CVSROOT: /cvs
Module name: src
Changes by: mi...@cvs.openbsd.org 2017/01/13 10:15:27
Modified files:
sys/arch/amd64/amd64: identcpu.c
sys/arch/amd64/include: specialreg.h
sys/arch/i386/i386: machdep.c
sys/arch/i386/include: specialreg.h
Log message:
Disable and lock Silicon Debug feature on modern Intel CPUs
This implements one of the countermeasures against using Direct
Connect Interface (DCI) to debug CPUs via USB3 mentioned in the
"Tapping into the core" talk at the 33c3: identify and disable
the Silicon Debug feature found in Haswell and newer CPUs.
ok mlarkin, deraadt
