lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 22 Jun 2020 11:34:01 +0200
From:   Boris Petkov <bp@...en8.de>
To:     Dave Hansen <dave.hansen@...el.com>,
        Andy Lutomirski <luto@...nel.org>,
        Richard Hughes <hughsient@...il.com>
CC:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Daniel Gutson <daniel@...ypsium.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, X86 ML <x86@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>, Arnd Bergmann <arnd@...db.de>,
        Peter Zijlstra <peterz@...radead.org>,
        "David S. Miller" <davem@...emloft.net>,
        Rob Herring <robh@...nel.org>, Tony Luck <tony.luck@...el.com>,
        Rahul Tanwar <rahul.tanwar@...ux.intel.com>,
        Xiaoyao Li <xiaoyao.li@...el.com>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Ability to read the MKTME status from userspace

On June 19, 2020 10:24:23 PM GMT+02:00, Dave Hansen <dave.hansen@...el.com> wrote:
>On 6/19/20 1:20 PM, Andy Lutomirski wrote:
>> Boris, etc: would it be reasonable to add a list of CPU features that
>> are present but turned off by firmware?  SME is far from the only
>> thing that's frequently in this category.  x2apic, fast strings, and
>> virtualization come to mind.
>
>Sounds sane to me.  I like the idea of proving ammo to end users to
>either go flip a BIOS switch, or yell at their firmware vendor.

Sure if the reenabling the feature in BIOS would enable the support. Which is not the case with TME, as ypu pointed out, so I'm not sure a list CPU features which are present but turned off in firmware, is enough.

I'm thinking more along the lines of adding freetext doc for such "complex" to enable features which explains to users what and where to check, what to switch on and off and what other prerequisites can be...

And yes, it is ugly. ;-/

-- 
Sent from a small device: formatting sux and brevity is inevitable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ