Re: Realizing Good Ideas with Debian Money

To: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: debian-project@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: Realizing Good Ideas with Debian Money
From: Russ Allbery <rra@debian.org>
Date: Sat, 01 Jun 2019 15:10:25 -0700
Message-id: <[🔎] 87v9xpvtwu.fsf@hope.eyrie.org>
In-reply-to: <[🔎] 20190601205427.k53ciasxi7la6ekr@localhost.localdomain> (G. Branden Robinson's message of "Sun, 2 Jun 2019 06:54:30 +1000")
References: <867eactobs.fsf@benfinney.id.au> <tslef4kf6z7.fsf@suchdamage.org> <20190529064355.vudv3ty7nctm74lj@an3as.eu> <20190529065030.GE7793@belkar.wrar.name> <20190529083842.GD2260@home.ouaza.com> <05b29c695bb2ee0a7c116d5ddaaaebaf@debian.org> <tslblzl8oqi.fsf_-_@suchdamage.org> <20190531203242.GA6108@localhost> <20190531210424.btsddbv2eeugpvfv@snafu.emyr.net> <[🔎] 3c2b2201-7c7e-fb4c-34ce-4a22c99f1a1b@philkern.de> <[🔎] 20190601205427.k53ciasxi7la6ekr@localhost.localdomain>

"G. Branden Robinson" <g.branden.robinson@gmail.com> writes:

> My two cents[4] is that DSA should make its purchasing and hardware
> solicitation decisions with the architectural security issue fairly far
> down the priority list.  It saddens me to say that, but this new class
> of exploits, what van Schaik et al. call "microarchitectural data
> sampling" (MDS), is a playground for security researchers right now; a
> big rock has been turned over and bugs are erupting from the soil in a
> squamous frenzy.  It will take months or years for the situation to
> settle down.

> To acquire hardware based on what is known today is to risk buyer's
> remorse.  Plan on inescapable remorse later; every chip vendor will let
> us down until corporate managers learn to treat confidentiality and
> integrity as feature rather than cost centers.  (And count on them to
> forget what they've learned after a few quarters pass without
> embarassing headlines.)

+1 to this.  So far as I can tell, about the only thing that seems to
correlate with being less likely to have side-channel attacks is less
sophisticated scheduling pipelines and processor architecture (read:
simpler, slower processors).  And this area of security research is
changing very rapidly.  I would expect several more novel attacks to
surface.

Processors that don't have a bunch of non-free, unauditable bullshit as a
proprietary control plane would obviously be better, but you'd be paying a
prohibitive performance price (not to mention other issues).  There just
aren't any good options right now.  Buy (or accept donations of) whatever
makes sense for other reasons, and expect there to be mandatory microcode
updates, kernel and virtualization workarounds, and security bugs.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- Re: Realizing Good Ideas with Debian Money
  - From: Philipp Kern <pkern@debian.org>
- Re: Realizing Good Ideas with Debian Money
  - From: "G. Branden Robinson" <g.branden.robinson@gmail.com>

Prev by Date: Re: Realizing Good Ideas with Debian Money
Next by Date: Re: Realizing Good Ideas with Debian Money
Previous by thread: Re: Realizing Good Ideas with Debian Money
Next by thread: Re: Realizing Good Ideas with Debian Money
Index(es):
- Date
- Thread