Comment

Comment on The Risk of RISC-V: What's Going on at SiFive?

NeoNachtwaechter@lemmy.world ⁨1⁩ ⁨year⁩ ago

maintains the open-ness and customization that RISC-V offers

Thinking about cybersecurity: does this kind of open-ness mean that some evil guys could now design some evil behaviour into the hardware, and no scanner software will ever be able to detect it, because it is only a software scanner?

source

Sort:hotnew top

partial_accumen@lemmy.world ⁨1⁩ ⁨year⁩ ago
That sounds like lots of extra work, when current CPU manufacturers built that hidden space in already. Intel Management Engine is a great example.

source
bh64@lemm.ee ⁨1⁩ ⁨year⁩ ago
security through obscurity is a bad practice.

it’s better to be transparent and let everyone analyze your design. the more eyes on it, the better. even the proprietary and obscured Intel CPUs have had security vulnerabilities in the past.

source
TheHobbyist@lemmy.zip ⁨1⁩ ⁨year⁩ ago
Do you mean that someone can take the design, place a hardware vulnerability and sell it? Sure, but this does not require RISC V to be possible, there are already vulnerable CPUs sold on the market. People have found such vulnerabilities already in reputable Intel CPUs for example (look up Spectre).

source
- IHeartBadCode@kbin.social ⁨1⁩ ⁨year⁩ ago
  Dell iDRAC comes to mind as well.
  
  source
  - fuckwit_mcbumcrumble@lemmy.world ⁨1⁩ ⁨year⁩ ago
    iDRAC is specifically designed for remote management of serves. Calling it a back door is silly when it’s more of a front door. It’s how Dell intends for you to manage the server.
    
    source
    t0m5k1@lemmy.world ⁨1⁩ ⁨year⁩ ago
    That’s the same train of thaught I had when telnet was declared a back door in huawei devices.
    
    theregister.com/…/huawei_enterprise_router_backdo…
    
    During the hey day I passed hcna-rs, the first thing we were taught was to just use telnet as a means to enable shh, then log back in and disable telnet.
    
    Moral of the story, do not under estimate a nation state’s use of global tech media to effect a global drop of a product or manufacturer from the market.
    
    source
    IHeartBadCode@kbin.social ⁨1⁩ ⁨year⁩ ago
    LUL. So you’re right but one of the horror stories I tell around campfires is how many folks don’t know about that front door.
    
    So how about we agree to “surprise feature” for iDRAC? And, yes yes, I can feel the “they shouldn’t be admins” coming.
    
    source
    -> View More Comments
  - Socsa@sh.itjust.works ⁨1⁩ ⁨year⁩ ago
    MFW a so-called cyber security researcher learns about IPMI
    
    source
baduhai@sopuli.xyz ⁨1⁩ ⁨year⁩ ago
Don’t downvote this person, they’re just asking a question.

source