cvs commit: src/sys/amd64/amd64 mp_machdep.c src/sys/i386/i386 mp_machdep.c

Xin LI delphij at
Fri Nov 9 11:34:31 PST 2007

Hash: SHA1

Nate Lawson wrote:
> Careful coding can address most side channel attacks, but I still think
> OS's need a standard API for a stealth mode where a privileged process
> can request exclusive access to the CPU it is running on for a short
> quantum, with a guarantee that they will not be preempted unless they
> exceed that quantum.  Additional support for cleaning the
> microarchitectural side effects (cache, BTB, etc.) would be a bonus.  I
> don't know of any standards efforts in this area but it might be
> interesting to note.  Fast implementations of AES are a good example
> where such support is needed since it is impossible to eliminate cache
> timing differences of the table lookups without such a mode.
> [1] OpenSSL 0.9.7h, change 10/2005 by Matthew D. Wood of Intel,
> [2] OpenSSL 0.9.8f, change 10/2007 by Matthew D. Wood of Intel,

Sorry for hijacking this thread, are we going to import a new OpenSSL
release?  Sounds like we have to do a full package build if we want to
do that...

- --
Xin LI <delphij at>
FreeBSD - The Power to Serve!
Version: GnuPG v1.4.7 (FreeBSD)


More information about the cvs-src mailing list