DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
Old 19th March 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by e1-531g View Post
Can you tell how did you managed to know which microcode file kernel is searching for?
Had you asked me two months ago, I might have remembered. I will have to guess: keyword searching, probably in /sys/arch/amd64.
Reply With Quote
Old 27th May 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

There is fourth variant.
Speculative Store Bypass
https://www.redhat.com/en/blog/specu...t-how-it-works
https://blogs.technet.microsoft.com/...cve-2018-3639/
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 15th August 2018
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

Theo weighs in on the latest: More vulnerabilities likely, media distractions and new syspatch in the works:
http://www.undeadly.org/cgi?action=a...20180815070400

Last edited by shep; 15th August 2018 at 07:55 PM.
Reply With Quote
Old 24th August 2018
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

24August2018:
Quote:
Two recently disclosed hardware bugs affected Intel cpus:

- TLBleed

- T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this
bug, more aspects are surely on the way)

Solving these bugs requires new cpu microcode, a coding workaround,
*AND* the disabling of SMT / Hyperthreading.
SMT is fundamentally broken because it shares resources between the two
cpu instances and those shared resources lack security differentiators.
Some of these side channel attacks aren't trivial, but we can expect
most of them to eventually work and leak kernel or cross-VM memory in
common usage circumstances, even such as javascript directly in a
browser.

There will be more hardware bugs and artifacts disclosed. Due to the
way SMT interacts with speculative execution on Intel cpus, I expect SMT
to exacerbate most of the future problems.

A few months back, I urged people to disable hyperthreading on all
Intel cpus. I need to repeat that:

DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS.

Also, update your BIOS firmware, if you can.

OpenBSD -current (and therefore 6.4) will not use hyperthreading if it
is enabled, and will update the cpu microcode if possible.

But what about 6.2 and 6.3?

The situation is very complex, continually evolving, and is taking too
much manpower away from other tasks. Furthermore, Intel isn't telling
us what is coming next, and are doing a terrible job by not publically
documenting what operating systems must do to resolve the problems. We
are having to do research by reading other operating systems. There is
no time left to backport the changes -- we will not be issuing a
complete set of errata and syspatches against 6.2 and 6.3 because it is
turning into a distraction.


Rather than working on every required patch for 6.2/6.3, we will
re-focus manpower and make sure 6.4 contains the best solutions
possible.

So please try take responsibility for your own machines: Disable SMT in
the BIOS menu, and upgrade your BIOS if you can.


I'm going to spend my money at a more trustworthy vendor in the future.
http://www.undeadly.org/cgi?action=a...20180824024934
Reply With Quote
Old 4th September 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Developers of Qubes OS also disabled HT.
https://github.com/QubesOS/qubes-sec...b-043-2018.txt
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 19th January 2020
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

INTEL-SA-00314, CVE-2019-14615

Quote:
Summary:
A potential security vulnerability in Intel® Processor Graphics may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.
https://www.intel.com/content/www/us...-sa-00314.html

There is a OpenBSD patch for 9th Gen Graphics: 017: SECURITY FIX: January 17, 2020 i386 and amd64
https://www.openbsd.org/errata66.html
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD Porting Workshop January 3, 2018 ibara OpenBSD Packages and Ports 26 8th March 2018 07:43 PM
Russia Wants to Launch Backup DNS System by August 1, 2018 e1-531g News 2 1st December 2017 10:47 AM
Home LAN design help. silex OpenBSD General 0 15th December 2012 09:40 AM
Hardware Intel finds flaw in Sandy Bridge chipset J65nko News 5 2nd February 2011 11:58 AM
HTTP cookies, or how not to design protocols J65nko News 2 31st October 2010 07:39 AM


All times are GMT. The time now is 08:23 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick