Re: Intel/AMD Downfall/Inception Vulnerabilities

From: Matthew Seaman <matthew_at_FreeBSD.org>
Date: Mon, 21 Aug 2023 20:35:28 UTC
On 21/08/2023 09:06, Christos Chatzaras wrote:
> I am aware that work is currently being done for upcoming FreeBSD 14 
> release and there may not be available human resources, but is there 
> anyone working on this?

The FreeBSD project doesn't have the capability to fix this 
independently of the CPU manufacturer.  Any fix will take the form of 
updated microcode packages from Intel, which will need to be 
incorporated into existing ports for updating such things.  Keep an eye 
on the sysutils/cpu-microcode* ports for updates in the near future.

Yes, Intel has provided fixes for this particular problem.  Most major 
cloud providers have announced they've already applied fixes (or never 
were vulnerable in the first place.)

This is just the latest representative of an emerging class of side 
channel attacks on shared systems -- not just amd64: arm64 will no doubt 
have as-yet-undiscovered but similar problems.

I think the take-home story is "don't use important secrets or 
confitential data on physical hardware that is shared with untrusted users."

	Cheers,

	Matthew