Author Topic: Why no reprogrammable microcode in Apple Silicon (re. security exploits)?  (Read 536 times)

0 Members and 1 Guest are viewing this topic.

Offline Scratch.HTFTopic starter

  • Regular Contributor
  • *
  • Posts: 119
  • Country: au
I've discovered that since Apple has moved to their own ARM-based silicon, the M1/M2/M3 has security flaws which cannot be fixed since the designs had no capability for microcode reprogramming to fix this problem.
One possible outcome that it could be used to make ARM-based macOS run on other ARM-based platforms such as the Raspberry Pi (which Apple disallows in their EULA which has been the subject of at least one lawsuit).
If it runs on Linux, there is some hackability in it.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 11898
  • Country: us
    • Personal site
It does not mean there is no microcode at all. Not all issues can be fixed by the microcode. Microcode is not magic, it can't change fundamental architecture of the chip.

Also, if you are talking about GoFetch specifically, then it can be fixed by disabling DMP unit, which can be done from the kernel code. And it only really matters during security processing, so you can switch it on and off. So, while it can't be fixed, it can be worked around in the software at a very slight performance degradation.
« Last Edit: August 13, 2024, 02:10:47 am by ataradov »
Alex
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6120
  • Country: au
I believe the Spectre/Meltdown vulnerabilities were similar. Sure they can be fixed with code, at the expense of something else (usually performance).

The Apple M-series processor vulnerability was the same. My understanding is that they could patch it, but it would result in quite a significant performance penalty. It also relies on the user being stupid and installing (forcefully) something they shouldn't. If you ask a user "Are you sure?" 3 times, I mean, whose fault is it really?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf