Overclock.net - An Overclocking Community - Reply to Topic
Thread: ASUS TUF GAMING X570 PLUS Reply to Thread
Title:
Message:

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in


  Additional Options
Miscellaneous Options

  Topic Review (Newest First)
07-06-2020 11:12 PM
concretefire
Quote: Originally Posted by tyezh View Post
re-read my previous comment, updated
I still want to know what TPTW means... you got me curious. Thanks for the telemetry links.
07-06-2020 08:51 PM
tyezh
Quote: Originally Posted by concretefire View Post
I understand the sentiment > don't understand what TPTW means. Lol. The exploit stuff you mention I can look up. Understood....

Anybody else wanna weigh in on this telemetry thing and if the picture I posted can be translated into English as to what, if anything, I should do about it?? Thanks. Ya'll the best.

re-read my previous comment, updated
07-06-2020 08:50 PM
concretefire
Quote: Originally Posted by tyezh View Post
It depends on your threat profile, and you may be the target if you are going after those criminal types as well, and I have a tendency to piss off TPTW. Rowhammer/Rambleed can be exploited directly in javascript in a browser. Its trivial.

As regard to the Telemetry settings, as far as I understand it allows users to adjust the reported voltages so they reflect a more accurate voltage in monitoring software; I've heard others claim it can increase power usage though I'm not sure.
I understand the sentiment > don't understand what TPTW means. Lol. The exploit stuff you mention I can look up. Understood....

Anybody else wanna weigh in on this telemetry thing and if the picture I posted can be translated into English as to what, if anything, I should do about it?? Thanks. Ya'll the best.
07-06-2020 08:28 PM
tyezh
Quote: Originally Posted by concretefire View Post
Yes I can use Veracrypt / whatever 3rd party encryption for my regular old school hard drives. Understood. Thanks

I concur with your non-paranoia. It's just more safe to disable crap you don't need. 100% agree.

More questions:
1) Where do we find this TMSE setting and how do we activate it? (or even test to see if it's working? A simple speed test?)

2) I get it, the encryption of the ram but --- I mean, c'mon.....unless you're Escobar or Billy The Kid, etc... 99% of people have no reason to enable this feature --- Unless they fear immediate seizure of their machines while still powered. No? Yes? Close?

3) If you could take a look at my recent post about SOC V on this bios release and answer those questions I'll be all caught up. REALLY Appreciate you!!

Yes, it us under Advanced / CBS. Run a latency benchmark with AIDA64 before and after enabling TSMC, this will verify for you. I can verify it worked for me. It depends on your threat profile, and you may be the target if you are going after those criminal types as well, and I have a tendency to piss off TPTW. Rowhammer/Rambleed can be exploited directly in javascript in a browser. Its trivial.

As regard to the Telemetry settings, you'd best search around, I saw some good sources on reddit lately: 1, 2

Update after clearing CMOS a number of times (even though I had done that previously) the PXE problem seems to have disappeared. I had some latency issues clear up as well. It was way high up around 95 NS, up from around 70. At the time, with TSMC disabled, it would drop to about 81 NS. Now after clearing CMOS, its around 74-75 NS with TSMC enabled.
07-06-2020 08:15 PM
concretefire
Quote: Originally Posted by tyezh View Post
Yes you can; TSME is transparent to the O/S.

However unlikely exploitation may be, my motto is, if you don't need it, and disabling causes no other issues, then disable it. PXE allows remote booting over the network, and the PXE boot rom is now accessible no matter what a person does in the bios. This "pro" feature, like TMSE, is still hiding there in non Pro devices, waiting to be exploited. This is why I choose to use a third party LAN card for my internet connectivity.
Yes I can use Veracrypt / whatever 3rd party encryption for my regular old school hard drives. Understood. Thanks

I concur with your non-paranoia. It's just more safe to disable crap you don't need. 100% agree.

More questions:
1) Where do we find this TMSE setting and how do we activate it? (or even test to see if it's working? A simple speed test?)

2) I get it, the encryption of the ram but --- I mean, c'mon.....unless you're Escobar or Billy The Kid, etc... 99% of people have no reason to enable this feature --- Unless they fear immediate seizure of their machines while still powered. No? Yes? Close?

3) If you could take a look at my recent post about SOC V on this bios release and answer those questions I'll be all caught up. REALLY Appreciate you!!
07-06-2020 07:57 PM
concretefire
Quote: Originally Posted by xeizo View Post
It's the same board, the US site is slower with uploads. 2407 is the correct version.

By adjusting Telemetry we can choose to run according to AMD specifications, how well that goes can be seen in HWINFO64 under a 100% load. If HWINFO64 reports a value of 100%, under said 100% load, it is precisely to specifications.

By adjusting telemetry to let the HWINFO64 value get down below 100% under load, we will allow the CPU to consume more power and possibly perform better. But we are out of spec. If the value is above 100% under load, we are starving our CPU.
Serioulsy. What? Listen, I'm with you enough to have taken a photo for you. This was under running Prime95 short FFT , all cores. ...... If there's some other program I should be using to max out CPU to 100% load then.....what is it?
07-06-2020 07:52 PM
tyezh
Quote: Originally Posted by concretefire View Post
Son of a b........

I finally think I'm caught up with you guys and the NSA peeps show up with this encryption mess. Bottom line...It encrypts DRAM sticks. Yes? IF yes > Can I still use a 3rd party app like Veracrypt for my Regular hard drives?

Feel like I'm back to square 1 .... grrr.

Yes you can; TSME is transparent to the O/S. Meaning everything takes place at the chip-set level, all software will be unaffected except SEV (virtual machine memory encryption) "When TSME is used, other memory encryption features [whatever that means] (including SEV) are not available" SEV is possibly hiding there, but I don't believe is unlocked on non pro chipsets at this time.

Quote: Originally Posted by concretefire View Post
tyezh - please clarify for us / me: Are you saying access to that COULD BE used as a bad thing, ergo: it should not be available for 99% of us. And 2) Could you please explain what your 2 photos represent. (I already assume you're in the boot menu section) --- I'm just not sure what I should DO with your info.....?? Thank you.....

This is how I look at it, anything is possible. Humans and AI are clever. Any feature that exists that could be exploited might, or will be eventually. So to reduce attack surface, a sound solution is typically to disable the feature altogether. However unlikely exploitation may be, my motto is, if you don't need it, and disabling causes no other issues, then disable it. PXE allows remote booting over the network, and the PXE boot rom is now accessible no matter what a person does in the bios. Exploitation would be more likely with physical access, and on a public machine, say at a library or something as such. However a rogue router, malicious individual connected to the same subnet, or a compromised machine on the local subnet could also be a vector for attack (and that is only if you actually are using the feature). Rogue DHCP server on the Local Area Network could theoretically spoof DHCP requests and potentially exploit a vulnerable LAN card via remote execution, similar to what we saw with Ryzenfall/Chimera/Fallout/Masterkey. I believe the onboard LAN has inbuilt direct DMA connection for AMD PRO* OUT-OF-BAND MANAGEMENT, and [source2], [source3] similar to Intel Vpro/ME remote management. This "pro" feature, like TMSE, is still hiding there in non Pro devices, waiting to be exploited. This is why I choose to use a third party LAN card for my internet connectivity. If there is ever a PSP exploit via onboard LAN, I will be protected. So theoretically for me, this PXE rom is even less a worry, but my concern even now is, can it be accessed or flashed from windows or some other environment. I'm not sure, that is one reason why I feel it is potentially a security threat.

The photos demonstrate how PXE is enabled no matter what I set in the bios, and when I access it from the boot menu, it does in fact load the rom and attempt to authenticate over DHCP.

[Update, this has since been fixed after a few cmos resets]

Quote: Originally Posted by concretefire View Post
Have you reported the bug to Asus?

not yet but I plan to
07-06-2020 07:47 PM
concretefire
Quote: Originally Posted by tyezh View Post
Another bug I have found in the last 2-3 bioses is that it can be problematic detecting non UEFI bootable devices... but they will appear if you change their priority under "Device BBS Priorities" so that the hidden device is first in the list.
Have you reported the bug to Asus?
07-06-2020 07:23 PM
concretefire
Quote: Originally Posted by tyezh View Post
Bug? & possible attack surface security flaw introduced with this bios, disabling onboard LAN and disabling onboard PXE, PXE bios rom is still exposed and now permanently accessible from the boot menu (f8) on startup. This was not the case previously. Access to this can be removed via modifying boot settings.



tyezh - please clarify for us / me: Are you saying access to that COULD BE used as a bad thing, ergo: it should not be available for 99% of us. And 2) Could you please explain what your 2 photos represent. (I already assume you're in the boot menu section) --- I'm just not sure what I should DO with your info.....?? Thank you.....

***NOTICED THIS DIFFERENCE NO ONE HAS TALKED ABOUT YET*** SOC Voltage "auto" seems to be much more better (lowered?) in this version. HWinfo is showing auto SOC Voltage at 1.08 sometimes 1.09, fairly certain I've seen it go up to 1.11 < Can't confirm that last one. IF YOU GO BACK AND LOOK through some of my last posts......I mentioned that at least ONE piece of software I was using to show SOCV was at 1.36v...... on auto..... Ouch!!! Right??

(Never got an answer I don't think)

However, On the Previous Bios that I was talking about....I went with my gut instinct to manually set soc V at 1.15 and I checked SOCV again with the same software and sure enough, it was much lowered from 1.36 to around what I had it set to (1.15) ......... So that's my evidence to support the claim this bios seems to have lowered that value in "auto" mode. At least for me.
07-06-2020 06:54 PM
concretefire Son of a b........

I finally think I'm caught up with you guys and the NSA peeps show up with this encryption mess. Bottom line...It encrypts DRAM sticks. Yes? IF yes > Can I still use a 3rd party app like Veracrypt for my Regular hard drives?

Feel like I'm back to square 1 .... grrr.
This thread has more than 10 replies. Click here to review the whole thread.

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off