Linus Torvalds: Speaks on Linux and Hardware SECURITY Issues

For anyone perhaps not aware, they're talking about speculative CPU execution. In essence, it's where a CPU will try to predict the next set of instructions and load them into the CPU cache for execution, even though they may not be the actual instructions that will be run. It's a way to try to increase performance. It's led to serious security vulnerabilities like Spectre and Meltdown.

Onyx-itgk

I do find it interesting that he has all this knowledge of the types of mistakes that get made but feels he can't communicate those things to them in ways they would listen to, even with the recent history of ARM repeating them to point to as a pattern.

YouTubdotCub

Open source instruction set is different than open source hardware. If RISC-V gets put into the server space there is no guarantee that the open source instruction set will translate to open source hardware design is it possible yea because the instruction set is open source but most hardware companies don't want to give away their implementations of the instruction set for free.

Iswimandrun

It sounds like Linus or someone in the kernel developer community should write a book about common mistakes when developing processors for the server space and how to avoid them.

goeiecool

I wonder how many years it will take that the hardware manufacturers start adding such bugs intentionally with the intention to reveal them to the public some years later to boost new hardware sales, as everyone wants to update their old hardware to non-buggy new ones. I would be surprised if this hasn't been discussed some years ago already in some of the hardware companies.

krakulandia

No computer is secure - read Ken Thompson's Turing Lecture "On Trusting Trust." A simple attack if you've ever had your hands on the compiler, assembler or microcode.

yclept

The most "horrendous" thing about this secrecy is that mainly the people that abuse the problems are the ones that knows about it, instead of the people that can and want fix it.

bagofmanytricks

I think the way you linked to the original video is weird.
With the new UI in description for links it was difficult to find.

Maybe put it on top?

AnirudhTammireddy

If the hardware has at least one problem then the software can not solve it. I am paranoid about the lack of security of this hardware in my plans of building a server that runs bank-confidential apps (or medicare-confidential apps by example).

juancarlospizarromendez

At least RISC-V has the benefit of hindsight. speculative execution exploits are now well known and understood. Trading security for speed will bite you in the ass. Security researchers will find you out. I don't expect this would be much of an issue for RISC-V unless it's designers have their heads in the sand with an it'll be all right attitude.

MonochromeWench

it's why NASA picket Commodore's Amiga machines in their logistics & primary rocket computer controller in the late 80s & early 90's, because they where the only ones that gave them everything they wanted 100% open with all the papers, guides.. because everyone they asked said NO! like apple, atari, IBM and others ( for NASA ofc) but, others to like SCALA, newtek..and so on

noxlar

Would having parts of a CPU being a FPGA that could be updated be the solution? I know that real hardware is better but we could maybe sacrifice something to fix that problem no?

robotredkitten

It's time for RISC to shine! Raspberry pi and custom made laptops for the win!

eythymiosiosifidis

Btw what is the context of the interview? Care to explain?

SouthFacedWindows

Even if the hardware is open, the vulnerabilities that will be discovered in it, will still be NDA'ed.

Trenjeska

The whole RISC-V part of the discussion... so many misunderstandings and misconceptions.

jaskij

An internet router like MIPS/debian-mipsel could be made but, rather than STM32, it would have a _(debian blob compatible)_ CPU (RISC-V) as a Public-Domain _(or somewhere between copyleft and GPLv2 could do, with AGPLv3 for network niggling details)_ Open-Source microarchitecture RISC-V CPU _(expecting a Linux monolithic kernel too boot from 4 of HDD or SSD SATA with RAID10)_ in it and then some known-quantity amount of RAM like say 4GB in a _(also unregistered RAM compatible and ECC)_ desktop/ECC-compatible RAM slot and a _(also unregistered RAM compatible and ECC)_ desktop/ECC-compatible slot that can (optionally) take another 16GB _(topping it up to 20GB is for some reason it needed to), _ and just make it DDR3 so it can choose between its unregistered and registered RAM settings.
It would be 6G sim-card compatible even though it has ADSL2 via RJ11 ports near the 100Mbps RJ45 ethernet and the 8 USB ports _(and a WAN and other port for straight-to-fibre)_ and it could have Wifi6 and Bluetooth 5.2 and pitch-roll-yaw accelerometer _(like a wii-remote has)_ and a compass and LoRaWAN _(RX and TX send and receive)_ and drivers for S-Band and Ku-Band and software-defined-Radio GNU radio with slowscan TV mode for data. It would have a PCI-e 4x slot at Gen3 to be able to take a better NIC card with VMDq and SR-IOV if better ethernet speeds are need compared to the 100Mbps LAN (not WAN) ports. It would have an IEEE1284 (bootable) and a couple of Serial COM ports to remote into it, and a JTAG and MIPI interface. However, the 100Mbs RJ45 Lan ports on it would be deliberately there for a small driver. An interface to add PoE would be there by you would need to add it later. The RJ11 would also be able to plug in VOIP device, again to add later, keeping cost down. It would have a circuit to detect a battery added later even though it does not come with one and instead, in a power-outlet, would work in a mains electrical plug socket (wall wart).
Then _(and this is the important bit)_ basically just give it _(via some whip-round)_ to the Linux Foundation and ask Linus to say what he wants from the instruction set in the RISC-V CPU. Ask Stallman too _(if he can do)._ The router RISC-V CPU would be unlikely to have better processing than say an A53 with protection-rings. So commercially available routers would be able to make glitzy fancy routers with other features without tis open-source router displacing their market value. This open-source router instead would be designed to be solid and do a workman like job and nothing particular fancy. It simply has that 6G and Bluetooth and WiFi at that reasonably modern level so that is continues to work well enough for many years to come. It would also expect to take a MFA FIDO2 hardware security key in a USB port just in case that helps things in future projects. It would probably need some of the USB ports to be capable (or upgradeable) of being USB3.2 with decent power _(converting to or from USB-C)._
Linux is not pronounce like his name 'Linus' _(a running in-joke for geeks), _ so the router should have a naming convention along those lines _(being deliberately slightly inaccurate)_ as with its default Operating System distro. So the Distro could be called thr34k because it is like 'freak' (the previous candidate name for Linux) but spelt wrongly as though it is the number but then the letters are post ironically switched to numbers just to be even wronger. The router itself could be called _"Lee Noose"_ because it is about time, once again, that we all came up with yet another wrong way to say his name.
The router should have a couple of interfaces to allow the user to optionally plug in a couple of 128x32 pixel monochrome LCD screens. The CPU could be called the "St. All m'Anne" _(because it is a corruption of Richard Stallman)._ We'll just have to come up with a reason why it is like that and never actually admit it to Stallman _(or Torvalds for his one)_ as to why the name of the CPU is that. We'll say perhaps that The name represents a saint of everything (i.e "all") associated with my Anne. So, let's assume Anne is some person or whatever, and she is "my Anne" like maybe she is betrothed or something. So it means _"The Saint of everything pertaining to my Anne"_ when it is written _"St. All m'Anne"._ It's a stretch but without it, somebody will need to come up with something better. Anne will be represented in a cartoon avatar sticker stuck on the router and then can be a character in SuperTuxKart because mascots need to exist for as many GNU linux things as possible. That avatar and the _"Lee Noose"_ avatar will probably be some sort of fluffy mascot other people haven't already used, rather than an actual human.
It would have a 2nd CPU socket just in case it struggles. The RISC-V should have an FPU in it.
The point is that it would become popular enough without flooding the market and Stallman and Linus would simply be able to tell the makers in advance what they want from it. It probably would be able to take a modest low-power graphics-card in the PCIe slot and run it is a server with a GUI or desktop computer but that is not the main focus of it. That does mean however that if there is a desire for a "safe option" CPU, the router would have established it, even though it would be quite a tame CPU compared to actual laptops, smartphones and desktop computers _(and big-servers)._ Thereby when people make other _(fancy)_ RISC-V CPU chips _(be they public domain or not), _ they can have the point-of-reference to know what basic little CPU other people are already happy with looks like.
The router will be have a target audience like the One-Laptop-Per-Child project in the past, _(so you can buy one in USA, UK and so on and the increased price)_ but displaced people _(with an identity card)_ who want to get one can buy or earn one such as if they set up a business like a coffee shop or something like that _(or they maybe just want to use it in their dwelling on as a carputer but on a bike)._ The router _(essentially with a ALSA compatible 24-Bit soundcard with MIDI on it)_ would have a mic-in and line-in (both stereo) and a stereo line-out just in case not having one causes a problem with VOIP somehow later. It would expect ogg-vorbis-theora even though it could probably do other things. Having MIDI (a joystick port) is useful but is there to ensure linux has a go-to MIDI standard just in case somehow the sound-card existing on the router (largely for VOIP) encounters a problem as a result of not having MIDI.
If Torvalds and Stallman refuse to take the money to do it, have some other bargaining chip they are after to incentivise them to do it for that reason. There must be something. The benefit everybody else would have is that it would save a whole bunch of ballache regarding computing-ambiguity _(especially pertaining to the deciduous nature of Reduced Instruction Set Chips)_ and would brighten up these grumble-pill videos of two blokes sitting on 2 chairs like something out of a year 2000 Public Access TV channel show.
My comment has no hate in it and I do no harm. I am not appalled or afraid, boasting or envying or complaining... Just saying. Psalms23: Giving thanks and praise to the Lord and peace and love. Also, I'd say Matthew6.

obsoletepowercorrupts

And 8 days later after this video half the internet gets an update from one company and it just so happens to be they didn't test a kernel update. I think it was done on purpose Microsoft and crowdstrike. Just to see how much control they have

superfliping

Maybe someone has to write a book about the mistakes, so the RISC-V-team can avoid them.

user_Esq

Linux Torvolds? Maybe proofread your titles?

jxtq