On 02/18/2018 07:03 AM, Rudolf Marek wrote: > Hi, Thanks for the detailed reply :] > What do you want to protect? I just looked at the AMD page saw they said they would be releasing updates and I figured I should have them even though there is no description of as to what they actually will do. > If you want to protect the kernel, retpolines are OK on AMD. > And you don't need any microcode update. Your CPU needs to have SMEP, > otherwise > you would need to clear RSB on CPL change (the paper on mentined page says > that you need to do that > always, but at least on Ryzen, the attack using RSB is not working (we tried > that out, maybe it works > only on some circumstances). > > If you want to protect userspace, the RSB will be clear by IBPB (which you > would need if you don't have userspace compiled > with retpolines). I don't know if intel clears RSB on IBPB... probably not > > To sum it up on AMD: > > kernel: > retpolines, RSB clear on CPL change on CPU without SMEP (see above) > > userspace: > retpolines, RSB clear on context switch necessary or IBPB (needs microcode > update). > > Plus make sure you enable "LFENCE is dispatch serializing" - perhaps coreboot > can do that :) it is simple > MSR write on fam 10h 12h+ the fam 11h and 0fh dont have this MSR but LFENCE > is dispatch serilizing. Hmm do you have more info links about this? > Besides that, you don't need any microcode update. > > Plus of course there is a spectre variant 1, which is more difficult to > mitigate, basically you need to check all the software > and look for any pattern like array_x[array_z[untrusted_index] * any > transformation]. > > The first access would leak just address (ASLR defated), second will leak > data. > The variant 1 works on user/user attack and as well as user/kernel. > > As far I know there are no automated tools to check for this.
0xDF372A17.asc
Description: application/pgp-keys
-- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
