Security flaw in Intel processors - Alfa Romeo Forum
You are currently unregistered, register for more features.    
The Technology Section A place to discuss technology & gadgets.

 
Thread Tools
(Post Link) post #1 of 23 Old 03-01-18 Thread Starter
Status: Thinking about a Scirrocco
AO Platinum Member
 
Starkers's Avatar
 
Join Date: Nov 2008
Location: Brighton.
County: Good old Sussex by the sea
Posts: 12,839

Member car:

The train :(

Security flaw in Intel processors

Oops.

I may have to invest in a new chip but I am not sure that new ones have been released yet?

https://www.theguardian.com/technolo...inux?CMP=fb_gu
Starkers is offline  
Sponsored Links
Advertisement
 
Status: T-5 Days to Unicorn Paradise
AO Platinum Member
 
TheGrimJeeper's Avatar
 
Join Date: Sep 2009
Location: France
County: Riviera
Posts: 38,319
TheGrimJeeper is offline  
(Post Link) post #3 of 23 Old 03-01-18 Thread Starter
Status: Thinking about a Scirrocco
AO Platinum Member
 
Starkers's Avatar
 
Join Date: Nov 2008
Location: Brighton.
County: Good old Sussex by the sea
Posts: 12,839

Member car:

The train :(

When I read the line "The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka ....." I couldn't take the article seriously.

AMD processor FTW
Starkers is offline  
Status: -
AO Member
 
Join Date: Feb 2014
Location: United Kingdom
County: North Yorkshire
Posts: 293
I'm afraid AMD and ARM are affected as well -

Intel, ARM and AMD chip scare: What you need to know - BBC News
Otto52 is offline  
Status: -
AO Member
 
Join Date: Jun 2017
County: Hampshire
Posts: 92
The BBC understands the tech industry has known about the issue for at least six months - and that everyone involved, from developers and security experts had signed non-disclosure agreements. The plan, it seems was to try and keep things under wraps until the flaws had been fully dealt with.

Oops.
AdamAR is offline  
Status: T-5 Days to Unicorn Paradise
AO Platinum Member
 
TheGrimJeeper's Avatar
 
Join Date: Sep 2009
Location: France
County: Riviera
Posts: 38,319
TheGrimJeeper is offline  
Status: Dreaming
AO Silver Member
 
Join Date: Apr 2007
Location: Orpington, Kent
Posts: 2,035

Member car:

Giulietta 150MA

Quote:
Originally Posted by AdamAR View Post
The BBC understands the tech industry has known about the issue for at least six months - and that everyone involved, from developers and security experts had signed non-disclosure agreements. The plan, it seems was to try and keep things under wraps until the flaws had been fully dealt with.

Oops.
Which is actually a good idea. No point flagging it up to potential hackers.
Sterzo is offline  
Status: -
AO Member
 
Join Date: Aug 2017
County: -Armagh
Posts: 224

Member car:

147 1.6 TS Lusso

Quote:
Originally Posted by Sterzo View Post
Which is actually a good idea. No point flagging it up to potential hackers.
That's exactly why zero day exploits happen.
Tenebreaux is offline  
Status: 6 YEARS LYMPHOMA FREE!! :)
AO Silver Member
 
ronan's Avatar
 
Join Date: Aug 2009
Location: Belfast
County: Down
Posts: 4,916

Member car:

156 1.8 Turismo

Me on Lubuntu...should i be scared ???
ronan is offline  
Status: Gormless [email protected]*
AO Gold Member
 
Paddy OPlastic's Avatar
 
Join Date: Feb 2014
Location: Ireland
County: Cork
Posts: 8,445

Member car:

Alfa GT JTD 2004

Quote:
Originally Posted by ronan View Post
Me on Lubuntu...should i be scared ???
It doesn't matter what operating system you're running, the problem is in the hardware. I wouldn't worry too much since the problems are quite hard to exploit. The most obvious point of entry into a domestic machine will be the browser and Mozilla, Google and MS have patched or will be patching these.
Paddy OPlastic is offline  
Status: Gormless [email protected]*
AO Gold Member
 
Paddy OPlastic's Avatar
 
Join Date: Feb 2014
Location: Ireland
County: Cork
Posts: 8,445

Member car:

Alfa GT JTD 2004

What I don't understand is why Intel can't patch the processor microcode to mitigate the problem. Modern processors have an internal simple RISC architecture. They, in essence, run a program (the microcode) to emulate the x86 and x64 instruction set.
Paddy OPlastic is offline  
Status: 6 YEARS LYMPHOMA FREE!! :)
AO Silver Member
 
ronan's Avatar
 
Join Date: Aug 2009
Location: Belfast
County: Down
Posts: 4,916

Member car:

156 1.8 Turismo

I am a miserable oul b00locks....Windows blew up on me years ago....PC is a Dell Optiplex 745 and after running Linux Mint which was too heavy for it...i installed Lubuntu..runs grand.

My teenage boys are disgusted at me at being a dinosaur....but i love to dabble.
ronan is offline  
Status: Hacker and fixer
AO Member
 
Join Date: May 2016
Location: Dublin, Ireland
County: -
Posts: 139

Member car:

2005 1.8TS 156SW

Quote:
Originally Posted by Paddy OPlastic View Post
What I don't understand is why Intel can't patch the processor microcode to mitigate the problem. Modern processors have an internal simple RISC architecture. They, in essence, run a program (the microcode) to emulate the x86 and x64 instruction set.
As I understand it (I'm in the tech industry, but not that corner) ... the underlying problem can't be fixed with microcode - it's down to how the various processor-cores on the chip share cache information during "speculative execution"

When the core is otherwise idle (waiting for RAM to return data etc), it takes an educated guess at what might be next instruction / instructions required. If it guesses right, it wins - if not, it's no worse off, unwinds what it did, and goes on doing whatever it was going to do ..

The problem happens because the CPU cache is outside the core running the instructions - and doesn't always get cleared down properly (as it's shared) ... it's possible to read any information left around after the speculative execution.

This can be manipulated to show contents of memory that would otherwise be hidden / secured (as the CPU / Kernel have access to everything) - which could include encryption keys etc.

Edit: This flaw has existed on every CPU since the 1995 Pentium Pro / AMD K6 era processors (PII / PIII / P4) - the only intel exception is the Itanium

P
proinsias is offline  
Status: Gormless [email protected]*
AO Gold Member
 
Paddy OPlastic's Avatar
 
Join Date: Feb 2014
Location: Ireland
County: Cork
Posts: 8,445

Member car:

Alfa GT JTD 2004

Quote:
Originally Posted by proinsias View Post
As I understand it (I'm in the tech industry, but not that corner) ... the underlying problem can't be fixed with microcode - it's down to how the various processor-cores on the chip share cache information during "speculative execution"

When the core is otherwise idle (waiting for RAM to return data etc), it takes an educated guess at what might be next instruction / instructions required. If it guesses right, it wins - if not, it's no worse off, unwinds what it did, and goes on doing whatever it was going to do ..

The problem happens because the CPU cache is outside the core running the instructions - and doesn't always get cleared down properly (as it's shared) ... it's possible to read any information left around after the speculative execution.

This can be manipulated to show contents of memory that would otherwise be hidden / secured (as the CPU / Kernel have access to everything) - which could include encryption keys etc.

Edit: This flaw has existed on every CPU since the 1995 Pentium Pro / AMD K6 era processors (PII / PIII / P4) - the only intel exception is the Itanium

P
Yes, I've read as much. The processor has normal instructions to invalidate the cache so, by extension, the microcode can do the same. Perhaps the there is no way for the microcode to know the instruction is being executed speculatively or when speculative execution is being discarded. I haven't found anything that explains this in depth.

Last edited by Paddy OPlastic; 05-01-18 at 15:56.
Paddy OPlastic is offline  
Status: -
AO Member
 
ItsMeMarty's Avatar
 
Join Date: Dec 2017
County: -Netherlands
Posts: 546

Member car:

159-2.2JTS

itanium is a server processor and are very expensive, and its not only computers smartphones and all Aplle products.
There goes there rep being safe.
ItsMeMarty is online now  
Status: Gormless [email protected]*
AO Gold Member
 
Paddy OPlastic's Avatar
 
Join Date: Feb 2014
Location: Ireland
County: Cork
Posts: 8,445

Member car:

Alfa GT JTD 2004

Just about to reboot my machine with the patch. I may be some time...
Paddy OPlastic is offline  
Status: Gormless [email protected]*
AO Gold Member
 
Paddy OPlastic's Avatar
 
Join Date: Feb 2014
Location: Ireland
County: Cork
Posts: 8,445

Member car:

Alfa GT JTD 2004

Works.

A reboot takes about twice as long.
Paddy OPlastic is offline  
Status: T-5 Days to Unicorn Paradise
AO Platinum Member
 
TheGrimJeeper's Avatar
 
Join Date: Sep 2009
Location: France
County: Riviera
Posts: 38,319
I'm guessing my brought-out-of-retirement Acer X3200 with a Quadcore AMD Phenom doesn't need the patch...?
TheGrimJeeper is offline  
Status: Gormless [email protected]*
AO Gold Member
 
Paddy OPlastic's Avatar
 
Join Date: Feb 2014
Location: Ireland
County: Cork
Posts: 8,445

Member car:

Alfa GT JTD 2004

It isn't affected by Meltdown but will need patching against Spectre.
Paddy OPlastic is offline  
Status: T-5 Days to Unicorn Paradise
AO Platinum Member
 
TheGrimJeeper's Avatar
 
Join Date: Sep 2009
Location: France
County: Riviera
Posts: 38,319
My Asus Vivobook is going to become unusable with Win10 if its Atom gets any slower.
TheGrimJeeper is offline  
Status: Hacker and fixer
AO Member
 
Join Date: May 2016
Location: Dublin, Ireland
County: -
Posts: 139

Member car:

2005 1.8TS 156SW

Quote:
Originally Posted by TheGrimJeeper View Post
My Asus Vivobook is going to become unusable with Win10 if its Atom gets any slower.
Upside - Atoms (pre 2013 anyway) are unaffected by Meltdown ... they're strictly "in order" execution (possibly still open to Spectre though)
proinsias is offline  
Status: Gormless [email protected]*
AO Gold Member
 
Paddy OPlastic's Avatar
 
Join Date: Feb 2014
Location: Ireland
County: Cork
Posts: 8,445

Member car:

Alfa GT JTD 2004

Quote:
Originally Posted by TheGrimJeeper View Post
My Asus Vivobook is going to become unusable with Win10 if its Atom gets any slower.
You can use the coreinfo utility from MS to check if your processor implements PCID which mitigates some of the slowdown expected from the patches. My tabuter is Atom and, like yourself, feel its performance is on the edge of acceptability.
Paddy OPlastic is offline  
Status: -
AO Gold Member
 
Join Date: Jul 2004
Location: United Kingdom
County: Derbyshire
Posts: 6,517
Microsoft's "fix" has worked really well . . .

After the latest update my Netbook (AMD E-450 processor) was freezing after about five minutes. Web searches haven't come up with a cure, so I've worked round it by doing a system restore & disabling automatic updates in Windows.

As one of the wisest people I ever worked with said, the biggest cause of problems in engineering is solutions.
Dave Brand is offline  
Reply

Go Back   Alfa Romeo Forum > Misc Lounges > Community Discussions > The Technology Section

Tags
flaw , intel , processors , security

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

 
For the best viewing experience please update your browser to Google Chrome