Line 869 - "const int amd_erratum_319[] =" --- is this code really against the Spectre, or its more like against the erratas in general? Also, What if someone would like to use either a Linux distro which hasnt been upgraded to the latest kernels, or maybe some alternative OS like FreeDOS or Kolibri? I think Taiidan has a good point: the availability of protection from this vulnerability should not depend on your OS and the version of your Linux kernel.
Are there any existing MSR writes inside the coreboot code, so that they could be copied and modified into the MSR of Taiidan's interest? (MSR C001_1029[1]=1) Maybe that MSR write would even be a C code 1-liner?
Best regards, Mike Banon
On Tue, Apr 10, 2018 at 3:32 AM, Arthur Heymans arthur@aheymans.xyz wrote:
Hi
Linux already does that for you: (v4.16) arch/x86/kernel/cpu/amd.c line 869.
Kind regards
On 5 April 2018 00:51:30 GMT+02:00, "Taiidan@gmx.com" Taiidan@gmx.com wrote:
As I am not a programmer I do not know how to do this (thanks for the heads-up rmarek) nor am I permitted to add to the repos.
MITIGATION G-2 Description: Set an MSR in the processor so that LFENCE is a dispatch serializing instruction and then use LFENCE in code streams to serialize dispatch (LFENCE is faster than RDTSCP which is also dispatch serializing).
This mode of LFENCE may be enabled by setting MSR C001_1029[1]=1.
This is important and covers a variety of boards such as the KGPE-D16, KCMA-D8 and G505s (all the last and best owner controlled x86_64 systems)
-- Arthur Heymans
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot