Page MenuHomeFreeBSD
Differential D56332

rdseed: Disable rdseed on zen5
AbandonedPublic
Actions

Authored by aokblast on Thu, Apr 9, 1:31 PM.
Tags
None
Referenced Files
F153012300: D56332.id175181.diff
Sat, Apr 18, 3:11 PM
Unknown Object (File)
Sat, Apr 18, 11:37 AM
Unknown Object (File)
Sat, Apr 18, 10:56 AM
Unknown Object (File)
Fri, Apr 17, 9:02 PM
Unknown Object (File)
Fri, Apr 17, 4:43 AM
Unknown Object (File)
Thu, Apr 16, 6:53 AM
Unknown Object (File)
Wed, Apr 15, 1:30 PM
Unknown Object (File)
Tue, Apr 14, 1:21 PM
View All 14 Files
Subscribers
emaste
imp
markj
obrien

Details

Reviewers
kib
Group Reviewers
secteam

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 72082
Build 68965: arc lint + arc unit

Event Timeline

aokblast created this revision.Thu, Apr 9, 1:31 PM
Herald added a subscriber: imp. · View Herald TranscriptThu, Apr 9, 1:31 PM
aokblast requested review of this revision.Thu, Apr 9, 1:31 PM
Harbormaster completed remote builds in B72082: Diff 175181.Thu, Apr 9, 1:31 PM
Herald added a subscriber: obrien. · View Herald TranscriptThu, Apr 9, 1:31 PM
aokblast added parent revisions: D56330: x86: Add zen identifier helper function, D56331: ucode: Add ucode match helper function.Thu, Apr 9, 1:31 PM
aokblast added a reviewer: secteam.Thu, Apr 9, 2:41 PM
aokblast added a comment.Thu, Apr 9, 2:49 PM

I came across this in a Bugzilla report. As described in the commit message, it may pollute the system entropy pool. Although the microcode fix is already included in the latest AGESA release from earlier this year—so systems with updated BIOS firmware should be unaffected, not all users regularly update their BIOS, and not all vendors have distributed the patch.

Given that, I think this issue is still worth taking a closer look.

emaste added a reviewer: kib.Thu, Apr 9, 3:35 PM
emaste added a subscriber: emaste.
markj added a subscriber: markj.Thu, Apr 9, 3:42 PM
In D56332#1288887, @aokblast wrote:

I came across this in a Bugzilla report. As described in the commit message, it may pollute the system entropy pool. Although the microcode fix is already included in the latest AGESA release from earlier this year—so systems with updated BIOS firmware should be unaffected, not all users regularly update their BIOS, and not all vendors have distributed the patch.

Given that, I think this issue is still worth taking a closer look.

Per https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html (and the linked thread), only rdseed with a 16-bit or 32-bit operand is affected, but here it's a 64-bit output.

aokblast abandoned this revision.Thu, Apr 9, 3:49 PM
In D56332#1288903, @markj wrote:
In D56332#1288887, @aokblast wrote:

I came across this in a Bugzilla report. As described in the commit message, it may pollute the system entropy pool. Although the microcode fix is already included in the latest AGESA release from earlier this year—so systems with updated BIOS firmware should be unaffected, not all users regularly update their BIOS, and not all vendors have distributed the patch.

Given that, I think this issue is still worth taking a closer look.

Per https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html (and the linked thread), only rdseed with a 16-bit or 32-bit operand is affected, but here it's a 64-bit output.

Oh, I didn't see this. Thanks! It seems that Linux Kernel just mask this feature for all the cases (also 64 bits).

aokblast mentioned this in D56331: ucode: Add ucode match helper function.Fri, Apr 10, 10:58 AM
aokblast mentioned this in D56330: x86: Add zen identifier helper function.Fri, Apr 10, 11:03 AM

Revision Contents
Changeset List

PathSize
sys/
dev/
random/
19 lines

Diff 175181

View Options

sys/dev/random/rdseed.c

Loading...