And? do you worry about the gaming server owner's neighbour breaking in, freezing the ram, quickly transferring it to another machine and reading it off?
So reading between the lines, you're saying it's bad for AMD to disable undocumented features because people still might have bought them for those undocumented features, particularly for gaming servers?
You shouldn't be remotely disabling hardware features in my opinion at all. It's not really like changing an API or something, this is like an update removing something from your car or another appliance years after you bought it.
> You shouldn't be remotely disabling hardware features
I don't know what current case law is but I think that ought to be explicitly illegal. A physical product should be required to maintain the features that it had when it was purchased. Anything else is clearly cheating the consumer.
Yeah, basically you'd trade uncertainty for the ability to remotely enable/disable hardware features not ready at launch I understand, which totally makes sense as a position, I probably agree with you. I think from AMD's side they like the option of being able to remotely enable things though, so new software updates in the future could be major releases enabling functionality that wasn't quite ready at launch. But, I suppose the uncertainty is the tradeoff here.
Even if you have the ability to remotely enable new features:
1. You shouldn’t use the same ability to disable existing features.
2. You shouldn’t enable them, either! It should be opt-in. Any kind of change has the potential to break something. Just don’t be changing my hardware without me initiating the change.
Overall I agree with you, and aim for the same, as a professional user I can't really have my environment and hardware change automatically, I really despise that too!
> Just don’t be changing my hardware without me initiating the change
In this case it seems to have been disabled in future firmware, so "you" did initiate the change, as you did an firmware upgrade that included the change. Still, shitty to sneak it in, I agree, but the feature wouldn't literally be there one day then not the next, requires human initiation at least.
IIRC, this memory encryption function can let a hypervisor tell the platform to use different encryption keys for different virtual machines. So even if somehow a compromised VM managed to read data from a neighboring VM theoretically they'd get garbled, encrypted data.
That is not in this one. That is only the datacenter one(SEV) This one (SME) is a single machine wide key and it doesn't have integrity protection either.
And? do you worry about the gaming server owner's neighbour breaking in, freezing the ram, quickly transferring it to another machine and reading it off?
So reading between the lines, you're saying it's bad for AMD to disable undocumented features because people still might have bought them for those undocumented features, particularly for gaming servers?
You shouldn't be remotely disabling hardware features in my opinion at all. It's not really like changing an API or something, this is like an update removing something from your car or another appliance years after you bought it.
> You shouldn't be remotely disabling hardware features
I don't know what current case law is but I think that ought to be explicitly illegal. A physical product should be required to maintain the features that it had when it was purchased. Anything else is clearly cheating the consumer.
Yeah, basically you'd trade uncertainty for the ability to remotely enable/disable hardware features not ready at launch I understand, which totally makes sense as a position, I probably agree with you. I think from AMD's side they like the option of being able to remotely enable things though, so new software updates in the future could be major releases enabling functionality that wasn't quite ready at launch. But, I suppose the uncertainty is the tradeoff here.
How hypothetical is this situation?
Even if you have the ability to remotely enable new features:
1. You shouldn’t use the same ability to disable existing features.
2. You shouldn’t enable them, either! It should be opt-in. Any kind of change has the potential to break something. Just don’t be changing my hardware without me initiating the change.
Overall I agree with you, and aim for the same, as a professional user I can't really have my environment and hardware change automatically, I really despise that too!
> Just don’t be changing my hardware without me initiating the change
In this case it seems to have been disabled in future firmware, so "you" did initiate the change, as you did an firmware upgrade that included the change. Still, shitty to sneak it in, I agree, but the feature wouldn't literally be there one day then not the next, requires human initiation at least.
Yes.
> particularly for gaming servers
Not "particularly" but that's one example.
I can't even think of what benefit memory encryption has for gaming servers?
IIRC, this memory encryption function can let a hypervisor tell the platform to use different encryption keys for different virtual machines. So even if somehow a compromised VM managed to read data from a neighboring VM theoretically they'd get garbled, encrypted data.
That is not in this one. That is only the datacenter one(SEV) This one (SME) is a single machine wide key and it doesn't have integrity protection either.
Ah ok, thanks for the clarification!
Yes.