Re: Microsoft priority for "business" ryzen flawed
Linux doesn’t necessarily have a standard security stack which is probably the issue. There are many Linux kernel and virtualization security features and AMD does generally support those. But Windows makes a fairly well defined set of APIs for the platform as a whole. This means that when you use the Windows encryption APIs, if the CPU supports hardware encryption, it will be hardware accelerated.
On Linux, you would need to have an OpenSSL implementation that makes use of kernel modules for encryption which may or may not be vendor specific. The same would go for the multitude of other encryption APIs. One downside being that if a bug is found, on Windows, theoretically the next Windows update will fix it for everything. For Linux, every kernel module and every encryption library would have to be updated to support it. That said, the response time to patch these libraries are FAST!!! but if you’re using a Cisco ISE Server, it could take 8 months to a year and still not actually be patched.... which is why using software like this from companies like Cisco should be avoided at all cost.
AMD is working just as hard as Intel to support Linux in this sense. But Linux also depends very heavily on the community to update their libraries as quickly as possible. So, if a flaw is found in an AMD encryption or security library, it is very possible that the developers won’t have access to an AMD platform to verify against. Though many online CI/CD services exist which probably will.
That said, I tend to unit and integration test my security code against a very limited set of CPUs, the Intel generations and a handful of specific ARM CPUs. I probably won’t pay the additional money to test against AMD. It wouldn’t justify a high enough volume to be bothered by that. It would be safer to just say “Use at your own risk on AMD”. If AMD ever gains a noticeable market share again, I’ll consider otherwise.
Of course, I am developing all my server applications against Raspberry Pi now because I simply can’t write code bad enough to justify more than that. I am writing a management system for 2.5 million active users at this time and since everything other than our internet systems are cloud based now, I could never imagine needing more than a few Raspberry PIs to handle the few millions transactions a day we’re processing.
It was pretty awesome all things considered. A data center at $100 a node after power, storage and connectivity vs our old servers at $120,000 a node. What’s worse is that thanks to in-memory databases and map/reduce, it’s much faster on the Raspberry PIs because we’re using the money saved on IT to focus more on good development practice.