Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

    • nlgranger@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      2
      ·
      3 months ago

      Consumer usage is not really concerned by the attack scenario of this vulnerability from what I understand. The prerequisite is to have access to the bios so it’s already game over at this point.

      • PM_Your_Nudes_Please@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        3 months ago

        Sure, but that feels a little bit like saying “We don’t need guards inside the prison, because we already have them patrolling around the perimeter.”

      • WhyJiffie@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        3 months ago

        Chip makes should not only treat customer CPUs as possibly-business hardware when adding shit like (Intel) ME, Pluton and (AMD) PSP, but also when patching serious vulnerabilities and providing support!

        • hangonasecond@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 months ago

          When you pay for enterprise equipment, you are typically paying a premium for longer, more robust support. Consumer products are less expensive because they don’t get this support.

          • WhyJiffie@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            3 months ago

            But they are already pretending for whatever reason that these are suitable for enterprises, by always includingthe aformentioned remote control components!

        • nlgranger@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Agreed, firmware security by chip manufacturers has been underwhelming to say the least and we can blame them for that. But in this specific instance I still don’t see the benefit of a fix for consumer usage. Companies have a responsibility and accountability toward their users, so a fix is due, for personal laptops/PCs the threat is toward the owners themselves (activists, diplomats, journalists, etc.). The latter do not buy second hand equipment, and if the firmware is compromised while they own it, they are already in danger.

          • WhyJiffie@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            3 months ago

            The latter do not buy second hand equipment

            You are assuming activists are well funded in some way, and that they are not repressed.

            This obviously has a benefit for consumer usage too, same as encryption. You’re basically saying consumers don’t need any kind of antivirus either, because it’s not that critical.
            This vuln should have been fixed for consumer hardware too, because it basically permanently taints all hardware that is vulnerable to it. And what makes it so hard to release patches for consumer hardware, when patches were already made for the same generations of enterprise hardware? Basically the majority of the work has been done already

    • PriorityMotif@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      Any news on the “pro” line? They were installed on business PCs and had additional security features built in. For instance there is a 3600 pro model.