[coreboot] When does AMD release the fam15 spectre microcode updates?
Taiidan at gmx.com
Taiidan at gmx.com
Thu Mar 29 20:39:50 CEST 2018
On 02/18/2018 07:03 AM, Rudolf Marek wrote:
> Hi,
Thanks for the detailed reply :]
> What do you want to protect?
I just looked at the AMD page saw they said they would be releasing
updates and I figured I should have them even though there is no
description of as to what they actually will do.
> If you want to protect the kernel, retpolines are OK on AMD.
> And you don't need any microcode update. Your CPU needs to have SMEP, otherwise
> you would need to clear RSB on CPL change (the paper on mentined page says that you need to do that
> always, but at least on Ryzen, the attack using RSB is not working (we tried that out, maybe it works
> only on some circumstances).
>
> If you want to protect userspace, the RSB will be clear by IBPB (which you would need if you don't have userspace compiled
> with retpolines). I don't know if intel clears RSB on IBPB... probably not
>
> To sum it up on AMD:
>
> kernel:
> retpolines, RSB clear on CPL change on CPU without SMEP (see above)
>
> userspace:
> retpolines, RSB clear on context switch necessary or IBPB (needs microcode update).
>
> Plus make sure you enable "LFENCE is dispatch serializing" - perhaps coreboot can do that :) it is simple
> MSR write on fam 10h 12h+ the fam 11h and 0fh dont have this MSR but LFENCE is dispatch serilizing.
Hmm do you have more info links about this?
> Besides that, you don't need any microcode update.
>
> Plus of course there is a spectre variant 1, which is more difficult to mitigate, basically you need to check all the software
> and look for any pattern like array_x[array_z[untrusted_index] * any transformation].
>
> The first access would leak just address (ASLR defated), second will leak data.
> The variant 1 works on user/user attack and as well as user/kernel.
>
> As far I know there are no automated tools to check for this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xDF372A17.asc
Type: application/pgp-keys
Size: 5247 bytes
Desc: not available
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180329/b76b9891/attachment.skr>
More information about the coreboot
mailing list