Until Steve Burke makes a video slagging them off, that is
They've already got the patch code deployed on Epyc.
Some AMD processors dating back to 2006 have a security vulnerability that's a boon for particularly underhand malware and rogue insiders, though the chip designer is only patching models made since 2020. The flaw was discovered by the folks at infosec services outfit IOActive, and tracked as CVE-2023-31315 aka SinkClose. It's …
Ouch. Some of those Zen 2 chips only launched 49 months ago. It's not very long ago they stopped being sold through direct channels and there still plenty of new ones knocking around on Amazon marketplace etc. (For comparison AMD's own EU sales site currently sells a chip launched 45 months ago - the 5800X).
We have to start shopping around for CPU security update commitments, like with phones. What do Intel offer?
(So much more painful because the Zen 2 is such a fantastic architecture. I figured they could finally be something to rival the longevity of the mighty Core 2)
Having it be super secure is also bad for many. I think most techies would prefer having more control over their devices and not be locked down and somewhat powerless.
It's part of the appeal of open source and linux and PCs in general vs more locked systems like game consoles, mobile phones etc.
It's really hard to provide a (truly) secure, open system. Perhaps impossible.
Never having a known compromise of any system of mine since the 90s and the [STONED] virus, I don't care about this kind of security thing. It's super unlikely that I'd ever be impacted by it. Same reason I didn't apply patches for meltdown/spectre and specifically disable the fixes in the linux kernel.
Don't forget that there will always be some new vulnerability around the corner.
If you are in the unlucky position of being an at risk target then I feel for you.
I suspect the vast majority of servers out there at least are VMs which I assume should lower the attack surface as you'd have to compromise the host in order to do anything with the firmware.
Been running Internet connected services since 1996.
In principle, Microsoft could (and should) twist AMD's (figurative) nipples and make them fix every chip AMD themselves deemed adequate for Win11.
Part of the dealio for a chip to qualify for Win11 was a compromise from AMD (and Intel) to supply drivers support and security fixes for said products.
That's how we eneded at Win11 launch with Intel's 8th gen onwards and AMD's 2nd gen Ryzen...
So, AMD, get patching, before big bad microsoft comes for you...
This post has been deleted by its author
"In defense of AMD...". Do you work for them or something?
So it's OK for a manufacturer to churn out badly designed c**p, so long as they can get it to the end of a 12 month warranty? And what do you mean by warranty anyway? The last one ever sold or the one you bought? Have you stopped to think that if security support was limited to warranty your going to be cost a furtune replacing stuff every five minutes? What complete nonsense.
My Dell R710 server is running an X5675, released Q1'11. RHEL9 applies a microcode update:
# dmesg | head -1
[ 0.000000] microcode: microcode updated early to revision 0x1f, date = 2018-05-08
The spectre-meltdown-checker.sh script reports:
CPU microcode is the latest known available version: YES
(latest version is 0x1f dated 2018/05/08 according to builtin firmwares DB v296+i20240514+988c)
It seems as if Intel is more indulgent with these updates than is AMD.
Looks about right. Intel *usually* EOL chips 7-8 years after release.
Skylake and Kaby Lake were ending a bit prematurely but a microcode update for Kaby Lake has dropped in my inbox this morning.
Think this decision was them being the wrong side of MS cut off for W11, who knows?
The Spectre cut off reasons were “impossible / too hard” and severe performance penalties AIUI.