[coreboot] Rowhammer mitigation: RH activation probability

Fri Dec 14 23:36:57 CET 2018

Upon doing more research I am noting in regards to my previous post
about vendors who claimed to solve the problem by doubling the RAM
refresh rate in their firmware that according to [1] it only postpones
the problem rather than eliminating it.

[1]
https://googleprojectzero.blogspot.de/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

On 12/14/2018 03:20 AM, Nico Huber wrote:> On 07.12.18 22:46,
Taiidan at gmx.com wrote:
>> rowhammer is almost entirely a laptop problem or for that matter
>> anything that uses SODIMM's due to their high density.
>
> That doesn't seem right. Can you give any examples of chips commonly
> used on SO-DIMMs that can't be found on DIMMs?

Ahhh good point commodity parts.

> I had the feeling you find the same chips on both. SO-DIMMs often host
16 chips. If you'd
> want the same capacity on a DIMM with less chip density, you'd need
> 32 chips (or physically bigger chips). Never seen that (though didn't
> look for it either).

I had read it somewhere awhile back when the problem first appeared
stating that it didn't appear as much in desktops and servers due to
lower density RAM which made sense to me considering the size difference
I also tested my various home computers and only my laptops had a
problem not the desktops/servers (all have ecc but it didn't show any
errors) so I figured that it was an accurate statement. This shows the
value of going back to quickly research something before providing the
statement (and having others who aren't me to review!)

On 12/14/2018 12:21 PM, ron minnich wrote:

> So, at first we have a non-specific ad-hominem attack:

I want people to get the best advice possible (hence my list of
alternative sources) and while I can cite examples I am prohibited from
potentially starting arguments about them so I do not want to.

To me providing good advice is important since someone reading it could
be facing a life or death situation such as a journalist in a hostile
country and why I always apologize and note a correction if I give wrong
advice. I am also a better sysadmin than I am a programmer so I
concentrate on my strong points.

> 
> On Fri, Dec 7, 2018 at 1:53 PM Taiidan at gmx.com <Taiidan at gmx.com> wrote:
>> I would like to note that company has provided poor security advice on a
>> variety of occasions
> 
> followed by poor security advice:
> 
>> rowhammer is almost entirely a laptop problem or for that matter
>> anything that uses SODIMM's due to their high density.
> 
> which is immediately disproven with a 3 term search on google:
> https://cloud.google.com/blog/products/gcp/7-ways-we-harden-our-kvm-hypervisor-at-google-cloud-security-in-plaintext
> 
> "The Google Project Zero team led the way in discovering practical
> Rowhammer attacks against client platforms. Google production machines
> use double refresh rate to reduce errors, and ECC RAM that detects and
> corrects Rowhammer-induced errors."
> 
> so, please all, no ad-hominem attacks, and if you're going to make a
> technical claim, please be ready to provide justification.

I had read it in a whitepaper somewhere and I am attempting to find out
where.

That is a good idea to have a citation on hand for claims like this and
I will do so from now on as if I were editing the wiki.

> 
> thanks
> 
> ron

If a post of mine is not acceptable then I encourage you or others to
exorcise your right to deny it as sometimes I do not realize what is and
what isn't considered okay.