On Sat, 3 Sep 2016, Andrew David Wong wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote: > > W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel > > fairy napisał: > >> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, > >> grzegorz....@gmail.com wrote: > >> > >>> Can it take advantage of ECC RAM? Server hardware that is few > >>> years old can be bought for dirt cheap (Xeon E5-2670 has 8 > >>> cores and costs about 75$). > >>> > >>> I'll be upgrading from my current PC and I'm seriously > >>> considering building a rig around a Xeon processor and a > >>> motherboard with ECC RAM but if there is no real benefit then > >>> what's the point? > >> > >> apparently price is the advantage, but think of your ears! > >> server hardware is loud. > >> > >> if your willing to spend more on good hardware, go for a good > >> ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping > >> attacks start showing up. > >> > >> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-mem > ory-501898.shtml > > > > Xeon it is then. As for the rowhammering attack as far as I know > > ECC RAM is not vulnereable to that.
Sandy Bridge (E5-2670) does not support DDR4. All DDR3 designs probably predate rowhammer discovery, so I wouldn't really trust them to properly mitigate rowhammer attacks as it was not a factor when the chips were designed. Obviously rehashing old products is even less likely to occur due to cost and soon to be obsoleted products. When considering rowhammer, TRR (targeted row refresh) is much more important feature than ECC actually, and Xeons at least should supports TRR (probably since Ivy Bridge although that bit of information is based on sources I wouldn't fully trust, i.e., some random vendor marketing material, IIRC). AFAIK, there is no publically available official confirmation from Intel that Xeons really do support TRR, however, there are some errata entries that indicate that TRR with LRDIMMs won't work which indicates that it likely works with RDIMMs at least. Thus, it seems mainly as a problem of finding RDIMM that actually implements TRR properly and likely also a motherboard which enables CPU's TRR functionality is needed. AFAIK, there is no information whether non-E5/E7 CPUs would support TRR or not. > Unfortunately, that's not true: > > "Tests show that simple ECC solutions, providing single-error > correction and double-error detection (SECDED) capabilities, are not > able to correct or detect all observed disturbance errors because some > of them include more than two flipped bits per memory word." > > https://en.wikipedia.org/wiki/Row_hammer#Mitigation While I don't doubt a second that there are vulnerable ECC memories too (especially DDR3 ones), I noticed one interesting oddity in the recent DRAMA attack paper: The paper first mentions that their dual E5-2630 v3 system is fitted with Samsung DDR4 ECC RDIMM when they did the address bits reverse engineering part. However, later in the paper when they actually exploited rowhammer bugs, the dual E5-2630 v3 system is, for some reason, reconfigured to use Crucial DDR4s. Could it perhaps indicate that they (while not reporting it), didn't succeed in rowhammer against Samsung ones so they tried to other ones just to prove a point... It would make things very interesting if that would be true. In the last Spring rowhammer paper, Micron-based DIMMs seemed to be particularly bad (close to magnitude worse than the other brands mostly, IIRC) so the ability to trigger rowhammer issues with Micron-based DDR4 ECCs in particular doesn't surprise me that much. I know that Micron mem chip specs indicate as if they would have some non-TRR based solution built-in but that doesn't seem to help (or work). Other vendors information I've come across: * Samsung: DDR4 specs mention TRR support and have timing diagrams on how that is performed. One presentation with a high ranked Samsung person as the author claims that rowhammer is mitigated in their DDR4s (or it might have mentioned TRR directly, I don't remember anymore the wording) * IIRC, both Hynix and Intel have a patent related to rowhammer but that won't prove anything about real products > > t's a shame that the more powerful Xeon CPUs don't come with a > > built in GPU, I'll have to make do with a current one. Added > > benefit here is that pretty much all Xeons support technologies > > necessary for Qubes 4.0 compliance. Wonder why they aren't more > > popular among desktop users. Indeed. Given how much effort Intel has put into GPU virtualization, it's really shame that there aren't any more than 4 core CPUs with iGPU in the first place and as far as the leaks about upcoming ones can be trusted, there won't be any in the near future either (but take this with a grain of salt obviously). It would be quite interesting product especially as Intel seems to really put significant effort on getting iGVT to work in Xen and Intel GPU virtualization support might eventually make itself into Qubes too. -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.10.1609032137280.3929%40melkinpaasi.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.