Hi,
What do you want to protect? If you want to protect the kernel, retpolines are OK on AMD. And you don't need any microcode update. Your CPU needs to have SMEP, otherwise you would need to clear RSB on CPL change (the paper on mentined page says that you need to do that always, but at least on Ryzen, the attack using RSB is not working (we tried that out, maybe it works only on some circumstances).
If you want to protect userspace, the RSB will be clear by IBPB (which you would need if you don't have userspace compiled with retpolines). I don't know if intel clears RSB on IBPB... probably not
To sum it up on AMD:
kernel: retpolines, RSB clear on CPL change on CPU without SMEP (see above)
userspace: retpolines, RSB clear on context switch necessary or IBPB (needs microcode update).
Plus make sure you enable "LFENCE is dispatch serializing" - perhaps coreboot can do that :) it is simple MSR write on fam 10h 12h+ the fam 11h and 0fh dont have this MSR but LFENCE is dispatch serilizing.
Besides that, you don't need any microcode update.
Plus of course there is a spectre variant 1, which is more difficult to mitigate, basically you need to check all the software and look for any pattern like array_x[array_z[untrusted_index] * any transformation].
The first access would leak just address (ASLR defated), second will leak data. The variant 1 works on user/user attack and as well as user/kernel.
As far I know there are no automated tools to check for this.
Thanks Rudolf
Dne 18.2.2018 v 12:48 Mike Banon napsal(a):
Maybe its' a good idea to write to AMD support regarding this question
- please share a reply if you would get an answer. I'm curious about
other fam15 CPUs as well, e.g. A10-5750M microcode update would be nice, maybe a request could be more general, e.g. : what is the estimated release date for the microcode updates for fam15 AMD CPUs (so a request is not about "opterons only")
On Sun, Feb 18, 2018 at 2:47 PM, Mike Banon mikebdp2@gmail.com wrote:
Maybe its' a good idea to write to AMD support regarding this question
- please share a reply if you would get an answer. I'm curious about
other fam15 CPUs as well, e.g. A10-5750M microcode update would be nice, maybe a request could be more general, e.g. : what is the estimated release date for the microcode updates for fam15 AMD CPUs (so a request is not about "opterons only")
On Sun, Feb 18, 2018 at 4:30 AM, Taiidan@gmx.com Taiidan@gmx.com wrote:
They said they would be releasing opteron microcode updates in a few weeks but it has been over a month and I am wondering when this is going to happen or if it already has and I should re-compile coreboot?
https://www.amd.com/en/corporate/speculative-execution "We expect to make updates available for our previous generation products over the coming weeks."
Thanks!
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
On 02/18/2018 07:03 AM, Rudolf Marek wrote:
Hi,
Thanks for the detailed reply :]
What do you want to protect?
I just looked at the AMD page saw they said they would be releasing updates and I figured I should have them even though there is no description of as to what they actually will do.
If you want to protect the kernel, retpolines are OK on AMD. And you don't need any microcode update. Your CPU needs to have SMEP, otherwise you would need to clear RSB on CPL change (the paper on mentined page says that you need to do that always, but at least on Ryzen, the attack using RSB is not working (we tried that out, maybe it works only on some circumstances).
If you want to protect userspace, the RSB will be clear by IBPB (which you would need if you don't have userspace compiled with retpolines). I don't know if intel clears RSB on IBPB... probably not
To sum it up on AMD:
kernel: retpolines, RSB clear on CPL change on CPU without SMEP (see above)
userspace: retpolines, RSB clear on context switch necessary or IBPB (needs microcode update).
Plus make sure you enable "LFENCE is dispatch serializing" - perhaps coreboot can do that :) it is simple MSR write on fam 10h 12h+ the fam 11h and 0fh dont have this MSR but LFENCE is dispatch serilizing.
Hmm do you have more info links about this?
Besides that, you don't need any microcode update.
Plus of course there is a spectre variant 1, which is more difficult to mitigate, basically you need to check all the software and look for any pattern like array_x[array_z[untrusted_index] * any transformation].
The first access would leak just address (ASLR defated), second will leak data. The variant 1 works on user/user attack and as well as user/kernel.
As far I know there are no automated tools to check for this.
Hi,
Dne 29.3.2018 v 20:39 Taiidan@gmx.com napsal(a):
Plus make sure you enable "LFENCE is dispatch serializing" - perhaps coreboot can do that :) it is simple MSR write on fam 10h 12h+ the fam 11h and 0fh dont have this MSR but LFENCE is dispatch serilizing.
Hmm do you have more info links about this?
Yes sure, goto [1] click on [2] and check "MITIGATION G-2". Basically just set: MSR C001_1029[1]=1 on 10h/12h/14h/15h/16h/17h the 0fh and 11h don't have it but there is LFENCE dispatch serializing already.
Thanks Rudolf
[1] https://www.amd.com/en/corporate/security-updates [2] https://developer.amd.com/wp-content/resources/Managing-Speculation-on-AMD-P...
AMD kept their promise. https://www.bleepingcomputer.com/news/hardware/amd-releases-spectre-v2-micro...
AMD kept their promise.
Are you sure? I cannot find any download links except for the Windows 10. Yes, theoretically it should be possible to unpack those monstrous .cab files aimed for Win10 and extract a microcode hidden somewhere, but this is stupid. Do you have the download links for the standalone microcode updates?
Best regards, Mike Banon
On Thu, Apr 12, 2018 at 11:01 AM, Taiidan@gmx.com Taiidan@gmx.com wrote:
AMD kept their promise. https://www.bleepingcomputer.com/news/hardware/amd-releases-spectre-v2-micro...