On Fri, 2020-11-13 at 14:56 +0100, Salvatore Bonaccorso wrote:
> If we are going to enable this for our builds, then we might need to
> check that https://bugzilla.redhat.com/show_bug.cgi?id=1897402 is not
> opened accordingly.
>
> This relates to
>
> https://support.lenovo.com/lu/uk/product_security/LEN-50481
>
> and probably the reason for
>
> https://lore.kernel.org/stable/238e3cf7-582f-a265-5300-9b4494810...@roeck-us.net/T/#m11dee15be8c238d8858aafdf1a57e9ad7e0b9670
Thanks for the response!
I skimmed through the paper covering the CVE and they mostly focused on Intel
SGX and only touched upon AMD briefly. They did there measurements with disabled
boost and fixed frequency, a configuration that no system in the wild actually
uses. Moreover the energy counters are exposed as an MSR, so in my opinion this
is more of a CPU-level bug.
Personally I feel like recent security efforts are often crippling usability for
negligible gains.
Just my two cents!
signature.asc
Description: This is a digitally signed message part