[coreboot] coreboot Digest, Vol 166, Issue 16

claudio T tclaudio5 at gmail.com
Mon Dec 17 00:09:10 CET 2018 

Il 16/dic/2018 12:01 PM, <coreboot-request at coreboot.org> ha scritto:

Send coreboot mailing list submissions to
        coreboot at coreboot.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://mail.coreboot.org/mailman/listinfo/coreboot
or, via email, send a message with subject or body 'help' to
        coreboot-request at coreboot.org

You can reach the person managing the list at
        coreboot-owner at coreboot.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of coreboot digest..."


Today's Topics:

   1. Re: Rowhammer mitigation: RH activation probability
      (Taiidan at gmx.com)
   2. Re: Rowhammer mitigation: RH activation probability
      (Carl-Daniel Hailfinger)
   3. coreboot 4.9 release scheduled for Dec 20th (Patrick Georgi)


----------------------------------------------------------------------

Message: 1
Date: Fri, 14 Dec 2018 17:36:57 -0500
From: "Taiidan at gmx.com" <Taiidan at gmx.com>
To: coreboot at coreboot.org
Subject: Re: [coreboot] Rowhammer mitigation: RH activation
        probability
Message-ID: <279ff836-2525-798d-985f-dc3b122e78e7 at gmx.com>
Content-Type: text/plain; charset=utf-8

Upon doing more research I am noting in regards to my previous post
about vendors who claimed to solve the problem by doubling the RAM
refresh rate in their firmware that according to [1] it only postpones
the problem rather than eliminating it.

[1]
https://googleprojectzero.blogspot.de/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

On 12/14/2018 03:20 AM, Nico Huber wrote:> On 07.12.18 22:46,
Taiidan at gmx.com wrote:
>> rowhammer is almost entirely a laptop problem or for that matter
>> anything that uses SODIMM's due to their high density.
>
> That doesn't seem right. Can you give any examples of chips commonly
> used on SO-DIMMs that can't be found on DIMMs?

Ahhh good point commodity parts.

> I had the feeling you find the same chips on both. SO-DIMMs often host
16 chips. If you'd
> want the same capacity on a DIMM with less chip density, you'd need
> 32 chips (or physically bigger chips). Never seen that (though didn't
> look for it either).

I had read it somewhere awhile back when the problem first appeared
stating that it didn't appear as much in desktops and servers due to
lower density RAM which made sense to me considering the size difference
I also tested my various home computers and only my laptops had a
problem not the desktops/servers (all have ecc but it didn't show any
errors) so I figured that it was an accurate statement. This shows the
value of going back to quickly research something before providing the
statement (and having others who aren't me to review!)


On 12/14/2018 12:21 PM, ron minnich wrote:

> So, at first we have a non-specific ad-hominem attack:

I want people to get the best advice possible (hence my list of
alternative sources) and while I can cite examples I am prohibited from
potentially starting arguments about them so I do not want to.

To me providing good advice is important since someone reading it could
be facing a life or death situation such as a journalist in a hostile
country and why I always apologize and note a correction if I give wrong
advice. I am also a better sysadmin than I am a programmer so I
concentrate on my strong points.

>
> On Fri, Dec 7, 2018 at 1:53 PM Taiidan at gmx.com <Taiidan at gmx.com> wrote:
>> I would like to note that company has provided poor security advice on a
>> variety of occasions
>
> followed by poor security advice:
>
>> rowhammer is almost entirely a laptop problem or for that matter
>> anything that uses SODIMM's due to their high density.
>
> which is immediately disproven with a 3 term search on google:
>
https://cloud.google.com/blog/products/gcp/7-ways-we-harden-our-kvm-hypervisor-at-google-cloud-security-in-plaintext
>
> "The Google Project Zero team led the way in discovering practical
> Rowhammer attacks against client platforms. Google production machines
> use double refresh rate to reduce errors, and ECC RAM that detects and
> corrects Rowhammer-induced errors."
>
> so, please all, no ad-hominem attacks, and if you're going to make a
> technical claim, please be ready to provide justification.

I had read it in a whitepaper somewhere and I am attempting to find out
where.

That is a good idea to have a citation on hand for claims like this and
I will do so from now on as if I were editing the wiki.

>
> thanks
>
> ron

If a post of mine is not acceptable then I encourage you or others to
exorcise your right to deny it as sometimes I do not realize what is and
what isn't considered okay.



------------------------------

Message: 2
Date: Sun, 16 Dec 2018 01:02:28 +0100
From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
To: "Taiidan at gmx.com" <Taiidan at gmx.com>, coreboot at coreboot.org
Subject: Re: [coreboot] Rowhammer mitigation: RH activation
        probability
Message-ID: <cb7658dd-dc3c-1e91-5bef-046e4beb150a at gmx.net>
Content-Type: text/plain; charset=UTF-8

Actually, the latest Rowhammer attack is harder to exploit on laptops
due to the power saving features for row activation. Servers use a
different row activation strategy which has better performance, but also
enables one-location hammering.
See Gruss, Lipp, Schwarz, Genkin et al.:
Another Flip in the Wall of Rowhammer Defenses
2018 IEEE Symposium on Security and Privacy

Regards,
Carl-Daniel

On 14.12.2018 23:36, Taiidan at gmx.com wrote:
> Upon doing more research I am noting in regards to my previous post
> about vendors who claimed to solve the problem by doubling the RAM
> refresh rate in their firmware that according to [1] it only postpones
> the problem rather than eliminating it.
>
> [1]
>
https://googleprojectzero.blogspot.de/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
>
> On 12/14/2018 03:20 AM, Nico Huber wrote:> On 07.12.18 22:46,
> Taiidan at gmx.com wrote:
>>> rowhammer is almost entirely a laptop problem or for that matter
>>> anything that uses SODIMM's due to their high density.
>> That doesn't seem right. Can you give any examples of chips commonly
>> used on SO-DIMMs that can't be found on DIMMs?
> Ahhh good point commodity parts.
>
>> I had the feeling you find the same chips on both. SO-DIMMs often host
> 16 chips. If you'd
>> want the same capacity on a DIMM with less chip density, you'd need
>> 32 chips (or physically bigger chips). Never seen that (though didn't
>> look for it either).
> I had read it somewhere awhile back when the problem first appeared
> stating that it didn't appear as much in desktops and servers due to
> lower density RAM which made sense to me considering the size difference
> I also tested my various home computers and only my laptops had a
> problem not the desktops/servers (all have ecc but it didn't show any
> errors) so I figured that it was an accurate statement. This shows the
> value of going back to quickly research something before providing the
> statement (and having others who aren't me to review!)
>
>
> On 12/14/2018 12:21 PM, ron minnich wrote:
>
>> So, at first we have a non-specific ad-hominem attack:
> I want people to get the best advice possible (hence my list of
> alternative sources) and while I can cite examples I am prohibited from
> potentially starting arguments about them so I do not want to.
>
> To me providing good advice is important since someone reading it could
> be facing a life or death situation such as a journalist in a hostile
> country and why I always apologize and note a correction if I give wrong
> advice. I am also a better sysadmin than I am a programmer so I
> concentrate on my strong points.
>
>> On Fri, Dec 7, 2018 at 1:53 PM Taiidan at gmx.com <Taiidan at gmx.com> wrote:
>>> I would like to note that company has provided poor security advice on a
>>> variety of occasions
>> followed by poor security advice:
>>
>>> rowhammer is almost entirely a laptop problem or for that matter
>>> anything that uses SODIMM's due to their high density.
>> which is immediately disproven with a 3 term search on google:
>>
https://cloud.google.com/blog/products/gcp/7-ways-we-harden-our-kvm-hypervisor-at-google-cloud-security-in-plaintext
>>
>> "The Google Project Zero team led the way in discovering practical
>> Rowhammer attacks against client platforms. Google production machines
>> use double refresh rate to reduce errors, and ECC RAM that detects and
>> corrects Rowhammer-induced errors."
>>
>> so, please all, no ad-hominem attacks, and if you're going to make a
>> technical claim, please be ready to provide justification.
> I had read it in a whitepaper somewhere and I am attempting to find out
> where.
>
> That is a good idea to have a citation on hand for claims like this and
> I will do so from now on as if I were editing the wiki.
>
>> thanks
>>
>> ron
> If a post of mine is not acceptable then I encourage you or others to
> exorcise your right to deny it as sometimes I do not realize what is and
> what isn't considered okay.
>




------------------------------

Message: 3
Date: Sun, 16 Dec 2018 10:09:28 +0100
From: Patrick Georgi <pgeorgi at google.com>
To: coreboot <coreboot at coreboot.org>
Subject: [coreboot] coreboot 4.9 release scheduled for Dec 20th
Message-ID:
        <CAE-gjdVkT-YZEiZwSykUAby9wQ+xy-9Zs6HvJWG5H4_vxKhjNg at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi everybody,

just a friendly reminder that I plan to do the coreboot 4.9 release on Dec
20th, which is

next Thursday!

Please test master, report or fix issues and be considerate with what
you're merging (ie. maybe don't land the Rewrite Of Everything before the
release). I'd like to avoid the need to spin a 4.9.1 release :-)

Also take a look at the tentative release notes at
https://piratenpad.de/p/S8slYOeag and add the changes of the last ~8 months
that you think warrant a shout-out.


Thanks,
Patrick
-- 
Google Germany GmbH, ABC-Str. 19, 20354 Hamburg
Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft:
Hamburg
Gesch?ftsf?hrer: Paul Manicle, Halimah DeLaine Prado
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://mail.coreboot.org/pipermail/coreboot/attachments/20181216/544ffd1d/attachment-0001.html
>

------------------------------

Subject: Digest Footer

_______________________________________________
coreboot mailing list
coreboot at coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot


------------------------------

End of coreboot Digest, Vol 166, Issue 16
*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20181217/325190e1/attachment.html>

More information about the coreboot mailing list