Platform Comparison

From RCS Wiki
Revision as of 16:25, 4 August 2018 by HLandau (talk | contribs) (Created page with "{| class="wikitable sortable" ! Aspect ! Talos II ! Modern Intel or AMD x86-64 System |- | Hardware Initialization Firmware | Early hardware initialization is performed by the...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Aspect Talos II Modern Intel or AMD x86-64 System
Hardware Initialization Firmware Early hardware initialization is performed by the SBE, the firmware for which is open source and user-modifiable. Early hardware initialization is performed by the Intel Management Engine (ME) or AMD Platform Security Processor (PSP), a closed-source vendor-signed blob which cannot be modified.
Microcode POWER9 lacks horizontal or vertical microcode, aside from a few instructions which use a hardcoded sequencer. All instruction decode logic is hardcoded. Microcode is provided by vendor as an encrypted and vendor-signed blob decrypted and verified by the CPU during boot. Cannot be examined or modified.
Auxiliary Processor Code A number of auxillary processors on the CPU chip perform thermal and power regulation.

The code for these processors is open source and user-modifiable.

The number or purpose of any auxillary processors on Intel and AMD x86-64 designs is not well documented, though at least one such processor is known to exist on current AMD x86-64 designs (the "System Management Unit"). More may exist.

The code for these processors is not open source; it is unclear whether it is user-modifiable.

Boot Firmware Ships with open source and user-modifiable firmware. A typical vendor x86-64 system uses closed source boot firmware, and in some cases (where "Intel Boot Guard" is used) it may not be user-modifiable either.

Although open source boot firmware such as Coreboot is available, on modern x86-64 systems, it incorporates vendor-supplied binary blobs to perform essential platform initialization.

Management Firmware Ships with OpenBMC, an open source and user-modifiable IPMI stack. A typical x86-64 server uses a closed source IPMI stack, which may or may not be user-modifiable.
FPGA Firmware The Verilog source code for the FPGA used for power sequencing is open source. The specific FPGA used was chosen because an open source toolchain exists for it. (As a result, the bitstream can be built on the Talos II itself, allowing self-hosted firmware development.) A typical x86-64 board may or may not use an FPGA or microcontroller for power sequencing; if used, the bitstream or source code is generally not available.
NIC Firmware Integrated BCM5719 Gigabit Ethernet NIC has closed-source but user-modifiable firmware. The device is behind the system IOMMU, so the security threat posed is limited. Work on writing open source replacement firmware is ongoing. Usage is optional; the device can be disabled. An alternative NIC could be used via PCIe. Varies by board and I/O peripherals.
SAS/SATA Firmware Optional PM8068 SAS/SATA controller has closed-source firmware. It is unknown whether it is user-modifiable, but the firmware is of a size and complexity likely to make development of an open source replacement infeasible. The device may be disabled, and boards may be ordered with the SAS/SATA controller not present. An alternative storage controller could be used via PCIe.

Note: Since all known SAS/SATA HDD/SSDs use proprietary firmware, the security advantages of open source storage controller firmware appear limited. The IOMMU protects the system from malicious I/O devices, including both storage controllers and storage devices.

Varies by board and I/O peripherals.
Board Schematics Provided with all shipped boards. Generally not available.
Secure Boot Optional secure boot functionality with an owner-controlled root of trust for both firmware and OS. Secure boot configuration varies by vendor. Root of trust for OS kernel verification is generally configurable, but root of trust for vendor firmware may be locked to the vendor.
Trusted Boot An optional FlexVer module is planned to provide trusted boot. Emphasis on physical tamper-proofing provides greater resilience against physical attack than a standard TPM. Firmware will be open source and user-modifiable. TPM-based, generally as an optional module. Almost always vulnerable to physical attack (e.g. TPM reset attacks). Currently available TPMs are understood to have closed-source firmware. It is unknown whether this firmware is user-modifiable.
DRM Does not contain DRM functionality. Contains DRM functionality for protection of video content.