翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Sunday, 14-Jul-2024 22:49:06 JST

Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Sunday, 14-Jul-2024 22:49:06 JST 翠星石
in reply to
- Efi (nap pet) 🦊💤
- BrianKrebs
@efi @briankrebs It's too late, you shall receive knowledge.

Pretty much, with DDR5 the density has been increased and as a result bitflips happen all the time and need to corrected and can no longer be ignored.

With previous RAM technologies, bitflips were and are known to happen fairly often, but manufacturers pretty much told people to just accept data corruption and if they want to not have that, they better pay a lot extra for a "server-grade" CPU and RAM.

Linus Torvalds told Intel's developers multiple times that they should make ECC a standard feature, but they intentionally ignored him, as it seems that would cut into their lucrative "upmarket".

Implementing ECC pretty much requires memory controller support plus an extra chip on each RAM stick to store parity data etc.

ECC RAM is quite useful, as it can automatically correct a single bitflip without a hitch and if a double bitflip occurs, it can tell the kernel, Linux that x block of memory is corrupted - it can be the case that such block is only being used for cache and Linux can just proceed to just drop that block and re-read from disk, avoiding the case where a corrupted block gets written back to disk, leaving a file or a database with bitflips in it.

Rather than implementing ECC, they put a microprocessor on each RAM stick, which runs software that detects and corrects bitflips in blocks.

Rather than the RAM coming with the software, a EFI loads such software on boot - which is a real disaster for security as it's proprietary and few people know what's in there or how that stuff works and I'm confident there's the very real possibility of that "functionality" being exploited by malware that utilizes such microprocessors to carry out undetectable direct-RAM modification, or even exfiltrate data by using the RAM traces as an antenna (has been done before from the CPU side, but from the RAM side would be harder to detected).

ECC DDR5 does exist, but you of course have to pay extra for "server-grade" hardware for it.

https://en.wikipedia.org/wiki/DDR5_SDRAM?useskin=monobook#Features
In conversation about a year ago from gnusocial.jp permalink
Attachments
1. Domain not in remote thumbnail source whitelist: upload.wikimedia.org
  
  DDR5 SDRAM
  
  Double Data Rate 5 Synchronous Dynamic Random-Access Memory (DDR5 SDRAM) is a type of synchronous dynamic random-access memory. Compared to its predecessor DDR4 SDRAM, DDR5 was planned to reduce power consumption, while doubling bandwidth. The standard, originally targeted for 2018, was released on July 14, 2020. A new feature called Decision Feedback Equalization (DFE) enables input/output (I/O) speed scalability for higher bandwidth and performance improvement. DDR5 has about the same latency (around 14 ns) as DDR4 and DDR3. DDR5 octuples the maximum DIMM capacity from 64 GB to 512 GB. DDR5 also has higher frequencies than DDR4, up to 8GT/s which translates into 64 GB/s (8000 megatransfers/second * 64-bit width / 8 bits/byte = 64 GB/s) of bandwidth per DIMM. Rambus announced a working DDR5 dual in-line memory module (DIMM) in September 2017. On November 15, 2018, SK Hynix announced completion of its first DDR5 RAM chip; running at 5.2 GT/s at 1.1 V. In February 2019, SK Hynix announced a 6.4 GT/s chip, the highest speed specified by the preliminary DDR5 standard. The first production DDR5 DRAM chip was officially launched...

Public

翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Sunday, 14-Jul-2024 22:49:06 JST

Feeds