On 02/18/2018 07:03 AM, Rudolf Marek wrote:
Hi,
Thanks for the detailed reply :]
What do you want to protect?
I just looked at the AMD page saw they said they would be releasing updates and I figured I should have them even though there is no description of as to what they actually will do.
If you want to protect the kernel, retpolines are OK on AMD. And you don't need any microcode update. Your CPU needs to have SMEP, otherwise you would need to clear RSB on CPL change (the paper on mentined page says that you need to do that always, but at least on Ryzen, the attack using RSB is not working (we tried that out, maybe it works only on some circumstances).
If you want to protect userspace, the RSB will be clear by IBPB (which you would need if you don't have userspace compiled with retpolines). I don't know if intel clears RSB on IBPB... probably not
To sum it up on AMD:
kernel: retpolines, RSB clear on CPL change on CPU without SMEP (see above)
userspace: retpolines, RSB clear on context switch necessary or IBPB (needs microcode update).
Plus make sure you enable "LFENCE is dispatch serializing" - perhaps coreboot can do that :) it is simple MSR write on fam 10h 12h+ the fam 11h and 0fh dont have this MSR but LFENCE is dispatch serilizing.
Hmm do you have more info links about this?
Besides that, you don't need any microcode update.
Plus of course there is a spectre variant 1, which is more difficult to mitigate, basically you need to check all the software and look for any pattern like array_x[array_z[untrusted_index] * any transformation].
The first access would leak just address (ASLR defated), second will leak data. The variant 1 works on user/user attack and as well as user/kernel.
As far I know there are no automated tools to check for this.