And Phoronix have noted a 58% performance hit for the Haswell generation when the patches are applied:
https://www.phoronix.com/scan.php?page= ... l-gen7-hit
FFS...

Security tracker: https://security-tracker.debian.org/tra ... 2019-14615
Head_on_a_Stick wrote:Yet more evidence that Intel are a bunch of clueless clowns: https://www.intel.com/content/www/us/en ... 00314.html
And Phoronix have noted a 58% performance hit for the Haswell generation when the patches are applied:
https://www.phoronix.com/scan.php?page= ... l-gen7-hit
Security tracker: https://security-tracker.debian.org/tra ... 2019-14615
neuraleskimo wrote:what is your opinion of whether AMD is really doing better security or simply has other yet to be discovered bugs?
empty@E485:~ $ grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
empty@E485:~ $
Head_on_a_Stick wrote:Well I'm no expert on the subject...
Head_on_a_Stick wrote:Probably still worth disabling SMT for security-critical systems though, even for AMD. That's what OpenBSD does.
~# grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.
Hallvor wrote:doesn't it require physical access?
Head_on_a_Stick wrote:Yet more evidence that Intel are a bunch of clueless clowns: https://www.intel.com/content/www/us/en ... 00314.html
And Phoronix have noted a 58% performance hit for the Haswell generation when the patches are applied:
https://cuteplushies.net/
FFS...
Security tracker: https://security-tracker.debian.org/tra ... 2019-14615
Users browsing this forum: No registered users and 6 guests