Hello!
Just wondering, is it a Privacy Risk of having a built-in NPU in the 7040U CPUs?
(Going to mainly run Linux.)
Thanks!
No.
Maybe you are thinking that Windows 11 24H2 will see that you have an NPU and enable the infamous Recall feature?
I don’t think it will because the NPU in these CPUs is too weak.
AFAIK Windows 11 mainly uses the NPU as a way to do OCR and similar things quickly without using a lot of CPU power.
But if you care you should disable Recall to be sure by doing this from an elevated (aka Run as Administrator) command prompt:
DISM /Online /Disable-Feature /FeatureName:Recall
2 Likes
An NPU is nothing more than a section of the CPU dedicated to being very fast at multiplying matrices, which is a mathematical operation used in a lot of AI models.
Notably the iGPU is actually faster than the NPU at performing matrix multiplication (at least in 7040 series). The NPU is purely about doing it without consuming a ton of battery.
The AMD 7040 has an NPU? Which tool can be used to monitor this NPU like btop to monitor CPU and radeontop to monitor GPU?
7040 Series have a 10 TOPS NPU, although AMD hasn’t really released anything that allows software to better utilize it. Even Windows Task Manager is unable to view the NPU performance unlike for both Intel and Qualcomm’s NPUs.
Unfortunately, I do not know what the situation is like on the Linux side of things.
2 Likes
Yes, however it is only 10 TOPS. By comparison Ryzen 8040 series has a 16 TOPS NPU (same NPU as 7040 series but higher clocked) and Ryzen AI 300 series has a 50 TOPS NPU (Ryzen AI 300 series is called that because it is their 3rd generation of CPUs with NPUs).
The libraries for the NPU are very rudimentary at best for the time being. I am not yet aware of ways to monitor the NPU on Linux (and even on Windows the monitoring is limited, although I’ve never seen it doing anything other than idling).
Think of the NPU like the hardware encoder/decoder built into graphics cards/CPU. It is a dedicated area on the silicon for just doing that work.
Other than a lot of false promises and parlor tricks it is a specialized piece of circuitry that is going to take a long time to mature.
As to the original posters question, not any more risk than randomly installing software from unknown sources.
Threat modelling asks us to state the risks we can imagine or have experienced, then to rank them and decide a level of risk we can accept. You’re going to mainly run Linux, so the Windows Recall feature is not a large privacy risk to you.
TL;DR – there’s no driver in a default Linux Kernel, it can only run pre-trained models to infer results rather than process data to create models. Consequently it’s almost impossible to compromise your privacy beyond the small number of ways a Linux OS currently does.
More Detail:
The driver says it’s inference-only, no training, so there will need to be initialisation code then an inferring model run on it. It can’t vacuum up your info to provide tracking data or other privacy concerns – beyond what other laptops and OS’s already do. But your scope, again, is Linux and that reduces this down to levels you control.
In Linux, the device is recognised but you need to load the out-of-tree drivers (GitHub) and also have some kernel configuration active for it to work. That’s the fairly standard CONFIG_AMD_IOMMU, plus CONFIG_DRM_ACCEL which is not active in my standard Debian kernel config.
I see it in lspci -vvv as the PHX (Phoenix1) IPU in the DMESG using the device identifier from ryzenai.docs.amd.com, 1022:1502 and that’s C2:00.1:
Nov 07 19:10:27 fwk13amd kernel: pci 0000:c2:00.1: [1022:1502] type 00 class 0x118000 PCIe Endpoint
output of lspci -vv:
c2:00.1 Signal processing controller: Advanced Micro Devices, Inc. [AMD] AMD IPU Device
Subsystem: Framework Computer Inc. Device 0006
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 255
IOMMU group: 22
Region 0: Memory at 90900000 (32-bit, non-prefetchable) [size=512K]
Region 1: Memory at 909c0000 (32-bit, non-prefetchable) [size=8K]
Region 2: Memory at 8010800000 (64-bit, prefetchable) [size=256K]
Region 4: Memory at 90980000 (32-bit, non-prefetchable) [size=256K]
K3n.