Il 16/dic/2018 12:01 PM, coreboot-request@coreboot.org ha scritto:
Send coreboot mailing list submissions to coreboot@coreboot.org
To subscribe or unsubscribe via the World Wide Web, visit https://mail.coreboot.org/mailman/listinfo/coreboot or, via email, send a message with subject or body 'help' to coreboot-request@coreboot.org
You can reach the person managing the list at coreboot-owner@coreboot.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of coreboot digest..."
Today's Topics:
1. Re: Rowhammer mitigation: RH activation probability (Taiidan@gmx.com) 2. Re: Rowhammer mitigation: RH activation probability (Carl-Daniel Hailfinger) 3. coreboot 4.9 release scheduled for Dec 20th (Patrick Georgi)
----------------------------------------------------------------------
Message: 1 Date: Fri, 14 Dec 2018 17:36:57 -0500 From: "Taiidan@gmx.com" Taiidan@gmx.com To: coreboot@coreboot.org Subject: Re: [coreboot] Rowhammer mitigation: RH activation probability Message-ID: 279ff836-2525-798d-985f-dc3b122e78e7@gmx.com Content-Type: text/plain; charset=utf-8
Upon doing more research I am noting in regards to my previous post about vendors who claimed to solve the problem by doubling the RAM refresh rate in their firmware that according to [1] it only postpones the problem rather than eliminating it.
[1] https://googleprojectzero.blogspot.de/2015/03/exploiting-dram-rowhammer-bug-...
On 12/14/2018 03:20 AM, Nico Huber wrote:> On 07.12.18 22:46, Taiidan@gmx.com wrote:
rowhammer is almost entirely a laptop problem or for that matter anything that uses SODIMM's due to their high density.
That doesn't seem right. Can you give any examples of chips commonly used on SO-DIMMs that can't be found on DIMMs?
Ahhh good point commodity parts.
I had the feeling you find the same chips on both. SO-DIMMs often host
16 chips. If you'd
want the same capacity on a DIMM with less chip density, you'd need 32 chips (or physically bigger chips). Never seen that (though didn't look for it either).
I had read it somewhere awhile back when the problem first appeared stating that it didn't appear as much in desktops and servers due to lower density RAM which made sense to me considering the size difference I also tested my various home computers and only my laptops had a problem not the desktops/servers (all have ecc but it didn't show any errors) so I figured that it was an accurate statement. This shows the value of going back to quickly research something before providing the statement (and having others who aren't me to review!)
On 12/14/2018 12:21 PM, ron minnich wrote:
So, at first we have a non-specific ad-hominem attack:
I want people to get the best advice possible (hence my list of alternative sources) and while I can cite examples I am prohibited from potentially starting arguments about them so I do not want to.
To me providing good advice is important since someone reading it could be facing a life or death situation such as a journalist in a hostile country and why I always apologize and note a correction if I give wrong advice. I am also a better sysadmin than I am a programmer so I concentrate on my strong points.
On Fri, Dec 7, 2018 at 1:53 PM Taiidan@gmx.com Taiidan@gmx.com wrote:
I would like to note that company has provided poor security advice on a variety of occasions
followed by poor security advice:
rowhammer is almost entirely a laptop problem or for that matter anything that uses SODIMM's due to their high density.
which is immediately disproven with a 3 term search on google:
https://cloud.google.com/blog/products/gcp/7-ways-we-harden-our-kvm-hypervis...
"The Google Project Zero team led the way in discovering practical Rowhammer attacks against client platforms. Google production machines use double refresh rate to reduce errors, and ECC RAM that detects and corrects Rowhammer-induced errors."
so, please all, no ad-hominem attacks, and if you're going to make a technical claim, please be ready to provide justification.
I had read it in a whitepaper somewhere and I am attempting to find out where.
That is a good idea to have a citation on hand for claims like this and I will do so from now on as if I were editing the wiki.
thanks
ron
If a post of mine is not acceptable then I encourage you or others to exorcise your right to deny it as sometimes I do not realize what is and what isn't considered okay.
------------------------------
Message: 2 Date: Sun, 16 Dec 2018 01:02:28 +0100 From: Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net To: "Taiidan@gmx.com" Taiidan@gmx.com, coreboot@coreboot.org Subject: Re: [coreboot] Rowhammer mitigation: RH activation probability Message-ID: cb7658dd-dc3c-1e91-5bef-046e4beb150a@gmx.net Content-Type: text/plain; charset=UTF-8
Actually, the latest Rowhammer attack is harder to exploit on laptops due to the power saving features for row activation. Servers use a different row activation strategy which has better performance, but also enables one-location hammering. See Gruss, Lipp, Schwarz, Genkin et al.: Another Flip in the Wall of Rowhammer Defenses 2018 IEEE Symposium on Security and Privacy
Regards, Carl-Daniel
On 14.12.2018 23:36, Taiidan@gmx.com wrote:
Upon doing more research I am noting in regards to my previous post about vendors who claimed to solve the problem by doubling the RAM refresh rate in their firmware that according to [1] it only postpones the problem rather than eliminating it.
[1]
https://googleprojectzero.blogspot.de/2015/03/exploiting-dram-rowhammer-bug-...
On 12/14/2018 03:20 AM, Nico Huber wrote:> On 07.12.18 22:46, Taiidan@gmx.com wrote:
rowhammer is almost entirely a laptop problem or for that matter anything that uses SODIMM's due to their high density.
That doesn't seem right. Can you give any examples of chips commonly used on SO-DIMMs that can't be found on DIMMs?
Ahhh good point commodity parts.
I had the feeling you find the same chips on both. SO-DIMMs often host
16 chips. If you'd
want the same capacity on a DIMM with less chip density, you'd need 32 chips (or physically bigger chips). Never seen that (though didn't look for it either).
I had read it somewhere awhile back when the problem first appeared stating that it didn't appear as much in desktops and servers due to lower density RAM which made sense to me considering the size difference I also tested my various home computers and only my laptops had a problem not the desktops/servers (all have ecc but it didn't show any errors) so I figured that it was an accurate statement. This shows the value of going back to quickly research something before providing the statement (and having others who aren't me to review!)
On 12/14/2018 12:21 PM, ron minnich wrote:
So, at first we have a non-specific ad-hominem attack:
I want people to get the best advice possible (hence my list of alternative sources) and while I can cite examples I am prohibited from potentially starting arguments about them so I do not want to.
To me providing good advice is important since someone reading it could be facing a life or death situation such as a journalist in a hostile country and why I always apologize and note a correction if I give wrong advice. I am also a better sysadmin than I am a programmer so I concentrate on my strong points.
On Fri, Dec 7, 2018 at 1:53 PM Taiidan@gmx.com Taiidan@gmx.com wrote:
I would like to note that company has provided poor security advice on a variety of occasions
followed by poor security advice:
rowhammer is almost entirely a laptop problem or for that matter anything that uses SODIMM's due to their high density.
which is immediately disproven with a 3 term search on google:
https://cloud.google.com/blog/products/gcp/7-ways-we-harden-our-kvm-hypervis...
"The Google Project Zero team led the way in discovering practical Rowhammer attacks against client platforms. Google production machines use double refresh rate to reduce errors, and ECC RAM that detects and corrects Rowhammer-induced errors."
so, please all, no ad-hominem attacks, and if you're going to make a technical claim, please be ready to provide justification.
I had read it in a whitepaper somewhere and I am attempting to find out where.
That is a good idea to have a citation on hand for claims like this and I will do so from now on as if I were editing the wiki.
thanks
ron
If a post of mine is not acceptable then I encourage you or others to exorcise your right to deny it as sometimes I do not realize what is and what isn't considered okay.
------------------------------
Message: 3 Date: Sun, 16 Dec 2018 10:09:28 +0100 From: Patrick Georgi pgeorgi@google.com To: coreboot coreboot@coreboot.org Subject: [coreboot] coreboot 4.9 release scheduled for Dec 20th Message-ID: CAE-gjdVkT-YZEiZwSykUAby9wQ+xy-9Zs6HvJWG5H4_vxKhjNg@mail.gmail.com Content-Type: text/plain; charset="utf-8"
Hi everybody,
just a friendly reminder that I plan to do the coreboot 4.9 release on Dec 20th, which is
next Thursday!
Please test master, report or fix issues and be considerate with what you're merging (ie. maybe don't land the Rewrite Of Everything before the release). I'd like to avoid the need to spin a 4.9.1 release :-)
Also take a look at the tentative release notes at https://piratenpad.de/p/S8slYOeag and add the changes of the last ~8 months that you think warrant a shout-out.
Thanks, Patrick
-
claudio T