AMD Is Investigating Claims That Company Data Was Stolen In Hack

AMD said on Tuesday it was looking into claims that company data was stolen in a hack by a cybercriminal organization called “Intelbroker”. “The alleged intrusion, which took place in June 2024, reportedly resulted in the theft of a significant amount of sensitive information, spanning across various categories,” reports Hackread. From the report: In a recent post on Breach Forums, IntelBroker detailed the extent of the compromised data. The hacker claims to have accessed information related to the following records: ROMs, Firmware, Source code, Property files, Employee databases, Customer databases, Financial information, Future AMD product plans, and Technical specification sheets. The hacker is selling the data exclusively for XMR (Monero) cryptocurrency, accepting a middleman for transactions. He advises interested buyers to message him with their offers.

The reputation of IntelBroker in the cybersecurity community is one of significant concern, given the scale and sensitivity of the targeted entities in previous hacks. The hacker’s past exploits include breaches of: Europol, Tech in Asia, Space-Eyes, Home Depot, Facebook Marketplace, U.S. contractor Acuity Inc., Staffing giant Robert Half, Los Angeles International Airport, and Alleged breaches of HSBC and Barclays Bank. Although the hacker’s origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the T-Mobile data breaches.

Read more of this story at Slashdot.

AMD Blows Up Its Laptop CPU Numbering System

AMD is reverting to a simpler, more traditional numbering scheme for its laptop processors, abandoning its recent complex “decoder ring” system. The new system for Ryzen AI laptop processors will use a three-digit model number to denote generation and SKU, aligning more closely with industry norms. Ars Technica reports: For its new Ryzen AI laptop processors, codenamed “Strix Point,” AMD is still using the same broad Ryzen 3/5/7/9 number to communicate general performance level plus a one- or two-letter suffix to denote general performance and power level (U for ultraportables, HX for higher-performance chips, and so on). A new three-digit processor number will inform buyers of the chip’s generation in the first digit and denote the specific SKU using the last two digits. In other words, the company is essentially hitting the undo button.

Like Intel, AMD is shifting from four-digit numbers to three digits. The Strix Point processor numbers will start with the 300 series, which AMD says is because this is the third generation of Ryzen laptop processors with a neural processing unit (NPU) included. Current 7040-series and 8040-series processors with NPUs are not being renamed retroactively, and AMD plans to stop using the 7000- and 8000-series numbering for processor introductions going forward. AMD wouldn’t describe exactly how it would approach CPU model numbers for new products that used older architectures but did say that new processors that didn’t meet the 40+ TOPS requirement for Microsoft’s Copilot+ program would simply use the “Ryzen” name instead of the new “Ryzen AI” branding. That would include older architectures with slower NPUs, like the current 7040 and 8040-series chips.

Desktop CPUs are, once again, totally unaffected by this change. Desktop processors’ four-digit model numbers and alphabetic suffixes generally tell you all you need to know about their underlying architecture; the new Ryzen 9000 desktop CPUs and the Zen 5 architecture were also announced today. It seems like a lot of work to do to end up basically where we started, especially when the people at AMD who make and market the desktop chips have been getting by just fine with older model numbers for newly released products when appropriate. But to be fair to AMD, there just isn’t a great way to do processor model numbers in a simple and consistent way, at least not given current market realities […].

Read more of this story at Slashdot.

Will AMD’s ‘openSIL’ Library Enable Open-Source Silicon Initialization With Coreboot?

Formerly known as LinuxBIOS, coreboot is defined by Wikipedia as “a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware.”

Phoronix is wondering if there’s about to be a big announcement from AMD:

AMD dropped a juicy tid-bit of information to be announced next month with “openSIL” [an open-source AMD x86 silicon initialization library], complete with AMD Coreboot support….

While about a decade ago AMD was big into Coreboot and at the time committed to it for future hardware platforms (2011: AMD To Support Coreboot On All Future CPUs) [and] open-source AGESA at the time did a lot of enabling around it, that work had died off. In more recent years, AMD’s Coreboot contributions have largely been limited to select consumer APU/SoC platforms for Google Chromebook use. But issues around closing up the AGESA as well as concerns with the AMD Platform Security Processor (PSP) have diminished open-source firmware hopes in recent years….

For the Open Compute Project Regional Summit in Prague, there is a new entry added with a title of OSF on AMD — Enabled by openSIL (yes, folks, OSF as in “Open-Source Firmware”)…. [H]opefully this will prove to be a monumental shift for open-source firmware in the HPC server space.
From the talk’s description:

openSIL (AMD open-source x86 Silicon Initialization Library) offers the versatility, scalability, and light weight interface to allow for ease of integration with open-source and/or proprietary host boot solutions such as coreboot, UEFI and others and adds major flexibility to the overall platform design.

In other words, this library-based solution simply allows a platform integrator to scale from feature rich solutions such as UEFI to slim, lightweight, and secure solutions such as coreboot.
The description promises the talk will include demonstrations “highlighting system bring-up using openSIL integrated with coreboot and UEFI Host Firmware stacks on AMD’s Genoa based platforms.”

Read more of this story at Slashdot.

Intel, AMD Just Created a Headache for Datacenters

An anonymous reader shares a report: In pursuit of ever-higher compute density, chipmakers are juicing their chips with more and more power, and according to the Uptime Institute, this could spell trouble for many legacy datacenters ill equipped to handle new, higher wattage systems. AMD’s Epyc 4 Genoa server processors announced late last year, and Intel’s long-awaited fourth-gen Xeon Scalable silicon released earlier this month, are the duo’s most powerful and power-hungry chips to date, sucking down 400W and 350W respectively, at least at the upper end of the product stack. The higher TDP arrives in lock step with higher core counts and clock speeds than previous CPU cores from either vendor.

It’s now possible to cram more than 192 x64 cores into your typical 2U dual socket system, something that just five years ago would have required at least three nodes. However, as Uptime noted, many legacy datacenters were not designed to accommodate systems this power dense. A single dual-socket system from either vendor can easily exceed a kilowatt, and depending on the kinds of accelerators being deployed in these systems, boxen can consume well in excess of that figure. The rapid trend towards hotter, more power dense systems upends decades-old assumptions about datacenter capacity planning, according to Uptime, which added: “This trend will soon reach a point when it starts to destabilize existing facility design assumptions.”

A typical rack remains under 10kW of design capacity, the analysts note. But with modern systems trending toward higher compute density and by extension power density, that’s no longer adequate. While Uptime notes that for new builds, datacenter operators can optimize for higher rack power densities, they still need to account for 10 to 15 years of headroom. As a result, datacenter operators must speculate as the long-term power and cooling demands which invites the risk of under or over building. With that said, Uptime estimates that within a few years a quarter rack will reach 10kW of consumption. That works out to approximately 1kW per rack unit for a standard 42U rack.

Read more of this story at Slashdot.

A 20 Year Old Chipset Workaround Has Been Hurting Modern AMD Linux Systems

AMD engineer K Prateek Nayak recently uncovered that a 20 year old chipset workaround in the Linux kernel still being applied to modern AMD systems is responsible in some cases for hurting performance on modern Zen hardware. Fortunately, a fix is on the way for limiting that workaround to old systems and in turn helping with performance for modern systems. Phoronix reports: Last week was a patch posted for the ACPI processor idle code to avoid an old chipset workaround on modern AMD Zen systems. Since ACPI support was added to the Linux kernel in 2002, there has been a “dummy wait op” to deal with some chipsets where STPCLK# doesn’t get asserted in time. The dummy I/O read delays further instruction processing until the CPU is fully stopped. This was a problem with at least some AMD Athlon era systems with a VIA chipset… But not a problem with newer chipsets of roughly the past two decades.

With this workaround still being applied to even modern AMD systems, K Prateek Nayak discovered: “Sampling certain workloads with IBS on AMD Zen3 system shows that a significant amount of time is spent in the dummy op, which incorrectly gets accounted as C-State residency. A large C-State residency value can prime the cpuidle governor to recommend a deeper C-State during the subsequent idle instances, starting a vicious cycle, leading to performance degradation on workloads that rapidly switch between busy and idle phases. One such workload is tbench where a massive performance degradation can be observed during certain runs.”

At least for Tbench, this long-time, unconditional workaround in the Linux kernel has been hurting AMD Ryzen / Threadripper / EPYC performance in select workloads. This workaround hasn’t affected modern Intel systems since those newer Intel platforms use the alternative MWAIT-based intel_idle driver code path instead. The AMD patch evolved into this patch by Intel Linux engineer Dave Hansen. That patch to limit the “dummy wait” workaround to old systems is already queued into TIP’s x86/urgent branch. With it going the route of “x86/urgent” and for fixing a overzealous workaround that isn’t needed on modern hardware, it’s likely this patch will be submitted this week still for the Linux 6.0 kernel rather than needing to wait until the next (v6.1) merge window.

Read more of this story at Slashdot.

AMD Launches Zen 4 Ryzen 7000 CPUs

AMD unveiled its 5nm Ryzen 7000 lineup today, outlining the details of four new models that span from the 16-core $699 Ryzen 9 7950X flagship, which AMD claims is the fastest CPU in the world, to the six-core $299 Ryzen 5 7600X, the lowest bar of entry to the first family of Zen 4 processors. Tom’s Hardware reports: Ryzen 7000 marks the first 5nm x86 chips for desktop PCs, but AMD’s newest chips don’t come with higher core counts than the previous-gen models. However, frequencies stretch up to 5.7 GHz – an impressive 800 MHz improvement over the prior generation — paired with an up to 13% improvement in IPC from the new Zen 4 microarchitecture. That results in a 29% improvement in single-threaded performance over the prior-gen chips. That higher performance also extends out to threaded workloads, with AMD claiming up to 45% more performance in some threaded workloads. AMD says these new chips power huge generational gains over the prior-gen Ryzen 5000 models, with 29% faster gaming and 44% more performance in productivity apps. Going head-to-head with Intel’s chips, AMD claims the high-end 7950X is 11% faster overall in gaming than Intel’s fastest chip, the 12900K, and that even the low-end Ryzen 5 7600X beats the 12900K by 5% in gaming. It’s noteworthy that those claims come with a few caveats […].

The Ryzen 7000 processors come to market on September 27, and they’ll be joined by new DDR5 memory products that support new EXPO overclocking profiles. AMD’s partners will also offer a robust lineup of motherboards – the chips will snap into new Socket AM5 motherboards that AMD says it will support until 2025+. These motherboards support DDR5 memory and the PCIe 5.0 interface, bringing the Ryzen family up to the latest connectivity standards. The X670 Extreme and standard X670 chipsets arrive first in September, while the more value-oriented B650 options will come to market in October. That includes the newly announced B650E chipset that brings full PCIe 5.0 connectivity to budget motherboards, while the B650 chipset slots in as a lower-tier option. The Ryzen 7000 lineup also brings integrated RDNA 2 graphics to all of the processors in the stack, a first for the Ryzen family.

Read more of this story at Slashdot.

New Working Speculative Execution Attack Sends Intel and AMD Scrambling

Some microprocessors from Intel and AMD are vulnerable to a newly discovered speculative execution attack that can covertly leak password data and other sensitive material, sending both chipmakers scrambling once again to contain what is proving to be a stubbornly persistent vulnerability. Ars Technica reports: Researchers from ETH Zurich have named their attack Retbleed because it exploits a software defense known as retpoline, which was introduced in 2018 to mitigate the harmful effects of speculative execution attacks. Speculative execution attacks, also known as Spectre, exploit the fact that when modern CPUs encounter a direct or indirect instruction branch, they predict the address for the next instruction they’re about to receive and automatically execute it before the prediction is confirmed. Spectre works by tricking the CPU into executing an instruction that accesses sensitive data in memory that would normally be off-limits to a low-privileged application. Retbleed then extracts the data after the operation is canceled. […] The ETH Zurich researchers have conclusively shown that retpoline is insufficient for preventing speculative execution attacks. Their Retbleed proof-of-concept works against Intel CPUs with the Kaby Lake and Coffee Lake microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

In response to the research, both Intel and AMD advised customers to adopt new mitigations that the researchers said will add as much as 28 percent more overhead to operations. […] Both Intel and AMD have responded with advisories. Intel has confirmed that the vulnerability exists on Skylake-generation processors that don’t have a protection known as enhanced Indirect Branch Restricted Speculation (eIBRS) in place. “Intel has worked with the Linux community and VMM vendors to provide customers with software mitigation guidance which should be available on or around today’s public disclosure date,” Intel wrote in a blog post. “Note that Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment.” AMD, meanwhile, has also published guidance. “As part of its ongoing work to identify and respond to new potential security vulnerabilities, AMD is recommending software suppliers consider taking additional steps to help guard against Spectre-like attacks,” a spokesman wrote in an email. The company has also published a whitepaper.

[Research Kaveh Razavi added:] “Retbleed is more than just a retpoline bypass on Intel, specially on AMD machines. AMD is in fact going to release a white paper introducing Branch Type Confusion based on Retbleed. Essentially, Retbleed is making AMD CPUs confuse return instructions with indirect branches. This makes exploitation of returns very trivial on AMD CPUs.” The mitigations will come at a cost that the researchers measured to be between 12 percent and 28 percent more computational overhead. Organizations that rely on affected CPUs should carefully read the publications from the researchers, Intel, and AMD and be sure to follow the mitigation guidance.

Read more of this story at Slashdot.