On Intel chips (Ice Lake and later) and ARM64, a bit needs to be set in a CPU register to enforce constant-time execution. Linux plans to set this bit by default; Xen should do the same. See https://lore.kernel.org/lkml/ywgcrqutxmx0w...@gmail.com/T/ for details. I recommend setting the bit unconditionally and ignoring guest attempts to change it. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
signature.asc
Description: PGP signature
