On Wed, 23 Nov 2016, Tony Luck wrote:
> IMHO people who really care should find the BIOS option and disable it
> there.
That can also be said about *enabling* it, I think (see below).
> Having Linux take responsibility seems a little weird. If we do go
Not really. The currently proposed patch
IMHO people who really care should find the BIOS option and disable it there.
Having Linux take responsibility seems a little weird. If we do go that route
it should be early in setup_arch() before any callbacks to other subsystems to
avoid and endless games of whack-a-mole.
I also wonder abou
On Wed, 23 Nov 2016, Borislav Petkov wrote:
> On Wed, Nov 23, 2016 at 11:29:51AM -0200, Henrique de Moraes Holschuh wrote:
> > 1. Assuming we can do it, always lock it when it is found to be unlocked
> >at kernel boot.
>
> Because...?
Privacy, and the fact that /dev/cpu/msr exists and is enab
On Wed, Nov 23, 2016 at 08:42:40AM -0800, Tony Luck wrote:
> If the BIOS writes 10b, then PPIN is disabled and will remain so until
> the processor is reset. Bit 1 is a one way trip, it can be set by s/w,
> but not cleared again.
10b means bit 1, i.e., Enable_PPIN is set, right? Which actually
*en
If the BIOS writes 10b, then PPIN is disabled and will remain so until the
processor is reset. Bit 1 is a one way trip, it can be set by s/w, but not
cleared again.
All this is because of the huge stink last time Intel tried to add a serial
number to CPUs a decade and a half ago. The lockout bi
On Wed, Nov 23, 2016 at 02:37:23PM +0100, Borislav Petkov wrote:
> You can't reenable it:
>
> "LockOut (R/WO)
> Set 1 to prevent further writes to MSR_PPIN_CTL. Writing 1 to
> MSR_PPINCTL[bit 0] is permitted only if MSR_PPIN_CTL[bit 1] is
> clear, Default is 0."
Well, almost.
"Enable_PPIN (R/W)
I
On Wed, Nov 23, 2016 at 11:29:51AM -0200, Henrique de Moraes Holschuh wrote:
> 1. Assuming we can do it, always lock it when it is found to be unlocked
>at kernel boot.
Because...?
> 2. Not attempt to change its state from disabled to enabled *unless*
>given a command line parameter autho
On Wed, 23 Nov 2016, Borislav Petkov wrote:
> + /* if PPIN is disabled, but not locked, try to enable: */
> + if (!(val & 3ul)) {
> + wrmsrl_safe(MSR_PPIN_CTL, val | 2ul);
> + rdmsrl_safe(MSR_PPIN_CTL, &val);
> + }
Actual
On Fri, Nov 18, 2016 at 09:48:36AM -0800, Luck, Tony wrote:
> From: Tony Luck
>
> Intel Xeons from Ivy Bridge onwards support a processor identification
> number set in the factory. To the user this is a handy unique number to
> identify a particular cpu. Intel can decode this to the fab/producti
From: Tony Luck
Intel Xeons from Ivy Bridge onwards support a processor identification
number set in the factory. To the user this is a handy unique number to
identify a particular cpu. Intel can decode this to the fab/production
run to track errors. On systems that have it, include it in the mac
10 matches
Mail list logo