It's not just OMI that's the trouble with POWER10


Now that POWER10 is out, the gloves (or at least the NDA) are off. Raptor Computing had been careful not to explicitly say what about POWER10 they didn't like and considered non-free, though we note that they pointed to our (and, credit where credit's due, Hugo Landau's) article on OMI's closed firmware multiple times. After all, when even your RAM has firmware, even your RAM can get pwned.

Well, it looks like they're no longer so constrained. In a nerdily juicy Twitter thread, Raptor points out that there's something else iffy with POWER10: unlike the issue with OMI firmware, which is not intrinsically part of the processor (the missing piece is the on-DIMM memory controller), this additional concern is the firmware for the on-chip "PPE I/O processor." It's 16 kilowords of binary blob. The source code isn't available.

It's not clear what this component does exactly, either. The commit messages, such as they are, make reference to a Synopsys part, so my guess is it manages the PCIe bus. Although PPE would imply a Power Processing Element (a la Cell or Xenon), the firmware code does not obviously look like Power ISA instructions at first glance.

In any case, Raptor's concern is justified: on POWER9, you can audit everything, but on POWER10, you have to trust the firmware blobs for RAM and I/O. That's an unacceptable step down in transparency for OpenPOWER, and one we hope IBM rectifies pronto. Please release the source.

Comments

  1. Is it not possible to operate the POWER10 like a POWER9? I mean, with standard DDR4 RAM modules and without OMI?

    ReplyDelete
    Replies
    1. Not that I know of currently, because the CPU memory interface only knows how to speak OpenCAPI, and the only I/O attach is via PCIe. The first *might* be solvable if someone(tm) developed a controller on the board, but the second (the PPE I/O controller) is a bigger problem.

      Delete
    2. It's kind of the point that a manufacturer can build a board around the application. It's supposedly able to be compatible with anything from DDR3 up.

      Delete
  2. Do we know what IBM's response has been to this situation? Has there been any effort on their part to try and get these issues rectified?

    ReplyDelete
  3. Hello. What are the news at the beginning of 2023. Is there a place where we can talk together, IRC, XMPP, MATRIX, DISCORD ? What happens to the OPENPOWER alliance now? Was it the last modern "Open Source" processor for dekstop/workstation use? Has the silicone industry with the root of trust madness made us the enemy of our own machine? Is this a hidden war against our freedom hidden behind the trust of computing BS ? More questions ...

    ReplyDelete
    Replies
    1. There is a Offical OpenPower Slack community where you can ask questions, although there is no active discussion. https://app.slack.com/client/T443QD9JA/C43FEP7L4

      Delete

Post a Comment

Comments are subject to moderation. Be nice.