On Fri, 2020-11-13 at 14:56 +0100, Salvatore Bonaccorso wrote: > If we are going to enable this for our builds, then we might need to > check that https://bugzilla.redhat.com/show_bug.cgi?id=1897402 is not > opened accordingly. > > This relates to > > https://support.lenovo.com/lu/uk/product_security/LEN-50481 > > and probably the reason for > > https://lore.kernel.org/stable/238e3cf7-582f-a265-5300-9b4494810...@roeck-us.net/T/#m11dee15be8c238d8858aafdf1a57e9ad7e0b9670
Thanks for the response! I skimmed through the paper covering the CVE and they mostly focused on Intel SGX and only touched upon AMD briefly. They did there measurements with disabled boost and fixed frequency, a configuration that no system in the wild actually uses. Moreover the energy counters are exposed as an MSR, so in my opinion this is more of a CPU-level bug. Personally I feel like recent security efforts are often crippling usability for negligible gains. Just my two cents!
signature.asc
Description: This is a digitally signed message part