Elbrus is very much security first chip/OS for Russia.
With primary goal to avoid any western IP.
The performance is probably ~5 years behind industry standard and price is probably 5-20x more. But that's fine, when the only buyer is government agencies and military contractors.
5 years behind for a system you can actually use is pretty decent IMO. For a massive capital intensive business, high-tech, and with a much smaller internal market than China, that's quite an achievement.
> 5 years behind for a system you can actually use is pretty decent IMO.
And probably more than adequate for the kinds of applications you'd use this in. Military technology needs to be state-of-the-art for ruggedness and reliability, not performance.
For a similar example, look at the CPUs used in space missions: based on performance specs alone, the best ones would have been state-of-the-art in the 90s.
> 5 years behind for a system you can actually use is pretty decent IMO.
Yes, Intel chips aren't much faster now than they were 5 years ago. I vaguely remember reading on Anandtech that Haswell was the last generation that Intel was able to increase the IPC (instructions per cycle) by 15% over the previous generation, and nowadays the typical generational improvement is ~5%.
According to my calculations, that would mean that the latest generation of Intel chips would be ~27% faster than the Elbrus: (1 + 5%)^5 - 1
Emulated x86 performance is somewhere around 1000 passmark units, roughly like Core Duo Pentium. Native number crunching is very impressive. Price is high to enable embezzlement of money by the top people in the Russian government.
So unlike Transmeta, you can actually disable the x86 emulation and run native VLIW code on an Elbrus CPU? It's interesting. But I guess it's still not useful to independent developers in the FOSS community, it appears that MCST’s proprietary C/C++ compiler is the only compiler that can target the CPU.
Why only government agencies and military contractors? I couldn't find a price indication, but it might be interesting for security minded people in general. If it doesn't have any western IP in it, it might be resistant to influence in general. Who knows what kind of "design constraints" intelligence agencies are enforcing upon our chip manufacturers.
What better chip to use than one that the Russian government assumes is only going to be used by loyal compatriots anyway? Anyway, that sounds like something a Russian spy would say, so make of it what you will.
I'd contemplate buying it if it had less binary blobs in it than an Intel or an AMD does. But maybe we don't have to go to Russia for that, as it feels like PC compliant ARM builds are going to be a thing soon.
Is that a jab at Itanium? Anyway 2ghz is a very 2020 speed, there's loads of brand new processors operating at that speed, especially when they've got 16 cores.
Looking again, it's 8 cores at 1.5 GHz which is probably equivalent to 1 GHz out-of-order cores. I'd guess similar single-thread performance to a Pentium III.
While I'd never buy this, I find it fascinating that outside of the Western lens there are still a ton of different and competing technologies. Reminds me of how Russia advanced research into Ternary computing considerably further than the West.
Yeah, I’d love more explanation of this. That seems way too slow and large to hold some kind of jit cache between x86 and whatever the core actually uses internally?
It might have a Compact Flash adapter on the back (CF cards are IDE compatible and with better response times than HDDs; they are still in use in some embedded systems, you just have to use a compatible filesystem, as they don't usually have internal wear leveling). Unfortunately I cannot find any pictures of the back of the motherboard, but if you look carefully at the pictures it seems that the board has two PCBs.
So it likely doesn't use BIOS or UEFI. I wonder if we're going to see the ARM situation where every distro will need a custom image just for this board/architecture. I wonder if we'll see support in mainline for this arch/platform.
I agree, the bootloader is a massive shame! Personally I’d rather go with a power9 based board. But let’s see where this goes, it’s certainly interesting.
It reminds me of my Loongson 2F laptop powered by a Chinese MIPS processor, same model previously used by Richard Stallman. For a while (before Thinkpad X200), it was the go-to choice if one wanted a laptop with 100% free boot firmware and zero binary blob (the original boot firmware codebase is buggy and ancient, but with source, later GNU developers made it run GRUB 2). I got it just because it was an interesting non-x86 machine.
It's a bit disappointing that a would-be Russian equivalent couldn't do the same (an understandable problem, the designers of the board have no control over it), otherwise it'll also be a more hackable and interesting platform, at least for those who are fans of exotic non-x86 systems and don't care about price or performance.
Back then these were designed specifically for government agencies within Russia. Suppliers weren’t allowed to ship them outside of Russia unless you could prove it was for certain research projects. I found someone that was willing to buy a Elbrus motherboard and ship it to me, it got stuck at Russian customs and returned to the sender - fortunately he managed to return it to the supplier and I got my money back.
given the interest to the platform, it seems somebody in Russia can run a niche business - an Elbrus CPU cloud service, i.e. a garage with a bunch of Elbrus-es (though it is pretty pricey - the 1-4 socket systems with Elbrus 8S cost $5-$20K)
Btw, couple months ago MCST established an official public forum for Elbrus users/partners/etc. Mostly in Russian, though most people there would understand English too. That is performance numbers - various Elbrus-es vs. i7 2600 - posted by a user there http://forum.elbrus.ru/viewtopic.php?f=38&t=6193
Nothing deep, but the PCB layout is quite impressive. This project appears to care about the details. Also intersting to learn about the history of Elbrus.
Does anybody else know what the nature of the "tampering sensor" and why there are exactly 2 of them? I'm guessing the reason for multiples is redundancy, but, then, why not 3 or more?
Also, amusingly, I read "Fall detection sensor" as "Fail detection sensor" at first, and was really confused as to what that was. :P
That’s an interesting thought. With all the work to “run doom” there has been since the early 90s, I wonder how much of that effort would make Doom run better on that old hardware; I suspect not a lot.
It ram poorly on 386 machines, and wasn’t until the 486-66 that it was acceptable and the first Pentium (P6?) that I remember it being smooth.
That would be interesting, I'd guess the floating point(and being twice as fast) were what really made a big difference.
It is also interesting to think that smart refrigerators and automobiles end up with significantly more capable processors and hardware than early desktops. 'Running Doom' turns into more a challenge of getting an operating system and a working C compiler onto the device than one of optimization.
I've often toyed with the thought of pushing the limits of the classic 2.5D FPS on modern hardware (without acceleration), pretty impractical being that most things have a GPU of some sort built-in at this point, but it would be interesting at least.
When GPUs became available it seems like everything kind of moved towards more 'true' 3D where everything became defined geometrically (QUAKE etc) rather than via sprites.
I'm definitely not knowledgeable enough in this area (old video game implementations), I was referring to the FPU on the 486 (386 didn't have one), it seemed to me that it might be a useful thing. Interesting it is all fixed point math in Doom.
The original Doom is super interesting in the design. You can't aim up or down because there is no up or down. You shoot at a guy at the top of a stair case and it will hit, because it's actually the same level. There's only one level. All the up/down perspectives are faked. In the original doom, you could never have a room above another room.
VLWI, doesn't that imply no branch prediction (like Itanium, which afaiu expects the compiler to order instructions optimally ahead of time)? If so, shouldn't it be immune to SPECTRE?
Why is "temperature sensor trigger" listed under the 'security' bullet? If that's not a mistake, could someone please explain how that's a security feature?
In embedded devices, the on-die temperature sensor can theoretically be used as a countermeasure to (the equally theoretical) high temperature fault injection attacks - the attackers heat up the chip until it starts flipping bits, then some security checks can be bypassed (e.g. see [0]). It's often proposed by the literature that the firmware should read the on-die temperature sensor constantly, and when it's outside the nominal operating range, halt execution, and possibly erase secret.
However, while it's often proposed as such, I don't think it's actually useful - thermal fault injection is a real threat, but I said "theoretical" since it's the least of your problems when the attacker has physical access - both clock and power fault injection are easier. Nevertheless, at least a countermeasure to thermal faults is reasonable if you are just protecting a smartcard where everything is on a single chip. On the other hand, for a computer motherboard, such a sensor looks pretty useless. The target is simply too large to be protected (unless you can seal the entire system in a box fitted with sensors like a hardware security module). But I guess it is still a theoretical security feature, thus it was listed as such despite its uselessness.
> [...] We further presentheating faults by operating the devices beyond their specified temperature ratings. The efficiency of this kind of attack is shown by a practical attack on an RSA implementation. Finally, we introduce data remanence attacks on AVR microcontrollers that exploit the Negative Bias Temperature Instability (NBTI) property of internal SRAM cells. We show howto recover parts of the internal memory and present first results on an ATmega162. The work encourages the awareness of temperature-based attacks that are known for years now but not well described in literature. It also serves as a starting point for further research investigations.
I can't be 100% sure, but temperature fluctuations can often be used to execute side channel attacks on processors and chips on board. If the system analyses the temperature sensor for that, it might prevent leaking key material.
I don't think I've seen anyone do that in practice though, it might just have been that they had to put _something_ extra in the security features and just added whatever sensor wasn't listed yet.
That would be my guess but that sounds really difficult to get right and you'd imagine all finds of false positives from it. The kind of feature you put in but leave disabled by default.
> MCST’s proprietary C/C++ compiler and bootloader will be provided only as binary, because we do not have access to the source code of this part.
Buy a “security focused” computer where the compiler is not open source, and the CPU/ICs have not been decapped, imaged and analysed from a manufacturer with ties to the Russian government? No thank you.
I would not be surprised if there is a hardware Trojan in this machine.
You have to love the uninformed nationalism when these topics come up. I feel this [0] image perfectly illustrates it. It's not just that plenty of people simply have no idea what they're using as we speak (they will just judge based on some nationalistic sense of value) but some will keep touting "the principle" because it makes it easier to rationalize while actually being perfectly OK with the black box definitely spying them for "home team" rather then the black box that may be spying them for "away team". Not referring to any particular black box here.
I'd put it in the same category as using Yandex as your email provider. That is, probably somewhat safer from "5 eyes", but open to Russia. There's probably people for who that's a valid, useful setup.
People living inside the 5 eyes. Its arguably harder for Countries outside your own/those that are in good standing with yours to affect your life. While your own/allied Countries will be able to do more with the information that you potential give it.
Not that Im saying to get one of these or not. Just an idea why it might be interesting to prefer to give information to one country instead of another. (if you have the choice)
>Its arguably harder for Countries outside your own/those that are in good standing with yours to affect your life.
Given full access to your email they can do a lot of things that would cost you your job and potentially lead to criminal charges. Given that these governments are actively performing cyber crimes in your nation of residence why wouldn't they use you (and your credentials) as a stepping stone?
The risk is low but so is the risk of your own government going after you. Neither is zero.
> People doing things that they don't want the FBI/IRS/etc to see, but don't care if Russia sees is probably a broader set than that.
If you want to avoid eavesdropping, it's probably best to avoid email altogether and use something designed for that purpose (like Signal). I don't see how you would get the effect you describe by using Yandex unless you did something like only ever emailing other Yandex accounts.
> Just because someone used Yandex as a hyperbolic analogy doesn't mean we're talking about Yandex.
But my point is that email itself is an insecure technology, and not even Phil Zimmerman bothers with PGP [1]. If you want to avoid something like 5 Eyes eavesdropping with a Russian/Chinese/etc. email provider, at a minimum you probably won't be able to email anyone with a 5 Eyes-based email account, and even if you do that some fraction of your mails may still get hoovered up in transit somewhere else. Sticking to only emailing accounts on the same provider seems like the most "secure" implementation of this idea, but even that is suspect. The PRC hacked Gmail ten years ago, and it's not unreasonable to assume the NSA could have an APT in Yandex.
IMHO, this equipment really only helps with security concerns unique to the Russian government itself. Regular people in other countries have better options for their use-cases.
Assume you have a shady company that has to use email for some things. Having your email provider being unlikely to comply with a US subpoena could have value.
Considering that Russian military financing is way smaller than that od US, and considering that Russia involves itself only in affairs of few neighbouring countries, I have more problems about NSA reading my email (GMail, Hotmail etc), than anyone in Russia reading it.
> Russia involves itself only in affairs of few neighboring countries
Was presumably meant in reference to neighboring countries where Russia involves itself to the point where it would be wiser for a citizen of such a country to store their data in the West.
The U.S. is not a country fitting this definition by any stretch.
The USA is Russia's chosen archenemy (regardless what half of Americans think), with most of Russian intelligence, military and diplomatic effort focused on confronting it. Even when Russia screws over its smaller neighbours they always explain it away as countering America.
But even if it wasn't this whole argument is the good old "I don't have anything to hide" re-stated but for foreign powers. It goes fine until you end up with your piss tape.
Speaking to Russians, they'd tell you that they'd love to get along with the US, but that Americans only have 2 modes of operation i.e. be submissive to US like the EU is, (that certainly is the case with the EU as someone living there I can conform, just look at the weak EU response of the US pulling from the Iran Deal for example), or be an archenemy that needs to be vilified & threatened.
They'd tell you that NATO is threatening their borders & that the US would never tolerate Russian troop buildup in Mexico.
Take the 2016 US election as an example, everyone freaked out. Hardly anyone ever mentioned that the US started meddling in Russian elections more than two decades earlier.
Granted, I think the current 'setup' with the US being the archenemy suits the Russian government just fine for domestic audiences, which is especially ironic as it actively hurts real, independent, democratic movements.
It also suits US defense contractors, 'cyber' experts and various grifters offering to combat misinformation.
Right. I think Bunnie has very good arguments for how you should approach "security focused" hardware (see, https://youtu.be/w8BA6_9HCzk) and this clearly isn't it.
AFAICT, this has much less documentation than the Itanium, so even from a tinker's perspective, this is really uninteresting.
The security here means it's been made by the Russian government to be used by the Russian government. The supply chain is domestic and supposed to be more resistant to a potential adversary, so the resulting hardware is usable in sensitive (natsec) matters.
That's why the author wasn't able to obtain one before: they simply never bothered releasing it for non-government use.
My thinking: this is basically in the category of national-prestige project, where the ability to do domestic production in certain product categories is basically about national self-image rather than a commercial concern.
> My thinking: this is basically in the category of national-prestige project, where the ability to do domestic production in certain product categories is basically about national self-image rather than a commercial concern.
No, it's clearly a Russian national security project around supply chain security. IIRC, while the US is pretty good on the processor front, they have similar concerns around other ICs and components.
I very much hope to be able to buy one at some point.