A CPU (Central Processing Unit) is an electronic device designed to execute sequences of computer instructions that make up computer programs. CPUs most commonly have a form of a single microchip (i.e. integrated circuit). On a general-purpose computer, CPU is the main execution unit, meaning that most of computer's software is made to be executed by a CPU.
The CPU also acts as a central logical hub for the entire computer system, therefore, CPU contolls the flow of data between various computer components.
Finally, the CPU is the main unit for control and enforcement of computer's security, privacy, and stability features. Amongst those features are: security policies, privilege system, process isolation, and resource management.
This page contains a list of all recommended desktop CPU models.
We advise against using Intel CPUs due to concerns of still unresolved security vulnerabilities and Intel's exhibited lack of commitment to design secure and error-free products. Intel's CPUs from the past have repeatedly exhibited a lack of concern for security and privacy.
The principal objection to using Intel CPUs, among varous other problems, is about inadequate process isolation mechanisms of their CPUs as a consequence of vulnerability to Spectre.
Another serious security issue with Intel CPUs is the existence of a so called ME (Management Engine). ME is an undocumented unit integrated on Intel CPUs which cannot be effectively controlled by the owner of the CPU. ME operates at the highest privilege level with all permisions granted but does not allow being fully contolled by the computer's owner.
Also, Intel has an unwelcome practice of intentionally disabling the ECC unit in "consumer" class CPUs. Those are the CPUs intended for common people, i.e. "consumer" CPUs are built into laptops or sold directly in stores. The ECC unit on those CPUs is intentionally disabled by Intel in order to artificially elevate the price of ECC capable CPUs.
List by CPU Micro-Architecture
In the table below: the list of recommended desktop AMD CPUs.
K10 microarch, socket AM3:
80 W - Phenom II X2 570, 565, 560
65 W - Phenom II X4 910e, 905e, 900e
65 W - Phenom II X3 700e, 705e
65 W - Phenom II X2 511, 521
65 W - Athlon II X2 280, 270, 265
45 W - Athlon II X4 610e, 615e, 620e
45 W - Athlon II X3 415e, 420e, 425e
15h microarch - "Richland" and "Trinity", 4 integer cores, socket FM2:
65 W -
Athlon X4 750, FX-670K, A10-6700, A10-5700, A8-6500, A8-6500B, A8-5500, A8-5500B, A6-6400K, A6-5400K
15h microarch - "Kaveri", 4 integer cores, socket FM2+:
65 W -
Athlon X4 840, FX-770K, A8-7600, A10-7800, A10-7860K, A8 PRO-7600B, A10 PRO-7800B, PRO A8-8650B, PRO A10-8750B, PRO A10-8850B
15h microarch - "Carrizo", 4 integer cores, socket FM2+ or AM4:
65 W, FM2+ - Athlon X4 845, A8-7680,
65 W, AM4 - PRO A10-8770, PRO A12-8870
35 W, AM4 - PRO A10-8770E, PRO A12-8870E
15h microarch - "Bristol Ridge", 4 integer cores, socket AM4:
65 W - Athlon X4 970, Athlon X4 950, Athlon X4 940
65 W - A8-9600, A10-9700, A12-9800, PRO A8-9600, PRO A10-9700, PRO A12-9800
35 W - A10-9700E, A12-9800E, PRO A10-9700E, PRO A12-9800E
Zen 2 microarch, socket AM4:
65 W, 6 cores - Ryzen 5 3500, Ryzen 5 3500X
What is ECC?
ECC (Error Correcting Code), when talking about a CPU and its main memory, is a mechanism which can reduce the probability of errors in the main memory.
A CPU's main memory is usually DRAM (Dynamic Random Access Memory), which has an expected error rate of about a few incorrect bits per year. When ECC is enabled on DRAM, it allows those few errors to be corrected.
We highly recommended using ECC memory. On AMD's platforms, the cost of purchasing ECC capable hardware is minimal.
Supercomputers, workstations and other important and mission criticall computers commonly use ECC on main memory. Lack of ECC is considered as very unprofessional.
In order for ECC to work, the following hardware features are required:
- DRAM controller with ECC support. This is fullfilled by all AMD CPUs listed above. This feature is intentionally disabled by Intel on most of their consumer CPUs.
- ECC traces on a motherboard connecting DRAM modules to the the DRAM controller.
- DRAM modules with extra DRAM chips for ECC data (one extra chip for every eight chips).
Therefore, the first requirement is automatically fullfilled. The second requirement must be fullfilled by the motherboard manufacturer. It is usually fulfilled because it is sufficiently simple for motherboard manufacturers to add ECC traces without any cost increases.
The third requirement is fullfilled by purchasing ECC capable DRAM memory modules. For all CPUs on the list, unbuffered ECC DRAM modules are required.
Finally, from the software side, the operating system should enable ECC and provide additional support for error monitoring and management. Most consumer versions of Microsoft Windows lack those additional features. Furthermore, if ECC support is not enabled in BIOS or UEFI by the motherboard manufacturer, then there is no way to make Microsoft Windows enable ECC by itself.
Operating systems (OS) based on Linux kernel can enable ECC on any capable hardware. If support for ECC is missing in BIOS and UEFI, the user can force the OS to enable ECC. The OS provides full error monitoring and management capabilities.
CPUs Based on Zen Architecture
Perhaps you were wondering why aren't any Zen based AMD CPUs recommended? Zen is a fast, modern and efficient architecture.
The reasons for not including Zen-based CPUs are:
- Zen architecture is vulnerable to (future) process isolation breaches based on Spectre; it is also vulnerable if the current software, including OSes and web browsers, fail to implement mitigations of sufficient quality;
- Zen architecture is vulnerable to RyzenFall, MasterKey, Fallout, and Chimera exploits;
- Zen architecture contains a unit called PSP (Platform [In]Security Processor), which is similar to Intel's ME and therefore deserves almost the same critique.
It might be noticed that the recommended CPU list includes two CPUs based on Zen 2 architecture. Zen 2 improves upon the first Zen in the following areas:
- Zen 2 micro-architecture should be less vulnerable to Spectre;
- At least some motherboards for Zen 2 should be invulnerable to currently known exploits.
Unfortunately, Zen 2 still contains an undocumented PSP (Platform Insecurity Processor), which cannot be disabled, scrutinized or modified. This is a big downside of Zen 2, and certainly a bad decision from AMD. Furthermore, the Zen 2 microarchitecture is new and unproven.
Therefore, we recommend Zen 2 architecture only under assumption of extreme caution, or for computer enthusiasts, hobbists and others who might find the risk acceptable, for use in non-sensitive and inconsequential roles such as media centers or entertainment hubs.
The only Zen 2 models that are recommended are those lacking SMT (Simultaneous Multithreading). We consider SMT to be an additional security and privacy risk.
ARM Cortex-A CPU Series
ARM Cortex CPUs are very capable low power architecures intended for use in mobile devices.
Cortex-A53 and Cortex-A55 cores are resistant to Spectre because they lack speculative execution capabilities. Unfortunately, those two CPU cores are not sufficiently fast to get a full recommendation for use in desktops. They only have about half the speed required for a comfortable desktop use.
Mitigations for Spectre were built into Cortex-A76 CPU cores, but those are only partial. Cortex-A77 CPU core was intended to have full mitigations for Spectre, but recently it was discovered to still be vulnerable.
The only newer core is Cortex-A78, which is still not available to general public. As always, caution is advised when using a new CPU design, as it might contain yet unknown errors and security vulnerabilities.
Besides the hardened CPU cores, using an ARM CPU for a desktop computer would also require a full desktop platform consisting of:
- a motherboard with a fast internal expansion bus (likely PCI-e);
- a display connector (HDMI or DisplayPort) on the motherboard (since GPU is integrated);
- external expansion busses (USB 2.0 and USB 3.0);
- a fast data storage bus (SATA) with at least 2 ports (for RAID 1);
- power supply specifications (like SFX or something even smaller and simpler);
- computer chassis standards;
- an operating system (this is almost fullfilled by Debian GNU/Linux operating system, only the GPU acceleration drivers are still missing).
Platforms that provide all the listed features are either experimental or expensive, and in low productions numbers at this time; therefore: not recommended yet.
A positive aspect of an ARM platform is that it promises to make possible a portable, low-weight, low-power, inexpensive, fast and efficient computer.
At this point in time such a computer seems to be about four years away in the future, so we hope to see it all become possible for petty cash by the year 2025.