lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190905222706.GA4422@otc-nc-03>
Date:   Thu, 5 Sep 2019 15:27:06 -0700
From:   "Raj, Ashok" <ashok.raj@...el.com>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Borislav Petkov <bp@...en8.de>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Mihai Carabas <mihai.carabas@...cle.com>,
        "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>,
        Jon Grimm <Jon.Grimm@....com>, kanth.ghatraju@...cle.com,
        konrad.wilk@...cle.com, patrick.colp@...cle.com,
        Tom Lendacky <thomas.lendacky@....com>,
        x86-ml <x86@...nel.org>, linux-kernel@...r.kernel.org,
        Ashok Raj <ashok.raj@...el.com>
Subject: Re: [PATCH] x86/microcode: Add an option to reload microcode even if
 revision is unchanged

Hi Thomas,


On Thu, Sep 05, 2019 at 11:22:31PM +0200, Thomas Gleixner wrote:
> Raj,
> 
> On Thu, 5 Sep 2019, Raj, Ashok wrote:
> > On Thu, Sep 05, 2019 at 09:20:29AM +0200, Borislav Petkov wrote:
> > > On Wed, Sep 04, 2019 at 05:21:32PM -0700, Raj, Ashok wrote:
> > > > But echo 2 > reload would allow reading a microcode file from 
> > > > /lib/firmware/intel-ucode/ even if the revision hasn't changed right?
> > > > 
> > > > #echo 1 > reload wouldn't load if the revision on disk is same as what's loaded,
> > > > and we want to permit that with the echo 2 option.
> > > 
> > > Then before we continue with this, please specify what the exact
> > > requirements are. Talk to your microcoders or whoever is going to use
> > > this and give the exact use cases which should be supported and describe
> > > them in detail.
> > 
> > https://lore.kernel.org/lkml/1567056803-6640-1-git-send-email-ashok.raj@intel.com/
> > 
> > The original description said to load a new microcode file, the content
> > could have changed, but revision in the header hasn't increased. 
> > 
> > The other rules are same, i.e we can't go backwards. There is another
> > SVN (Security version number) embedded in the microcode which won't allow
> > going backwards anyway. 
> > 
> > I'll get back to you if there are additional uses, but allowing the facility to 
> > actually read the file achieves the same purpose as using the in-kernel copy.
> > 
> > I have used it multiple times during development :-)
> 
> That's all nice, but what it the general use case for this outside of Intel's
> microcode development and testing?
> 
> We all know that late microcode loading has severe limitations and we
> really don't want to proliferate that further if not absolutely required

Several customers have asked this to check the safety of late loads. They want
to validate in production setup prior to rolling late-load to all production systems.

Thanks
Ashok

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ