Re: Side channel vulnerabilities

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: Side channel vulnerabilities
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Mon, 6 Sep 2021 10:33:20 +0200

On Mon, Sep 06, 2021 at 08:14:28AM +0000, Emmanuel Dreyfus wrote:
> On Mon, Sep 06, 2021 at 09:55:09AM +0200, Manuel Bouyer wrote:
> > AFAIK with the latest pkgsrc Xen versions we are safe.
> > But this also depends on the CPU model and microcode version, which
> > makes it even more tricky to track down. In some cases a microcode or
> > BIOS update may be needed.
> 
> It there a way to check stats? I read that there is a L1TF shadowing
> workaround, but that is works only for 64 bis domU

One would need to check for the security issues about the specific CPU
from Intel or AMD. You could also check the Xen SAs for details.

> And is there a minimal NetBSD kernel version required?

No, all countermeasures that can be implemented in software have to be
in the Xen kernel, not in the guests.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

References:
- Side channel vulnerabilities
  - From: Emmanuel Dreyfus
- Re: Side channel vulnerabilities
  - From: Manuel Bouyer
- Re: Side channel vulnerabilities
  - From: Emmanuel Dreyfus

Prev by Date: Re: Side channel vulnerabilities
Next by Date: HEAD UP: 32bits PV guests deprecated upstream
Previous by Thread: Re: Side channel vulnerabilities
Next by Thread: HEAD UP: 32bits PV guests deprecated upstream
Indexes:

Home | Main Index | Thread Index | Old Index