Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

2016-09-03 Thread pixel fairy
does qubes do any rowhammer mitigation?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d4354a5-b438-47bc-a916-8e9b5bbf718b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

2016-09-03 Thread Ilpo Järvinen
On Sat, 3 Sep 2016, Andrew David Wong wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
> > W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
> > fairy napisał:
> >> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
> >> grzegorz@gmail.com wrote:
> >>
> >>> Can it take advantage of ECC RAM? Server hardware that is few 
> >>> years old can be bought for dirt cheap (Xeon E5-2670 has 8
> >>> cores and costs about 75$).
> >>>
> >>> I'll be upgrading from my current PC and I'm seriously 
> >>> considering building a rig around a Xeon processor and a 
> >>> motherboard with ECC RAM but if there is no real benefit then 
> >>> what's the point?
> >> 
> >> apparently price is the advantage, but think of your ears!
> >> server hardware is loud.
> >> 
> >> if your willing to spend more on good hardware, go for a good
> >> ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
> >> attacks start showing up.
> >> 
> >> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-mem
> ory-501898.shtml
> >
> > Xeon it is then. As for the rowhammering attack as far as I know
> > ECC RAM is not vulnereable to that.

Sandy Bridge (E5-2670) does not support DDR4. All DDR3 designs probably 
predate rowhammer discovery, so I wouldn't really trust them to properly
mitigate rowhammer attacks as it was not a factor when the chips were
designed. Obviously rehashing old products is even less likely to occur 
due to cost and soon to be obsoleted products.

When considering rowhammer, TRR (targeted row refresh) is much more 
important feature than ECC actually, and Xeons at least should supports 
TRR (probably since Ivy Bridge although that bit of information is based 
on sources I wouldn't fully trust, i.e., some random vendor marketing 
material, IIRC). AFAIK, there is no publically available official 
confirmation from Intel that Xeons really do support TRR, however, there 
are some errata entries that indicate that TRR with LRDIMMs won't work 
which indicates that it likely works with RDIMMs at least. Thus, it
seems mainly as a problem of finding RDIMM that actually implements
TRR properly and likely also a motherboard which enables CPU's TRR 
functionality is needed.

AFAIK, there is no information whether non-E5/E7 CPUs would support
TRR or not.

> Unfortunately, that's not true:
> 
> "Tests show that simple ECC solutions, providing single-error
> correction and double-error detection (SECDED) capabilities, are not
> able to correct or detect all observed disturbance errors because some
> of them include more than two flipped bits per memory word."
> 
> https://en.wikipedia.org/wiki/Row_hammer#Mitigation

While I don't doubt a second that there are vulnerable ECC memories
too (especially DDR3 ones), I noticed one interesting oddity in the
recent DRAMA attack paper:

The paper first mentions that their dual E5-2630 v3 system is fitted 
with Samsung DDR4 ECC RDIMM when they did the address bits reverse 
engineering part. However, later in the paper when they actually
exploited rowhammer bugs, the dual E5-2630 v3 system is, for some
reason, reconfigured to use Crucial DDR4s. Could it perhaps indicate
that they (while not reporting it), didn't succeed in rowhammer
against Samsung ones so they tried to other ones just to prove
a point... It would make things very interesting if that would be
true.

In the last Spring rowhammer paper, Micron-based DIMMs seemed
to be particularly bad (close to magnitude worse than the other
brands mostly, IIRC) so the ability to trigger rowhammer issues
with Micron-based DDR4 ECCs in particular doesn't surprise me that
much. I know that Micron mem chip specs indicate as if they
would have some non-TRR based solution built-in but that doesn't
seem to help (or work).

Other vendors information I've come across:
* Samsung: DDR4 specs mention TRR support and have timing diagrams on
  how that is performed. One presentation with a high ranked Samsung
  person as the author claims that rowhammer is mitigated in their
  DDR4s (or it might have mentioned TRR directly, I don't remember
  anymore the wording)
* IIRC, both Hynix and Intel have a patent related to rowhammer but
  that won't prove anything about real products

> > t's a shame that the more powerful Xeon CPUs don't come with a
> > built in GPU, I'll have to make do with a current one. Added
> > benefit here is that pretty much all Xeons support technologies
> > necessary for Qubes 4.0 compliance. Wonder why they aren't more
> > popular among desktop users.

Indeed. Given how much effort Intel has put into GPU virtualization,
it's really shame that there aren't any more than 4 core CPUs with iGPU
in the first place and as far as the leaks about upcoming ones can be 
trusted, there won't be any in the near future either (but take this
with a grain of salt obviously). It would be quite interesting product 
especially as Intel seems to really put 

Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

2016-09-03 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-03 05:15, grzegorz.chodzi...@gmail.com wrote:
> W dniu sobota, 3 września 2016 14:11:04 UTC+2 użytkownik Andrew 
> David Wong napisał:
>> 
>> On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
>>> W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
>>>  fairy napisał:
 On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
 grzegorz@gmail.com wrote:
> I know that QubesOS is developed mostly with notebook use 
> in mind, however some users, me included, opt to run it on
>  desktop computers. The question is, is there any
> advantage of building a Qubes-dedicated machine on
> workstation/server components?
 
 mostly ecc ram. its a shame non-ecc is so prevalent. in 
 practice, i dont think the difference is worth it. there are 
 many more important variables.
 
> Will Qubes be able to take advantage of higher core count 
> in Xeon processors? Or two processors if a user decides to 
> build a dual-CPU rig? Does the system performance scale 
> with the number of available cores/ clock speed?
 
 yes.
 
> Can it take advantage of ECC RAM? Server hardware that is 
> few years old can be bought for dirt cheap (Xeon E5-2670 
> has 8 cores and costs about 75$).
 
 it will benefit the same as any another machine from ecc 
 ram.
 
> I'll be upgrading from my current PC and I'm seriously 
> considering building a rig around a Xeon processor and a 
> motherboard with ECC RAM but if there is no real benefit 
> then what's the point?
 
 apparently price is the advantage, but think of your ears! 
 server hardware is loud.
 
 if your willing to spend more on good hardware, go for a good
 ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
 attacks start showing up.
 
 http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-m


 
>>> Xeon it is then. As for the rowhammering attack as far as I 
>>> know ECC RAM is not vulnereable to that.
>> 
>> Unfortunately, that's not true:
>> 
>> "Tests show that simple ECC solutions, providing single-error 
>> correction and double-error detection (SECDED) capabilities, are 
>> not able to correct or detect all observed disturbance errors 
>> because some of them include more than two flipped bits per 
>> memory word."
>> 
>> https://en.wikipedia.org/wiki/Row_hammer#Mitigation
>> 
> Back to the drawing board it is then. What other precautions can
> we take to mitigate this?
> 

You may want to test memory (by hammering it and checking for bit
flips) or rely on the test results others have reported:



- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXyr/cAAoJENtN07w5UDAwGT8P+wX1ilw/t6oeq3KpcT2Zr4p5
nCs+Qyl0ntn89QAtGxTcpYYsTSHZ3Iw6F3ovWJEtDcwFCC/i86Cgnp+VB9VZWKfk
tDt+3x3fUyFQ6I1wGIxjjvbVNmYFUo+cbMjQK2Y0OHfF2j+0zWJ/Nqaue2oems8O
EXPWAdt1KHkm5VlwqaKNjmuPKrJUlNw4ha90nQXNvtf5U9UDOmFnjrh19/PacZgH
Bk7Y2XUjxKHqaBAa6dv+fkH1x37LxeNmmUiyyLze6o5hNlhECeMjSxlLKbyE7asC
mrCemmsGEIuEbuiNTHZrRTJaViTT5EyccJQX708iiEwiEz5zVS3KwBLSHMMaaMBs
Aquld1b42OPezUTOCtTuSU/+oCCZJpqbWb3VB5GK/eLvYFoa2h4rD8E89Lwa4kNQ
vpz7AbZFn4YmVBfQ8rrS7qpay8JgRGChQM75pOSDlZzk8nf3uhYywlg+T1VlT6fL
RTQdzGLn67HBNdD7xIcd1utbLxNXSXfS+5FNMaBeZe3out96+jsNAwZADAkaNU6R
b1xNUSdZQSZ+j8j6w6b5EA7ddg6mH47BKcSMS0x4KP43xrHAP4maH1LCEVcaTJRK
P6kJzOvxrOhxVe5mtewzlRoXLDV1iyoJtlZA+So4ASyfi/ijRo1aZP90Yzwcsu/d
Ilpt015m7KVmu4KVzpmA
=nxuo
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a4b500a-de40-8ef4-8bce-d0ff6fa92392%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

2016-09-03 Thread grzegorz . chodzicki
W dniu sobota, 3 września 2016 14:11:04 UTC+2 użytkownik Andrew David Wong 
napisał:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
> > W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
> > fairy napisał:
> >> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
> >> grzegorz@gmail.com wrote:
> >>> I know that QubesOS is developed mostly with notebook use in 
> >>> mind, however some users, me included, opt to run it on
> >>> desktop computers. The question is, is there any advantage of
> >>> building a Qubes-dedicated machine on workstation/server
> >>> components?
> >> 
> >> mostly ecc ram. its a shame non-ecc is so prevalent. in practice,
> >> i dont think the difference is worth it. there are many more 
> >> important variables.
> >> 
> >>> Will Qubes be able to take advantage of higher core count in
> >>> Xeon processors? Or two processors if a user decides to build
> >>> a dual-CPU rig? Does the system performance scale with the
> >>> number of available cores/ clock speed?
> >> 
> >> yes.
> >> 
> >>> Can it take advantage of ECC RAM? Server hardware that is few 
> >>> years old can be bought for dirt cheap (Xeon E5-2670 has 8
> >>> cores and costs about 75$).
> >> 
> >> it will benefit the same as any another machine from ecc ram.
> >> 
> >>> I'll be upgrading from my current PC and I'm seriously 
> >>> considering building a rig around a Xeon processor and a 
> >>> motherboard with ECC RAM but if there is no real benefit then 
> >>> what's the point?
> >> 
> >> apparently price is the advantage, but think of your ears!
> >> server hardware is loud.
> >> 
> >> if your willing to spend more on good hardware, go for a good
> >> ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
> >> attacks start showing up.
> >> 
> >> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-mem
> ory-501898.shtml
> >
> >>
> >> 
> > Xeon it is then. As for the rowhammering attack as far as I know
> > ECC RAM is not vulnereable to that.
> 
> Unfortunately, that's not true:
> 
> "Tests show that simple ECC solutions, providing single-error
> correction and double-error detection (SECDED) capabilities, are not
> able to correct or detect all observed disturbance errors because some
> of them include more than two flipped bits per memory word."
> 
> https://en.wikipedia.org/wiki/Row_hammer#Mitigation
> 
Back to the drawing board it is then. What other precautions can we take to 
mitigate this?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f72fb0a3-ac5a-4057-bf7e-3931a7a3ad83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Benefits of running Qubes on server-grade hardware?

2016-09-03 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-03 04:58, grzegorz.chodzi...@gmail.com wrote:
> W dniu sobota, 3 września 2016 13:37:27 UTC+2 użytkownik pixel
> fairy napisał:
>> On Saturday, September 3, 2016 at 2:32:54 AM UTC-7, 
>> grzegorz@gmail.com wrote:
>>> I know that QubesOS is developed mostly with notebook use in 
>>> mind, however some users, me included, opt to run it on
>>> desktop computers. The question is, is there any advantage of
>>> building a Qubes-dedicated machine on workstation/server
>>> components?
>> 
>> mostly ecc ram. its a shame non-ecc is so prevalent. in practice,
>> i dont think the difference is worth it. there are many more 
>> important variables.
>> 
>>> Will Qubes be able to take advantage of higher core count in
>>> Xeon processors? Or two processors if a user decides to build
>>> a dual-CPU rig? Does the system performance scale with the
>>> number of available cores/ clock speed?
>> 
>> yes.
>> 
>>> Can it take advantage of ECC RAM? Server hardware that is few 
>>> years old can be bought for dirt cheap (Xeon E5-2670 has 8
>>> cores and costs about 75$).
>> 
>> it will benefit the same as any another machine from ecc ram.
>> 
>>> I'll be upgrading from my current PC and I'm seriously 
>>> considering building a rig around a Xeon processor and a 
>>> motherboard with ECC RAM but if there is no real benefit then 
>>> what's the point?
>> 
>> apparently price is the advantage, but think of your ears!
>> server hardware is loud.
>> 
>> if your willing to spend more on good hardware, go for a good
>> ssd, and good ddr4 ram (G.Skill or Geil) in case bitflipping
>> attacks start showing up.
>> 
>> http://news.softpedia.com/news/rowhammer-attack-now-works-on-ddr4-mem
ory-501898.shtml
>
>>
>> 
> Xeon it is then. As for the rowhammering attack as far as I know
> ECC RAM is not vulnereable to that.

Unfortunately, that's not true:

"Tests show that simple ECC solutions, providing single-error
correction and double-error detection (SECDED) capabilities, are not
able to correct or detect all observed disturbance errors because some
of them include more than two flipped bits per memory word."

https://en.wikipedia.org/wiki/Row_hammer#Mitigation

> t's a shame that the more powerful Xeon CPUs don't come with a
> built in GPU, I'll have to make do with a current one. Added
> benefit here is that pretty much all Xeons support technologies
> necessary for Qubes 4.0 compliance. Wonder why they aren't more
> popular among desktop users.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIbBAEBCgAGBQJXyr3BAAoJENtN07w5UDAwvucP+IL6Pht912BBzr/rsGBbwXMX
L97rBovZ4L21UimjrIwqSqrgvOzntD3+ltaG0qZFW/r//Qbp9WAEUk/E7Pm/9WPQ
bTlvY4cAn6nU8Ogg08LB5kJd4/wIMetIQ90SEtgUTiVuLJu7ykbXZTGknqoQmXtW
6l8nNkEoN/3KaSggJIJGBvNl3fZTlpkPfQkucUTKJNPI42r/ARvqdgCuLzIdCzXk
ol4CdrUUz06NpZODQ7NCJPanZ2ZsaPjbyAFRBNQ1RF/jJuRUwr12VqBLIhxMzWoA
zu2Hegh2kGig8GIU1S6Dsqdc+ykv3Btj55C0l0McrznC3IawK0G3Dp3xNYvScRvz
m8MlMIo6X64a8Ku0tXq6qKd4UWDJGBGAV2fwESnaJMNT+nts47TV8JuOJl9jI5Wt
GJro4ui0nE736cb6IVfMIYKtIeFWkdTK87NCyOv/uEOaNjzsQG6LvtFdie8Q3s8j
YPeBzxyfmVT3hKIkxNfM5BgU2CcLH+LrgtnfSRKjlDTz4Ynh8DUITpUPGK4xfHLB
ZpQx6a2WSDLI7tfaUiejWHFtAuQGF+791Vf9u8kubLct3Mp+vc9E5rWv4YnpEKML
zocxarGY2pY6X5EMxmUCQAA0wITLUvcvqxJ2LmJ2g6+9qc3trkWROqp9PuCCc7Go
mboB023gu1AyH/5oO5E=
=e2ZE
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ed75595-b27a-cb75-1bd6-4e03a4f25d00%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.