Speaking of hardware monitoring on AMD... Anyone know why the zenpower module that also allows monitoring voltages and power usage hasn't been upstreamed?

I think they are worried for side-channel attacks, by measuring the voltage/power? I may be wrong.

That seems weird, since you can read these sensors on Windows without problems. As I remember it (I don't use Windows often) both Ryzen master (official AMD software) and hwinfo (third party) can read this. And you could just make the sensitive values only readable as root. Or just make the update resolution lower.

Michael : I think you don't have to repeat the same thing again and again. We have read this thing ("late to the game") often enough, and they have done better now, so there is no point in repeating yourself.

Regarding the most interesting question ("Which new chips are tackled here?") my guess is Rembrandt for desktop. ZEN4 is quite far away.

Its not just worried about side-channel attacks. The problem here is demonstrated side channel attacks.

Attackers have not effective side channel attack using the windows interfaces to the information over voltage and power management. But they have a few times demoed it using the Linux interfaces using voltage and power.

So its been annoying but its been AMD being responsible to fix known issues. Hopefully this time its right. If not it could be pulled again before 5.17.

Please note these problems might exist under windows as well just people have not done the in-depth testing there.

No, the only reason zenpower and advanced Zen CPUs monitoring haven't been upstreamed is because hugely beloved among open source fans AMD outright refuses to release documentation which they deem proprietary (secrets). AMD have became very secretive even since they released the first Zen CPUs. I've no idea why. So much for "We love and support Open Source" except when you don't, except when it really matters.

Check the official response from a lm-sensors/hw monitororing maintainer

Do note the dates.

The security flaws

Since the Zen (family 17H) microarchitecture, AMD CPUs provide a Running Average Power Limit (RAPL) interface. The recently released Linux 5.8 kernel includes the amd_energy driver providing unprivileged access to per-core energy measurements. Consequently, with this kernel version, AMD CPUs are vulnerable to power side-channel attacks from user space as an alternative to timing-based attacks.
and
The researchers confirmed that they responsibly disclosed their findings to AMD in 2020. Consequently, AMD acknowledged the bug and shared mitigations in early 2021.

Do note the 5.8 Linux kernel that is the 2 August 2020 and the word recently released so yes that is before the kernel bugzilla complaining about lack of documentation. As soon as those with early NDA access to the documentation got their hands on it who were security people it was basically o bugger we have a problem and told AMD. Yes AMD did out right refuse to release the documentation any wider due to know security fault and they were not going to talk about it until Oct 2021 when the CVE turns up.

ayem AMD being hard to get documentation there is either a legal problem with some IP they bought or a security problem in every case in the past 10 years. The power management one we now know with the recent CVE that its a security one. AMD rarely keeps security when it comes to documentation software development for their hardware.

The first generation Zen also had a case where AMD was refusing to release different documentation and every case with the first generation of Zen turned out to security flaws that had been discovered when they had released their internal documentation to their partners and to the trusted security review groups.

I would not say its proprietary secrets as such. The reasons why has come clear with multi examples what causes AMD to react this particular way. Something like Zen that you can rightfully suspect is 100 percent AMD and they are reacting with holding some documentation you can almost be 100 percent sure they have security screwed in that area and AMD have not worked out a proper fix.

Yes this is security by obscurity. I am not sure this is wrong once you wake up that your documentation to anyone who is security skilled is basically a how to guide to hack the system. Security is not the simplest thing. Yes responding with we will not give you X documentation due to known security fault would also put a clear kick-me sign on the fault.

avem this is one these things I hope in my working life I never have to deal with. These problems are pure rock, hard place and many places worse.

No one has ever called AMD Ryzen Master or HWiNFO64 a security risk which is why I'll call this entire assessment terribly off. In fact I don't even remember a single CVE assigned to either of these application.

And considering HWiNFO64 does expose all the features and can be trivially disassembled to get access to them, means that it's not something Intel could use for their advantage. In short not a single valid assumption.

AMD cares about Open Source just as much as to appease open source fans and not a bit more. That's a fact.

Exactly. Intel is the only security risk, right?