| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Mar 2011 13:53:35 -0700 From: Burt Triplett <burt@...triplett.org> To: Henrique de Moraes Holschuh <hmh@....eng.br> CC: linux-kernel@...r.kernel.org Subject: Re: BITS handling of CPU microcode updates On 03/23/2011 05:14 PM, Henrique de Moraes Holschuh wrote: > On Mon, 21 Mar 2011, Burt Triplett wrote: >> The Intel SDM correctly identifies microcode revision numbers as >> signed. However, a simple signed comparison doesn't actually >> capture the correct logic, nor does an unsigned comparison, though >> in both cases the problem doesn't tend to come up in common cases. > > ... > >> Tools which run automatically, without explicit user action, should >> not attempt to load a microcode if (X< 0) and (Z> 0). Doing so >> makes life very difficult for people in those test lab environments: >> they put a microcode they want to test in the BIOS or load it via >> BITS, but then the OS driver automatically overrides it with the >> latest production microcode. So, tools which run automatically >> without explicit user action should follow this rule: >> if ((Z < 0) || (Z > 0 && X > 0 && Z > X)) load_microcode(); > > Very well, I will send patches to fix that behaviour, as well as some > other stuff I noticed that was not updated to match the recommended > actions documented by the SDM and some Intel application notes. Thanks! Out of curiosity, which other discrepancies did you encounter? Also, please CC me on the patch, and I'll review the changes. >> If microcode_ctl added an option to distinguish these two cases, it >> could apply the alternative logic when explicitly requested. > > Indeed, the userspace and internal kernel API don't support that at this > time. > > Now, we could change them I suppose, but it doesn't look like a worthwhile > effort to change the microcode core and APIs for something that would be > of limited use even inside an Intel lab. Agreed; in general such microcode will get loaded before booting Linux, not via the Linux microcode driver. > Unless there is a reason to support online microcode downgrading, that is. > Does it? Currently, the rare case of a microcode downgrade will only > happen at the next boot. No, the driver doesn't need to support this case. - Burt Triplett -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists