On 10/06/19 20:31, Michael Stone wrote:
On Mon, Jun 10, 2019 at 07:46:47PM +0200, Davide Prina wrote:
On 10/06/19 13:16, Michael Stone wrote:
Your CPU is not supported my Intel, so you either accept the risk or
buy a new one.
you have another choice: disable the SMP & C. and all mitigation form
Linux
That's not correct, but will set your performance back 20 years.
why is it not correct?
I have read that most of this hardware bug is related to the execution
of the possible future operation, while the system is executing the
actual operation.
OK this solution will slow down a lot your CPU.
* you will get only mitigation and not bug correction. Mitigation ==
the attack is more hard, but it can be done successfully. I don't have
That is also not correct.
why?
I have read that some variant of the initial bug cannot be mitigated
with the initial solution and so they have create a different mitigation.
I have read that the bug let you read a bit a time and get in data that
you don't have permission to read with a good probability and in a
little time; the patch let this process be more difficult to implement
and need more time to be used to the same task.
I have also read that some hardware bug solution are not implementable
with software (firmware), so the only thing you can do is to mitigate
this problem.
* your CPU run slower because of these mitigation (I have rad that for
some task you can have 50% or less performance),
That depends on the CPU, some see significant impacts, others see none
or were never vulnerable to some of these issues.
that true, but I never read that a processor type with a
spectre/meltdown/& C. have been released with a new CPU version that is
immune to this bug, so you always need this software mitigation.
So you buy a CPU that his power need to be "partially" used to mitigate
some hardware bug while it run "real" processes
There's enough misinformation about this class of attacks without
spreading more...
I have try to read the research that describe those hardware bugs,
probably I don't have understand all or I don't have read all the
document... you can write some more and try do correct what I don't have
understand... and if you give us some link... :-)
* new hardware bugs and variant of previous bugs are found constantly,
so we need a new CPU class designed for security. I have read that
some people want to create a new CPU under free license, I think that
is the only solution that we can trust
For those who want to use a computer now, that's not particularly helpful.
or it will be?
I have read that researchers have start to search for hardware bug only
recently and hardware manufacturers have designed they hardware without
take security in consideration. Also, I have read, that researches are
now developing new tools that let them investigate for hardware bug.
Some expert say that the bug actually found are only the small part of
the iceberg that emerge from the see and some say that soon we will see
hardware bug that let attacker also write other processes data.
In this "catastrophic" scenario, I think, that knowing the problematic
of the hardware are you buying is important. Also knowing that someone
is building a better hardware with free license, with all schematics and
sources available, ... can be a very useful information and this can
make more people contribute (also with only money) to let this dream to
be realized in a near future.
Ciao
Davide
