[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intel Microcode updates

On 10/06/19 20:31, Michael Stone wrote:
On Mon, Jun 10, 2019 at 07:46:47PM +0200, Davide Prina wrote:
On 10/06/19 13:16, Michael Stone wrote:
Your CPU is not supported my Intel, so you either accept the risk or buy a new one.

you have another choice: disable the SMP & C. and all mitigation form Linux

That's not correct, but will set your performance back 20 years.

why is it not correct?

I have read that most of this hardware bug is related to the execution of the possible future operation, while the system is executing the actual operation.

OK this solution will slow down a lot your CPU.

* you will get only mitigation and not bug correction. Mitigation == the attack is more hard, but it can be done successfully. I don't have

That is also not correct.


I have read that some variant of the initial bug cannot be mitigated with the initial solution and so they have create a different mitigation. I have read that the bug let you read a bit a time and get in data that you don't have permission to read with a good probability and in a little time; the patch let this process be more difficult to implement and need more time to be used to the same task.

I have also read that some hardware bug solution are not implementable with software (firmware), so the only thing you can do is to mitigate this problem.

* your CPU run slower because of these mitigation (I have rad that for some task you can have 50% or less performance),

That depends on the CPU, some see significant impacts, others see none or were never vulnerable to some of these issues.

that true, but I never read that a processor type with a spectre/meltdown/& C. have been released with a new CPU version that is immune to this bug, so you always need this software mitigation.

So you buy a CPU that his power need to be "partially" used to mitigate some hardware bug while it run "real" processes

There's enough misinformation about this class of attacks without spreading more...

I have try to read the research that describe those hardware bugs, probably I don't have understand all or I don't have read all the document... you can write some more and try do correct what I don't have understand... and if you give us some link... :-)

* new hardware bugs and variant of previous bugs are found constantly, so we need a new CPU class designed for security. I have read that some people want to create a new CPU under free license, I think that is the only solution that we can trust

For those who want to use a computer now, that's not particularly helpful.

or it will be?

I have read that researchers have start to search for hardware bug only recently and hardware manufacturers have designed they hardware without take security in consideration. Also, I have read, that researches are now developing new tools that let them investigate for hardware bug. Some expert say that the bug actually found are only the small part of the iceberg that emerge from the see and some say that soon we will see hardware bug that let attacker also write other processes data.

In this "catastrophic" scenario, I think, that knowing the problematic of the hardware are you buying is important. Also knowing that someone is building a better hardware with free license, with all schematics and sources available, ... can be a very useful information and this can make more people contribute (also with only money) to let this dream to be realized in a near future.


Reply to: