HW News - Coronavirus vs. Hardware Industry, AMD Zen Vulnerability, No More Blower
Posted on March 15, 2020
We're still in Taiwan this week for factory tours, but that's given us a unique perspective to get first-party information on how COVID-19 is impacting the computer hardware industry. In particular, we've been able to glean information on how companies in the US and Taiwan are handling risk mitigation and limiting spread of the virus in their companies. This has wider impact for consumers, as production will be limited over the next month or two and product delays are inevitable. There are also implications for Computex -- namely, whether it happens or not. In addition to this specific news, we have reporting on new AMD vulnerabilities, the death of the blower fan, and more.
Hardware Industry Calls in Sick
Over the past week of factory tours, we’ve learned that a lot of computer hardware companies have enacted varying policies to combat human malware spread at their organizations. One of the common choices for US offices is to work from home: So far, we know that Intel, Dell, and AMD are all encouraging teleconferencing for meetings or are on alternating schedules. For companies with alternating schedules, there are A/B work days to try and minimize the amount of risk seated in an office at one time. Other companies, like some of the case and cooling manufacturers, are also encouraging working from home, but struggle with decisions over how to fairly manage warehouses where workers still have to go in for shipments.
EVGA has completely shut its doors. We called EVGA’s CEO and PR rep and learned that EVGA has restricted access to one door, takes employee temperature multiple times per day, and is requiring masks. The company has also banned entry of all visitors, including delivery agents.
The longer-term impact is that design and manufacturing will slow down tremendously. During our factory tours, we’ve learned that raw materials factories are seeing higher order volume in Taiwan than typically. Business is better than ever at the raw metal factory we visited, and that’s because their competition in China is low on workforce and supply.
Source: First-party GN reporting in Asia
AMD Gets Its Own Side Channel Vulnerabilities
Researchers with the Graz University of Technology released a whitepaper detailing two new side-channel attacks, known collectively as “Take A Way” attacks. Specifically, the two attacks are Collide+Probe and Load+Reload. Both attacks are similar in nature, as they both prey on the L1D cache way predictor in AMD’s CPUs going back as far as 2011. According to the whitepaper, every AMD CPU from 2011 to 2019 is affected. So, that would mean AMD’s most recent Zen 2-based CPUs are included.
While we’ve been conditioned to seeing new vulnerabilities from Intel almost weekly, it’s more notable when we see something with AMD. And that’s not to say AMD didn’t have some vulnerabilities with Spectre flaws, but not nearly to the extent that Intel has suffered. In fact, these new attacks appear to be Spectre-based in nature, according to the paper. That may be why AMD stated it didn’t believe the attacks to be new, and that existing mitigations were sufficient. The researchers refute AMD’s claim and contest the status of the vulnerabilities (via Tom’s Hardware).
At any rate, according to the paper:
“With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions.”
So, as with other side-channel attacks, a potential attacker can fish-out sensitive and protected data -- and even AES encryption keys -- from areas of the CPU not normally accessible.
While AMD hasn’t indicated that there is (or will be) a specific mitigation for these attacks, AMD’s security advisory on its website recommends the following:
Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
Following secure coding methodologies
Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
Utilizing safe computer practices and running antivirus software
A new report coming from DigiTimes suggests that Nvidia is on the short list of customers that could be using TSMC’s CoWoS (Chip-on-Wafer-on-Substrate) packaging for its upcoming GPUs.
TSMC’s CoWoS is a 2.5D packaging technology that packages multiple dies together at the wafer level on an interposer, something TSMC calls “wafer integration.” TSMC’s CoWoS has evolved to be able to target chips that far exceed the reticle limit, up to 2x reticle limit. TSMC and Broadcom recently illustrated this with the first 2x reticle limit interposer that will end up being used by Broadcom in HPC deployment. TSMC does this by essentially stitching interposers together at the wafer level and interconnecting them.
The benefits of CoWoS are improved interconnect performance and bandwidth, transistor density, and higher memory capacity -- TSMC’s current generation CoWoS currently supports up to six stacks of HBM.
As for what Nvidia would be targeting with TSMC’s current CoWoS is unknown. However, it’s worth noting Nvidia has used TSMC’s CoWoS packaging before on Pascal and Volta-based professional GPUs. It’s likely that Nvidia would be leveraging TSMC’s technology again for its upcoming Titan, Tesla, or Quadro cards -- presumably based on Ampere. But, we’ll see.
This is a bit old by now, but it was something that was confirmed after our publication of last week’s HW News.
After AMD’s Financial Analyst Day, users on Reddit sifted through the slide decks for the presentation and noticed a picture on a slide that depicted a Radeon GPU sans the blower-style cooler. After a bit of speculation via the linked reddit thread below, Scott Herkelman, Vice President and General Manager of Radeon, commented to confirm the suspicion that there will be no blower coolers with RDNA 2 GPUs. This is particularly amusing to us, because Herkelman also previously commented that the blower coolers were great and that people -- presumably us -- who complained about them at launch just didn’t get it.
“There will be no blower reference fans for gamers on next gen. So you are correct,” Herkelman said.
Herkelman expand on this comment a bit further by saying that “our AIBs may choose to do a ‘blower’ design on any of the next gen GPUs, however, the majority of feedback we received from the community at the launch of 5700 XT on AMD reference designs has guided us towards dual/tri-axial designs. I’m excited for you all to see them when the time is right!”
Most would agree that it’s past time for AMD to ditch blower coolers for its reference designs, a move NVIDIA made across the stack with its 20-series cards. While blower style coolers have a place in specific setups, AMD’s blower designs have never been particularly effective, especially in recent years with both Vega and Navi.
Intel is apparently not done fighting a fine that was delivered 10 years ago, when the European Commission laid a €1.06B ($1.2B) fine at Intel’s feet for what was deemed illegal and anti-competitive behavior. According to Intel, the Commision “got it wrong.”
“The Commission either took a wrong approach in its decision or it carried out an as efficient competitor (AEC) test and it got it wrong,” said Daniel Beard, Intel’s lawyer.
The fight stems from practices Intel engaged in back in 2009, by offering steep rebates to OEMs for buying Intel chips. This in itself is common and AMD also engages in MDF -- or marketing development fund -- in exchange for companies to use its parts, like GPUs in previous generations, but Intel went further. Intel was found to have paid certain OEMs to exclusively use Intel chips, and the practice was deemed as an attempt to shut AMD out of the x86 CPU market. Intel paid what was, at the time, a record fine; however, Intel has contested the fine ever since, filing an appeal that was rejected in 2014. In 2017, however, the EU Court of Justice agreed to rehear the case.
According to reports, a decision is likely to come next year.
ISPs Suspend Data Caps, Proving It Wasn’t “Congestion”
As many are preparing to work and study from home due the virulent human side-channel attack, ISPs, in a rare display of charitability (or a cheap play for good press), are suspending broadband data caps. AT&T confirmed to Motherboard that it was suspending all usage caps until further notice.
Likewise, Comcast and T-Mobile have announced similar efforts. Comcast stated it would not charge any overage fees, while T-Mobile has temporarily removed all usage caps. Verizon asserts it doesn’t place any usage fees on its broadband services, and is bumping speeds from 100Mbps to 200Mbps for some plans. Some ISPs are temporarily suspending late fees and disconnection fees as well.
Surely, ISPs are remaining vigilant in avoiding Verizon’s colossal PR dumpster fire that was throttling firefighters during rampant wildfires. The fact the ISPs can -- at will -- lift caps and increase speeds shows how arbitrary these policies are in the first place. ISPs would have customers believe that data usage caps help manage traffic congestion, but these practices exist as thinly veiled cash grabs on captive customers that, in most cases, don’t have any other competitive options.
But don’t take our word for it: in the coming months, as hordes of users work, study, and play from home in attempt to increase the chance of us getting demonetized for naming human microcode vulnerabilities, see how many ISPs speak up and say their networks couldn't handle the surge in traffic. Let’s see how many congestion and overage problems these data caps would’ve saved us all from.
Hopefully, in a couple months, it’ll be painfully clear -- to the public and lawmakers alike -- that data caps need to die.
Folding@Home and Nvidia are calling for help with human malware-related projects that users can donate CPU and GPU resources to. According to the Folding@Home blog, all the projects are GPU accelerated, thanks to OpenMM. The jobs users can help fold are:
11741: Coronavirus SARS-CoV-2 (COVID-19 causing virus) receptor binding domain in complex with human receptor ACE2. atoms: 165550, credit: 15396
11746: Coronavirus SARS-CoV-2 (COVID-19 causing virus) receptor binding domain in complex with human receptor ACE2 (alternative structure to 11741). atoms: 182699, credit: 16615
11742: Coronavirus SARS-CoV-2 (COVID-19 causing virus) protease in complex with an inhibitor. atoms: 62227, credit: 9405