cvs commit: src/sys/amd64/amd64 mp_machdep.c src/sys/i386/i386
mp_machdep.c
Colin Percival
cperciva at freebsd.org
Fri Nov 9 00:27:52 PST 2007
Kris Kennaway wrote:
> Colin Percival wrote:
>> Change the default for hyperthreading (or, generally speaking, cases
>> where the L1 cache is shared between CPUs) to disabled for security
>> reasons. As in earlier releases, this can be changed by setting
>> machdep.hyperthreading_allowed=1 in /boot/loader.conf.
>> This is not an MFC -- no seatbelts in CURRENT.
>
> What are you waiting for to happen in HEAD,
To quote core@, whom I agree with on this point:
We think this decision should be revisited once at least one of the
following occur: new crypto code is made available by crypto vendors to
address cache-related attacks, or sufficient work is performed on
scheduling and protection mechanisms to prevent the attack from being
exploited.
> and what work are you doing
> to expedite that?
When I have time, I'm working on a cryptographic library which is designed
from the ground up to be immune to timing and cache-based side channel attacks.
Unfortunately my time has been rather limited lately due to the pressing need
to eat, but if you know any companies which would be interested in sponsoring
this work I'd be very happy to hear from them.
Colin Percival
More information about the cvs-all
mailing list