It make sense to progressively move all you new products into the new framework, until a large enough chunk is supported, rather than try to back port old firmware into the new framework, losing all the effort you did to squash bugs in the old AGESA code.Reply
I'm not sure how open source can be more secure than proprietary but if it can then so be it. There needs to be massive increases in online security from schools to government to e-tailer websites. Personal computers are often the weakest security point so it's all a real challenge to fix as the hackers have a big head start.Reply
open source is not more or less secure than proprietary, but there is greater transparency and more people to find bugs. The fixes usually come a lot quicker too, like days compared to a month.Reply
Well as the mythical man-month says (brook's law), more people thrown at a problem doesn't speed things up. Plus not everyone is competent in a particular domain. e.g. security, etc.Reply
It's not like anyone can make commits to the finalized production release. There will be specialized maintainers who will review submission attempts to veto, refine, and approve proposed changes. This does however allow for anyone with niche knowledge to point out flaws or optimizations before they hit the consumers' system.Reply
I believe that that comparison doesn't fully apply as more people looking at it is done in a parallel independent manner, not all working together coherently. The dependent steps are validation and peer review in an open source project to move into the mainline production branch. For example the maintainers may need to select from half a dozen fixes that were independently created or may choose to replace their first selection for a fix with a later, more well written solution.Reply
Amazing how zero famous "security experts" are able to implement kindergarten-level security, likely because they're all corrupt shills. You cannot know how good proprietary security is, especially when its hidden in hardware and very difficult to reverse engineer and inspect (even for well-funded third party orgs).Reply
Does "firmware" include or exclude "management engines" and the software that runs inside of them? Are they being sneaky here? By definition, I believe the mini OS running transparently to the CPU and host OS (inside of AMD's PSP or Intel's IME) should be deemed "firmware"!Reply
I could be wrong, but my understanding of Pluton is that it isn't a firmware thing at all to begin with, but rather is a program loaded into some sort of coprocessor under control of the operating system, presumably during boot, so I wouldn't expect it to be included either way.
A big part of the reason I could be wrong is that Pluton isn't exactly terribly well documented though, so that's part of the issue.Reply
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
18 Comments
Back to Article
Threska - Friday, May 5, 2023 - link
Waaaay into the future. ReplyKamen Rider Blade - Saturday, May 6, 2023 - link
It's still the right move IMO. AMD committing to Open Source in a VERY important area that everybody has been asking for transparency on. ReplyKamen Rider Blade - Saturday, May 6, 2023 - link
It's also better to take your time to do it right, then to rush things. ReplyDrkrieger01 - Saturday, May 6, 2023 - link
Very true, but also remember that it's good to make mistakes to learn things every now and then ;) Replyjuancn - Monday, May 8, 2023 - link
It make sense to progressively move all you new products into the new framework, until a large enough chunk is supported, rather than try to back port old firmware into the new framework, losing all the effort you did to squash bugs in the old AGESA code. ReplyKevin G - Monday, May 8, 2023 - link
For firmware planning, that is what you have to do. Operating systems/hypervisors need lead time to be able to adapt to the underpinnings. ReplyTechie2 - Saturday, May 6, 2023 - link
I'm not sure how open source can be more secure than proprietary but if it can then so be it. There needs to be massive increases in online security from schools to government to e-tailer websites. Personal computers are often the weakest security point so it's all a real challenge to fix as the hackers have a big head start. Replymeacupla - Saturday, May 6, 2023 - link
open source is not more or less secure than proprietary, but there is greater transparency and more people to find bugs. The fixes usually come a lot quicker too, like days compared to a month. ReplyThreska - Sunday, May 7, 2023 - link
Well as the mythical man-month says (brook's law), more people thrown at a problem doesn't speed things up. Plus not everyone is competent in a particular domain. e.g. security, etc. ReplyEnFission - Sunday, May 7, 2023 - link
It's not like anyone can make commits to the finalized production release. There will be specialized maintainers who will review submission attempts to veto, refine, and approve proposed changes. This does however allow for anyone with niche knowledge to point out flaws or optimizations before they hit the consumers' system. ReplyFlunk - Monday, May 8, 2023 - link
You mean open-source software isn't like a wiki where every random person can just change anything they want? ReplyKevin G - Monday, May 8, 2023 - link
I believe that that comparison doesn't fully apply as more people looking at it is done in a parallel independent manner, not all working together coherently. The dependent steps are validation and peer review in an open source project to move into the mainline production branch. For example the maintainers may need to select from half a dozen fixes that were independently created or may choose to replace their first selection for a fix with a later, more well written solution. ReplyET - Tuesday, May 9, 2023 - link
That's not what Brook's Law says. It talks about adding people to a project that's behind schedule.In general, throwing more people at finding problems means finding more problems and more quickly. Reply
ECC_or_GTFO - Saturday, May 6, 2023 - link
Amazing how zero famous "security experts" are able to implement kindergarten-level security, likely because they're all corrupt shills. You cannot know how good proprietary security is, especially when its hidden in hardware and very difficult to reverse engineer and inspect (even for well-funded third party orgs). ReplyECC_or_GTFO - Saturday, May 6, 2023 - link
Does "firmware" include or exclude "management engines" and the software that runs inside of them? Are they being sneaky here? By definition, I believe the mini OS running transparently to the CPU and host OS (inside of AMD's PSP or Intel's IME) should be deemed "firmware"! Replyballsystemlord - Sunday, May 7, 2023 - link
Does "firmware" include or exclude Pluton? ReplyDolda2000 - Sunday, May 7, 2023 - link
I could be wrong, but my understanding of Pluton is that it isn't a firmware thing at all to begin with, but rather is a program loaded into some sort of coprocessor under control of the operating system, presumably during boot, so I wouldn't expect it to be included either way.A big part of the reason I could be wrong is that Pluton isn't exactly terribly well documented though, so that's part of the issue. Reply
davebyrd - Monday, May 8, 2023 - link
OCP? i prefer Security Concepts. Reply