @gmail.com> @protonmail.com>
Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Klemens Nanni
In reply to this post by Rupert Gallagher
On Sat, Dec 02, 2017 at 03:11:23AM -0500, Rupert Gallagher wrote:
> IME (vPro) is included in Xeon and Core chips. Atom is clear of it. Just checked.
Check again.

vPro is nothing but a collective name for various technologies such as
VT-x, VT-d and primarily Active Management Technology (AMT); these can
be part of the Management Engine's firmware depending on the package.

Intel integrates their ME in *all* chipsets since 2006. Again: *every*
CPU manufactured by Intel ships it since then. Integration, architecture
and features have been changing immensly over time.

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

tinkr
In reply to this post by Rupert Gallagher
Kevin, the simpler answer here is, don't buy Intel (nor AMD).

https://danluu.com/cpu-bugs/ shares some insights here - with respect to low quality, an Intel ex-employee sums up the low quality as "you have no idea", and that among other things, Intel "appears to be cutting back on validation effort", and had "an exodus of formal verification folks", as they're not competing on CPU correctness, but instead compete on price and power consumption against ARM only.

Intel will not get better, so why do you buy into it?


Hopefully some day we'll have open source chips akin to SiFive Freedom U500 ( https://www.sifive.com/documentation/freedom-soc/freedom-u500-platform-brief/ .


Klemens, https://en.wikipedia.org/w/index.php?title=Intel_Management_Engine&oldid=812959957 , ah so actually their ignorantly made, bug-prone, proprietary Xenix with full RAM access, runs on every single Intel chip now? Dear.


> Kevin On Sat, 02 Dec 2017 03:11:23 -0500
> Perhaps the older ones but I doubt that. The latest Atom Apollo Lake E3s
> even PROVIDE "Access to user memory". Which I believe means the entire
> RAM and if so is quite ridiculous!!
>
> I am sure it will change however the current working exploits require
> access to a USB port, though the OS has access and could turn malware
> into HW resident malware. OpenBSD is as good a protection as you will
> get there though and probably even better for future exploits. I am
> still unclear as to whether a properly setup Trusted Execution Engine
> can protect the system. I guess from persistent firmware invasion but
> not protect kernel memory access or prevent an attacker gaining
> knowledge for gadgets (if can get to a Debug USB from userland) or
> worse.
..
> The most ironic is Intels recent adverts for not trusting software
> but HW instead. Can be true in an application specific fashion but
> even then it has to be done right.
>
> Unfortunately the lastest hardware is much cheaper so it isn't
..

> On Sat, Dec 02, 2017 at 03:11:23AM -0500, Rupert Gallagher wrote:
>> IME (vPro) is included in Xeon and Core chips. Atom is clear of it. Just checked.
> Check again.
>
> vPro is nothing but a collective name for various technologies such as
> VT-x, VT-d and primarily Active Management Technology (AMT); these can
> be part of the Management Engine's firmware depending on the package.
>
> Intel integrates their ME in *all* chipsets since 2006. Again: *every*
> CPU manufactured by Intel ships it since then. Integration, architecture
> and features have been changing immensly over time.
Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Rupert Gallagher
The bug on Atom C2000 was solved in the new C3000 series. It was a minor bug anyway.

I have no evidence that the management engine is part of the new chip. It is an expensive extension that Intel would not include for free. Besides, if available, I think I would use it!

Sent from ProtonMail Mobile

On Sun, Dec 3, 2017 at 03:47, <[hidden email]> wrote:

> https://danluu.com/cpu-bugs/
Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Brian McCafferty


On 12/03/17 03:23, Rupert Gallagher wrote:
> The bug on Atom C2000 was solved in the new C3000 series. It was a minor bug anyway.
>
> I have no evidence that the management engine is part of the new chip. It is an expensive extension that Intel would not include for free. Besides, if available, I think I would use it!
>
> Sent from ProtonMail Mobile
>
> On Sun, Dec 3, 2017 at 03:47, <[hidden email]> wrote:
>
>> https://danluu.com/cpu-bugs/

It's included in this notice:
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

And shown on the diagram in this product brief:
https://www.intel.com/content/www/us/en/design/products-and-solutions/processors-and-chipsets/denverton/ns/atom-processor-c3000-series.html

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Kevin Chadwick-4
In reply to this post by Rupert Gallagher
On Sat, 02 Dec 2017 19:03:05 -0500


>  We like booting from the SD, but they have none.

How do you manage flash wear? Set up mfs all over the place? I much
prefer and need SATA anyway.

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Kevin Chadwick-4
In reply to this post by tinkr



> Kevin, the simpler answer here is, don't buy Intel (nor AMD).
>
> Hopefully some day we'll have open source chips akin to SiFive
> Freedom U500
> ( https://www.sifive.com/documentation/freedom-soc/freedom-u500-platform-brief/ .
>

Thanks but I wouldn't call that simple. Probably more work than
dealing with Intel ME or AMD Ryzens bloat. Should I wait for everything
to be ported to RISC and hope it is as stable and secure or wait for an
ARM CISC chip, which probably won't happen?

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Kevin Chadwick-4
In reply to this post by Kevin Chadwick-4
On Mon, 04 Dec 2017 06:22:17 -0500


> >  
> > >  We like booting from the SD, but they have none.  
> >
> > How do you manage flash wear? Set up mfs all over the place? I much
> > prefer and need SATA anyway.
> >  
>  This might have been an issue 20 years ago.
> It is not any more.
> Please stop spreading FUD.

I assume SD means microSD or something other than SSD. If not I
apologise.

The latest atom boards come with 16-64 GB emmc onboard.
Apparently emmc may? perform wear levelling, SD would not unless you
pay a fortune for a special SD card. There seems to be a lot of
misinformation in this area which is quite dangerous considering what
some of these devices may be used for.

http://eu.mouser.com/new/Swissbit/swissbit-industrial-SD-memory/

There are special embedded filesystems (often pay for) that do wear
leveling for standard SD, not sure if they reserve 20% of the space.

I am fairly sure even emmc does not reserve 20% like sandforce/SSD
does and so a full filesytem could fail quickly. Perhaps an unused
partition could solve that??

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Martin Schröder
In reply to this post by Kevin Chadwick-4
2017-12-04 11:05 GMT+01:00 Kevin Chadwick <[hidden email]>:
> dealing with Intel ME or AMD Ryzens bloat. Should I wait for everything
> to be ported to RISC and hope it is as stable and secure or wait for an
> ARM CISC chip, which probably won't happen?

I'll bite: Patches for a RISC-V port would probably be welcome.

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Kevin Chadwick-4
On Mon, 4 Dec 2017 13:57:41 +0100


> > dealing with Intel ME or AMD Ryzens bloat. Should I wait for
> > everything to be ported to RISC and hope it is as stable and secure
> > or wait for an ARM CISC chip, which probably won't happen?  
>
> I'll bite: Patches for a RISC-V port would probably be welcome.

Of course but I assume that would be similar to an ARM port and quite
different from amd64. I any case, way more than I could achieve in a
useful time frame.

Basically I have to decide if older, hotter, larger and more expensive
AMD hardware is a better choice and won't be obsoleted or if
mitigations will suffice. Hoping Positive Technologies BlackHat
presentations over the next few days will shed more light. It is a
£1400 entrance fee so will have to wait for a youtube or future info
releases.

Dangerous Bugs aren't new such as with core2duo but this is looking
insane. The Apollo Lake chips are really impressive, just a shame they
are intrinsically covered in #*&%. Hopefully public pressure might
cause Intel to release firmware with a proper safe mode switch.

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Juan Francisco Cantero Hurtado
In reply to this post by Kevin Chadwick-4
On Mon, Dec 04, 2017 at 11:41:56AM +0000, Kevin Chadwick wrote:

> On Mon, 04 Dec 2017 06:22:17 -0500
>
>
> > >  
> > > >  We like booting from the SD, but they have none.  
> > >
> > > How do you manage flash wear? Set up mfs all over the place? I much
> > > prefer and need SATA anyway.
> > >  
> >  This might have been an issue 20 years ago.
> > It is not any more.
> > Please stop spreading FUD.
>
> I assume SD means microSD or something other than SSD. If not I
> apologise.
>
> The latest atom boards come with 16-64 GB emmc onboard.
> Apparently emmc may? perform wear levelling, SD would not unless you
> pay a fortune for a special SD card. There seems to be a lot of
> misinformation in this area which is quite dangerous considering what
> some of these devices may be used for.
>
> http://eu.mouser.com/new/Swissbit/swissbit-industrial-SD-memory/
>
> There are special embedded filesystems (often pay for) that do wear
> leveling for standard SD, not sure if they reserve 20% of the space.

In my experience, even the cheap microsds from big brands support some
type of wear leveling. The "industrial" labels in the microsds are only
related to the temperature tolerance.

Almost every BSD/Linux filesystem will kill your microsd pretty quickly,
even in controllers/cards with support for ERASE. The exception is F2FS
which allows to reserve a big part of your card as overprovision.

I always prefer any type of external card instead of a emmc, because in
the case of you break the card, you can simply change it. You can't
change the emmc without soldering a new one in the board.

>
> I am fairly sure even emmc does not reserve 20% like sandforce/SSD
> does and so a full filesytem could fail quickly. Perhaps an unused
> partition could solve that??
>

Modern SSDs don't reserve the 20%. The overprovisioning is very small.


--
Juan Francisco Cantero Hurtado http://juanfra.info

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

Duncan
In reply to this post by Rupert Gallagher
Dear Rupert,

It is well-documented that the ME hardware is built in to all Intel
hardware since 2006.

This may not include the "enterprise" AMT offering (hence lack of "vPro"
branding), which is just a module that runs on the ME hardware. To
clarify: the "vPro" branding and the Intel ME hardware (and base
firmware that runs on it) are not tied together.

This page gathers some information:

https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F

Just going by the Intel page on the recent horror-show vulnerability, we
see that Intel Atom C3xxx processors are indeed affected:

https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr

You should make up your own mind (I think the new Intel hardware is
pretty neat in many respects, actually). Maybe you should consider
running the (above) me_cleaner tool, as that is thought to remove much
of the network stack.

All the best,
Duncan

Rupert Gallagher:
> Do you have any reference on Intel M.E. being present on Atom C3308?
>
> Sent from ProtonMail Mobile
>

Reply | Threaded
Open this post in threaded view
|

Re: Chip cheaper than chips

bytevolcano
In reply to this post by Kevin Chadwick-4
Better yet, get rid of such insane rubbish in the first place. Why
would you want a remote admin tool built into the CPU out of all
things?

On Mon, 4 Dec 2017 13:46:02 +0000
Kevin Chadwick <[hidden email]> wrote:

> Dangerous Bugs aren't new such as with core2duo but this is looking
> insane. The Apollo Lake chips are really impressive, just a shame they
> are intrinsically covered in #*&%. Hopefully public pressure might
> cause Intel to release firmware with a proper safe mode switch.

12