cvs commit: src/sys/amd64/amd64 mp_machdep.c src/sys/i386/i386 mp_machdep.c

Xin LI delphij at delphij.net
Fri Nov 9 11:34:31 PST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nate Lawson wrote:
[...]
> Careful coding can address most side channel attacks, but I still think
> OS's need a standard API for a stealth mode where a privileged process
> can request exclusive access to the CPU it is running on for a short
> quantum, with a guarantee that they will not be preempted unless they
> exceed that quantum.  Additional support for cleaning the
> microarchitectural side effects (cache, BTB, etc.) would be a bonus.  I
> don't know of any standards efforts in this area but it might be
> interesting to note.  Fast implementations of AES are a good example
> where such support is needed since it is impossible to eliminate cache
> timing differences of the table lookups without such a mode.
> 
> [1] OpenSSL 0.9.7h, change 10/2005 by Matthew D. Wood of Intel,
> http://www.openssl.org/news/changelog.html
> [2] OpenSSL 0.9.8f, change 10/2007 by Matthew D. Wood of Intel,
> http://www.openssl.org/news/changelog.html

Sorry for hijacking this thread, are we going to import a new OpenSSL
release?  Sounds like we have to do a full package build if we want to
do that...

Cheers,
- --
Xin LI <delphij at delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFHNLYphcUczkLqiksRAq66AJ9ZCjTdnTdDZFtLxrPfxPizzmL7WgCdEvjW
DLdgSd2sknd8e1gbOTtdExQ=
=ycpp
-----END PGP SIGNATURE-----


More information about the cvs-src mailing list