Attention is currently required from: Gaggery Tsai, Marx Wang, Nico Huber, Angel Pons, Kane Chen.

View Change

1 comment:

• File src/soc/intel/apollolake/Kconfig:

  • Patch Set #14, Line 431: ENABLE_DDR_2X_REFRESH

    It's tight to DRAM. […]

    The point is that even on a device where the mitigation "should" be enabled due to hardware concerns, a (sophisticated) device owner should be able to disable the mitigation without rewriting lots of code (e.g. by setting a build time flag).

    Nico's example is that the owner might know that the device is used in a trusted environment only - but really any other reason is valid: they own the box, they're in charge. If they break the computer, they get to keep the pieces (and this issue isn't even about breaking the device).

To view, visit change 48510. To unsubscribe, or for help writing mail filters, visit settings.