pfSense Forum

pfSense English Support => General Questions => Topic started by: robi on January 03, 2018, 04:29:45 am

Title: Intel CPUs Massive Security Flaw issue
Post by: robi on January 03, 2018, 04:29:45 am
"All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw"
https://gizmodo.com/report-all-intel-processors-made-in-the-last-decade-mi-1821728240
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
https://www.postgresql.org/message-id/20180102222354.qikjmf7dvnjgbkxe@alap3.anarazel.de

I'm really starting to loose my trust in Intel. First ME (https://www.bleepingcomputer.com/news/hardware/researchers-find-a-way-to-disable-much-hated-intel-me-component-courtesy-of-the-nsa/), than this. Oh and the C2000 series bug (https://www.servethehome.com/intel-atom-c2000-series-bug-quiet/)...
I used to use AMD CPUs in the past, I switched to Intel about 15 years ago because AMDs tended to overheat etc. while Intels looked more trustworthy, they costed more but had less compromises at that time than AMDs (the era of Athlons and Durons).
I wonder how do AMDs perform these days...? I definitely intend to start looking at AMDs in my next projects....

Anyways, the big questions are:
- do we get (and when) a kernel update to pfSense to address this issue
- how much performance decrease should we espect. Thinking here of Atoms especially, C2000 series (like the famous Supermicro A1SRi-2758F and its brothers board, used by thousands of us in pfSense)
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 03, 2018, 04:36:53 am
No FreeBSD patches as yet.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 03, 2018, 04:42:09 am
Hmm. I really hope if there will be such a patch, performance loss will only affect Intel CPUs; KPTI (Kernel Page Table Isolation) routine would only be activated if the processor is detected as being an Intel...
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 03, 2018, 04:56:37 am
This is a brand new issue so we don't have much of information yet.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Hugovsky on January 03, 2018, 11:15:07 am
Intel is just becoming more and more disappointing. I think it's time to start looking to AMD or others...
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Chrismallia on January 03, 2018, 01:35:44 pm
 AMD's performance is so far behind that even 30% slower the Intel is still faster  and I suspect they have their own issues.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 03, 2018, 01:46:28 pm
AMD's performance is so far behind that even 30% slower the Intel is still faster  and I suspect they have their own issues.
I'm afraid that depends on what type of tasks the CPU has to perform. For example I've got several HP T5730 thin clients equipped with AMD Sempron 2100+ CPUs at 1GHz, they do WAN/LAN NAT-ing at full interface speed between VLANs (1Gbit/s/2) at only 60% CPU usage. Intel Atoms from that era are nowhere compared to Semprons.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Chrismallia on January 03, 2018, 01:54:18 pm
"I'm afraid that depends on what type of tasks the CPU has to perform. For example I've got several HP T5730 thin clients equipped with AMD Sempron 2100+ CPUs at 1GHz, they do WAN/LAN NAT-ing at full interface speed between VLANs (1Gbit/s/2) at only 60% CPU usage. Intel Atoms from that era are nowhere compared to Semprons."

Thats good to know, thanks for the info
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Hugovsky on January 03, 2018, 02:36:29 pm
If I have to trade speed for security, I choose security every time. With Intel, it used to be a win-win but, with recent news... I just don't believe it so blindly anymore. Of course AMD is not the cure to all your problems but it sure starts to seem a little better.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: KOM on January 03, 2018, 02:48:00 pm
Quote
AMD's performance is so far behind that even 30% slower the Intel is still faster  and I suspect they have their own issues.

From what I have read, AMD's latest Threadripper CPUs are giving Intel a run for their money, and they're cheaper.  As for issues, unless you have something concrete then you can't really make that claim.  I've seen others saying the same thing on other tech forums, that this Intel bug is bad but AMD might maybe perhaps possibly have something as bad or worse.  It's pure FUD.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Hugovsky on January 03, 2018, 04:55:16 pm
There you go:

http://www.zdnet.com/article/security-flaws-affect-every-intel-chip-since-1995-arm-processors-vulnerable/
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Hugovsky on January 03, 2018, 05:03:27 pm
More info here:

https://spectreattack.com/
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 03, 2018, 06:10:53 pm
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.

Once the FreeBSD project issues a patched release, we will incorporate those patches, test, and release new versions of pfSense.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: mikeisfly on January 03, 2018, 08:08:54 pm
From my understanding of the problem all x86 processors are effected but the AMD processors have the ability to turn off the branch prediction feature. It would seem to me that if some bioses can be updated to turn this feature off on Intel Processors than the problem can be minimized without the 5% performance hit. We all want speed and putting the Kernel page file and user page file in the same space was a way for them to achieve this. I don't really think it's fair to blame Intel. Security is really hard and I would say the problem is really at the OS level. OS makers are working on the fix now so I would say everyone is doing their job. I would imagine in the future Intel processors will have the ability to turn the branch prediction off which will fix this issue.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: VAMike on January 03, 2018, 10:57:28 pm
From my understanding of the problem all x86 processors are effected but the AMD processors have the ability to turn off the branch prediction feature. It would seem to me that if some bioses can be updated to turn this feature off on Intel Processors than the problem can be minimized without the 5% performance hit. We all want speed and putting the Kernel page file and user page file in the same space was a way for them to achieve this. I don't really think it's fair to blame Intel. Security is really hard and I would say the problem is really at the OS level. OS makers are working on the fix now so I would say everyone is doing their job. I would imagine in the future Intel processors will have the ability to turn the branch prediction off which will fix this issue.
Turning off branch prediction would be a much more significant performance hit. The impact of KPTI is felt on code with a lot of system calls, and has close to zero impact on code that stays in user land. Killing branch prediction would impact everything.

It's also worth pointing out that this isn't a kernel-specific issue, and that side channel attacks can impact any program that tries to isolate untrusted code. (For example, a browser running javascript.) The kernel mitigations don't fix all of those other programs--and AMD CPUs are impacted by this just as much as Intel CPUs.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 04, 2018, 01:13:55 am
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.
Can you please elaborate a little bit this, so we can understand what you mean? Especially the "most pfSense use cases without untrusted local users or a multi-tenant context ".
The whole pfSense runs as root, including the web interface afaik...
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 04, 2018, 02:35:24 am
AMD CPUs are impacted by this just as much as Intel CPUs.

Not true (https://lkml.org/lkml/2017/12/27/2):
Quote
AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against.  The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
Quote
The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time. We expect the security research to be published later today and will provide further updates at that time.

Howerver, ARM prcessors are affected (https://www.axios.com/massive-chip-flaw-not-limited-to-intel-2522178225.html):
Quote
ARM, whose chip designs are widely used in cell phones and other devices, confirmed some of its chip architectures are affected, including some of its Cortex-A processors. "This method requires malware running locally and could result in data being accessed from privileged memory," ARM said in a statement to Axios. "Our Cortex-M processors, which are pervasive in low-power, connected IoT devices, are not impacted."
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Chrismallia on January 04, 2018, 04:24:54 am
Quote
AMD's performance is so far behind that even 30% slower the Intel is still faster  and I suspect they have their own issues.

From what I have read, AMD's latest Threadripper CPUs are giving Intel a run for their money, and they're cheaper.  As for issues, unless you have something concrete then you can't really make that claim.  I've seen others saying the same thing on other tech forums, that this Intel bug is bad but AMD might maybe perhaps possibly have something as bad or worse.  It's pure FUD.

Sorry to disagree

Threadripper  does nearly half the work clock per cycle  of an Intel  plus they run much hotter and are less power efficient
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 04, 2018, 10:08:26 am
This was true 15 years ago, can't believe they are still the same.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Chrismallia on January 04, 2018, 10:32:38 am
Here is 1 example  the AMD has 8 cores 16 threads  Intel 4 core 8 threads

https://www.tomsguide.com/us/amd-ryzen-benchmarks,review-4232.html

I did not reed the post in detail but at a quick look the Intel did better with less cores , I am not trying to make Intel look better just trying to justify if switching to AMD will be worth it  as you still have to buy expensive CPUs like ryzen to get good performance
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Chrismallia on January 04, 2018, 11:02:50 am
AMD are hit too

http://bgr.com/2018/01/03/intel-security-flaw-also-arm-amd-macos-already-patched/

The only thing different looks like Intel are doing something about it and AMD has not responded yet
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: VAMike on January 04, 2018, 11:37:14 am
AMD CPUs are impacted by this just as much as Intel CPUs.

Not true

No, completely true. First, you trimmed off one heck of a lot of context that's really important:

Quote
It's also worth pointing out that this isn't a kernel-specific issue, and that side channel attacks can impact any program that tries to isolate untrusted code. (For example, a browser running javascript.) The kernel mitigations don't fix all of those other programs--and AMD CPUs are impacted by this just as much as Intel CPUs.

What a lot of fanboys seem to be missing in their urgency to have an intel bonfire is that this is about a class of vulnerabilities, not a specific vulnerability. AMD processors seem at this point to not be vulnerable to one particular mode of attack, but are vulnerable to other modes of attack. And I guarantee that this area of research will get a lot more attention, and there will be other exploit vectors discovered. Side channel attacks have simply not been something that commodity CPU vendors have worried about, so to some degree finding them is like shooting fish in a barrel. (This is true of all the vendors, not just intel.) "Meltdown" is getting most of the press (that which isn't completely confused about the various attack vectors) and is the biggest PITA for shared infrastructure providers, but "Spectre" is actually much harder to fix, and just as relevant to actual users who do things like browse the web. The most straightforward fixes involve giving up any hope of sandboxing potentially malicious code within a process and relying on process isolation instead--which will have a performance impact on everyone's web browsing.

And as long as we're talking about AMD, they really botched up the disclosure timeline by publicly asserting that they weren't vulnerable to certain kinds of cache timing attacks in the context of the linux kpti patches...people are going to think twice before trusting AMD to keep their mouths shut in the future.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: dotdash on January 04, 2018, 01:55:02 pm
Can you please elaborate a little bit this, so we can understand what you mean? Especially the "most pfSense use cases without untrusted local users or a multi-tenant context ".
The whole pfSense runs as root, including the web interface afaik...

My understanding of this is that one application running on the OS would be able to improperly read memory used by other applications. Obviously this is bad if some rogue app/script can pull sensitive data from other apps on a workstation.  Also bad if one VM can read data from another. On a dedicated firewall, the OS is not going to be running untrusted apps. I don't see much of an attack vector on a firewall. I certainly wouldn't worry about pfSense until I had Hypervisors, servers, and end user workstations taken care of.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: lra on January 04, 2018, 04:26:07 pm
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.

Once the FreeBSD project issues a patched release, we will incorporate those patches, test, and release new versions of pfSense.
Engineering question, if the Meltdown and Spectre kernel fixes reduces pfSense performance by 5% or more, is that prudent ?

If Meltdown and Spectre require malicious code running locally, all bets are off, and there are far easier methods to extract credentials.

Bottom line, are the Meltdown and Spectre fixes appropriate for an appliance like pfSense ?
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ryanccsi on January 04, 2018, 05:53:35 pm
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.

Once the FreeBSD project issues a patched release, we will incorporate those patches, test, and release new versions of pfSense.
Engineering question, if the Meltdown and Spectre kernel fixes reduces pfSense performance by 5% or more, is that prudent ?

If Meltdown and Spectre require malicious code running locally, all bets are off, and there are far easier methods to extract credentials.

Bottom line, are the Meltdown and Spectre fixes appropriate for an appliance like pfSense ?

From what I can tell both Meltdown and Spectre use very similar methodologies to gain access to L1 cache memory. Looks like they take advantage of speculative out-of-order features, a form of execution parallelism through predictive execution, to access L1 cache by attempting to create an out-of-order execution on one core while another core processes a prior instruction that is meant to cause an exception. It then produces a race-condition where it tries to access L1 cache from within the out-of-order sequence before the processor has time to terminate the original thread by retiring the whole set of instructions and clearing the L1 of memory and code. During this race condition, perhaps 200 clock cycles, it needs to determine if bits in memory are a 1 or a 0, the details which honestly elude me but seem to involve measuring the time caused by side-effecting the microarchitecture. Even after that it still needs to communicate that outside of the process then using the exception-handling to communicate/raise a couple of registers outside of that thread to the process where it can display the contents to the attacker.

I haven't seen any working meltdown/spectre example code that can get kernel data but a couple that successfully get user-mode memory pages. I'd find it prudent to patch on shared-infrastructure where resources aren't shared at the VM level but at the container level. For pfSense, an attacker would need to have root/wheel access as a prerequisite to the machine, so they wouldn't be needing to compile/inject cache-exploiting code into other processes to see their memory in the first place. For that reason it means it is extremely unlikely to be a primary attack vector on a firewall system.

As for CPU usage, it's difficult to tell what the performance impact will be. PostgreSQL suggests somewhere between 17% ~ 23%. I think it's fairly significant but for a firewall I don't know if anyone will notice. Our pfSense setup uses perhaps 5% ~ 10% CPU performance, so 23% I don't think will be recognizable ... but who knows, maybe it'll affect traffic-shaping. For hypervisors I could see the performance impact being noticeable when systems are at or near computing capacity.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: JKnott on January 04, 2018, 09:25:55 pm
I just came across this:
http://www.pcgamer.com/intel-ceo-sold-39-million-in-company-shares-prior-to-disclosure-of-cpu-security-flaws/
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 05, 2018, 02:34:24 am
This is not a joke anymore. Really.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 05, 2018, 04:17:36 am
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.
Can you please elaborate a little bit this, so we can understand what you mean? Especially the "most pfSense use cases without untrusted local users or a multi-tenant context ".
The whole pfSense runs as root, including the web interface afaik...

Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.

Once the FreeBSD project issues a patched release, we will incorporate those patches, test, and release new versions of pfSense.
Engineering question, if the Meltdown and Spectre kernel fixes reduces pfSense performance by 5% or more, is that prudent ?

If Meltdown and Spectre require malicious code running locally, all bets are off, and there are far easier methods to extract credentials.

Bottom line, are the Meltdown and Spectre fixes appropriate for an appliance like pfSense ?

We will know more information once there's a fix in place so I would rather not speculate now. Once the fix is ready, it will be available in snapshots.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: AMD_infinium05 on January 05, 2018, 11:28:42 am
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.

Once the FreeBSD project issues a patched release, we will incorporate those patches, test, and release new versions of pfSense.

Could you please elaborate/simplify to understand more about this statement?
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 05, 2018, 05:28:06 pm
https://github.com/corna/me_cleaner/issues/142

 ::)
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kpa on January 05, 2018, 06:04:30 pm
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.

Once the FreeBSD project issues a patched release, we will incorporate those patches, test, and release new versions of pfSense.

Could you please elaborate/simplify to understand more about this statement?

The vulnerabilities do not affect pfSense in a usual configuration where there are no local users that could have local execution privileges for untrusted code.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Gil on January 05, 2018, 06:33:20 pm
A "Quantum of Solace" for me in that statement - (To coin a phrase)
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: bfeitell on January 06, 2018, 04:41:35 am
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.

Once the FreeBSD project issues a patched release, we will incorporate those patches, test, and release new versions of pfSense.

This makes sense for PFSense itself, but what about packages like Snort and Suricata that actively evaluate untrusted and malicious code all the time?
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: WERTYU on January 06, 2018, 05:43:55 am
thank you ufabet [size] (http://www.ufabet99.com)
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: lra on January 06, 2018, 09:10:41 am
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.

Once the FreeBSD project issues a patched release, we will incorporate those patches, test, and release new versions of pfSense.
Engineering question, if the Meltdown and Spectre kernel fixes reduces pfSense performance by 5% or more, is that prudent ?

If Meltdown and Spectre require malicious code running locally, all bets are off, and there are far easier methods to extract credentials.

Bottom line, are the Meltdown and Spectre fixes appropriate for an appliance like pfSense ?

We will know more information once there's a fix in place so I would rather not speculate now. Once the fix is ready, it will be available in snapshots.
For Reference ...
DragonFlyBSD Lands Fixes For Meltdown Vulnerability
https://www.phoronix.com/scan.php?page=news_item&px=DragonFly-Meltdown-Fixed

"... system call performance is reduced, similar to Linux, when the isolation is enabled. DragonFly reports that system calls go from about 100ns to ~350ns. In typcial workloads they say you should "not lose more than 5% performance or so. System-call heavy and interrupt-heavy workloads (network, database, high-speed storage, etc) can lose a lot more performance."
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kpa on January 06, 2018, 09:14:08 am
Our preliminary assessment of Meltdown and Spectre vulnerabilities suggests that most pfSense use cases without untrusted local users or a multi-tenant context should not be concerned.

Once the FreeBSD project issues a patched release, we will incorporate those patches, test, and release new versions of pfSense.

This makes sense for PFSense itself, but what about packages like Snort and Suricata that actively evaluate untrusted and malicious code all the time?

No they don't, what they do is they analyze patterns in the incoming and outgoing connections on both the IP headers and the data payload level and then make decisions based on rules if there is an active threat going on. None of their operations involve an actual execution of untrusted program code, it would be just plain crazy if such thing was allowed.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: bimmerdriver on January 06, 2018, 05:06:53 pm
Quote
AMD's performance is so far behind that even 30% slower the Intel is still faster  and I suspect they have their own issues.

From what I have read, AMD's latest Threadripper CPUs are giving Intel a run for their money, and they're cheaper.  As for issues, unless you have something concrete then you can't really make that claim.  I've seen others saying the same thing on other tech forums, that this Intel bug is bad but AMD might maybe perhaps possibly have something as bad or worse.  It's pure FUD.

Sorry to disagree

Threadripper  does nearly half the work clock per cycle  of an Intel  plus they run much hotter and are less power efficient
Work per clock cycle is an irrelevant measurement unless you are comparing similar architectures and even then, while it may be interesting, it still doesn't really matter. The relative performance of AMD vs. Intel depends on the workload. (This applies to Ryzen vs. Core as well as Epyc vs. Xeon.)

Anandtech rated the ThreadRipper as the best overall workstation processor, taking both price and performance into account. Here is a reference: https://www.anandtech.com/show/11891/best-cpus-for-workstations-2017
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: jahonix on January 06, 2018, 06:19:03 pm
I don't see much of an attack vector on a firewall
What about installs on hypervisors, be it local on, say vmware, or in the cloud at azure or aws?
That's where the fun begins and that's where more valuable data can be sourced from than from your home with a dedicated pfSense machine, right?
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ecfx on January 07, 2018, 05:10:09 am
Is is possible for pfSense to load updated CPU microcode at kernel boot as in Linux / windows ?
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 07, 2018, 09:56:34 am
Based on what I've read, pfsense users have nothing to worry about if pfsense is installed on a physical machine or if it is installed as a VM along with other virtual appliances on hardware that you own and only you use.

You start having risks when you are one of many subscribers to a cloud service and you have no idea if the other subscribers are running malware that exploits these vulnerabilities.

I'm far more worried that for most of us, the cure will be worse than the disease.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Harvy66 on January 07, 2018, 10:58:50 am
If I have to trade speed for security, I choose security every time. With Intel, it used to be a win-win but, with recent news... I just don't believe it so blindly anymore. Of course AMD is not the cure to all your problems but it sure starts to seem a little better.

A system with a speed of zero is perfectly secure, and perfectly useless.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 07, 2018, 12:55:30 pm
PPP will still be somewhat slow after this gets patched. :)
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 08, 2018, 02:33:43 pm
http://www.newsweek.com/apple-iphone-chip-vulnerability-most-disturbing-security-issue-decades-771638
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: JKnott on January 08, 2018, 04:17:55 pm
What's more is the Intel CEO sold $24M in stock months AFTER Google advised Intel of the problem, but before it was made public.

http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1 (http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1)
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 08, 2018, 06:23:55 pm
https://www.netgate.com/blog/an-update-on-meltdown-and-spectre.html
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Gil on January 08, 2018, 06:32:16 pm
Info for those running on ARM devices:

https://developer.arm.com/support/security-update

Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 09, 2018, 12:04:54 am
"Once these backports are available, snapshots including the fixes will only be available for pfSense® 2.4.x and amd64 architecture."

Thank god my D2700 doesn't do branch prediction!

"Our Amazon Web Services and Microsoft Azure customers are safe as both providers already patched their infrastructure against these vulnerabilities."

I'm dubious that cloud servers are"Safe".  Mitigated and cured are not the same thing.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: jahonix on January 09, 2018, 08:32:56 am
Quote from: https://www.netgate.com/blog/an-update-on-meltdown-and-spectre.html
The FreeBSD developers will likely wait a bit before starting the backport of these patches to both FreeBSD 11 and 10. Once these backports are available, snapshots including the fixes will only be available for pfSense® 2.4.x and amd64 architecture.
Did I get that right: you will neither patch the ARM-Branch nor the 2.3.x (32bit) versions of pfSense because you think use cases prevent exploration of current security vulnerabilities?
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Ryu945 on January 09, 2018, 11:41:25 am
Here is 1 example  the AMD has 8 cores 16 threads  Intel 4 core 8 threads

https://www.tomsguide.com/us/amd-ryzen-benchmarks,review-4232.html

I did not reed the post in detail but at a quick look the Intel did better with less cores , I am not trying to make Intel look better just trying to justify if switching to AMD will be worth it  as you still have to buy expensive CPUs like ryzen to get good performance

Keep in mind that games are highly fast core dependant now.   DirectX 12 and Vulkan games will not be nearly so fast core dependant in the future.  I expect the 1800X will pull ahead in future games.   In the long run, AMD CPUs will be better since they specilize at multi-tasking.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 09, 2018, 11:50:02 am
All benchmarks performed before the BIOS upgrades needed to patch the CPUs and the OS patches are meaningless as far as I'm concerned.

To compare apples to apples, we need to compare CPU benchmarks AFTER all the patches are installed.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 09, 2018, 12:00:17 pm
Did I get that right: you will neither patch the ARM-Branch nor the 2.3.x (32bit) versions of pfSense because you think use cases prevent exploration of current security vulnerabilities?

ARM doesn't need variant 3 (meltdown) fix. Once fixes for variants 2 and 1 are developed we will incorporate them, if possible. There are no fixes for i386 yet, so we can't comment yet.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 09, 2018, 12:02:06 pm
I'm dubious that cloud servers are"Safe".  Mitigated and cured are not the same thing.

Safe from the vulnerabilities written about in the blog post.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Ryu945 on January 09, 2018, 12:42:01 pm
From my understanding of the problem all x86 processors are effected but the AMD processors have the ability to turn off the branch prediction feature. It would seem to me that if some bioses can be updated to turn this feature off on Intel Processors than the problem can be minimized without the 5% performance hit. We all want speed and putting the Kernel page file and user page file in the same space was a way for them to achieve this. I don't really think it's fair to blame Intel. Security is really hard and I would say the problem is really at the OS level. OS makers are working on the fix now so I would say everyone is doing their job. I would imagine in the future Intel processors will have the ability to turn the branch prediction off which will fix this issue.
Turning off branch prediction would be a much more significant performance hit. The impact of KPTI is felt on code with a lot of system calls, and has close to zero impact on code that stays in user land. Killing branch prediction would impact everything.

It's also worth pointing out that this isn't a kernel-specific issue, and that side channel attacks can impact any program that tries to isolate untrusted code. (For example, a browser running javascript.) The kernel mitigations don't fix all of those other programs--and AMD CPUs are impacted by this just as much as Intel CPUs.

Both Intel and AMD are affect by Spectre but only Intel ( and the Arms) are effected by Meltdown.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: jahonix on January 09, 2018, 06:38:19 pm
There are no fixes for i386 yet, so we can't comment yet.
Well, that's in contrast to "fixes will only be available for pfSense® 2.4.x and amd64 architecture".
I'm not a native in this language but "only" usually means exclusively. Correct me if I'm wrong...

And who has the final decision at netgate, you or jwt (who wrote the "only" blog post)?
So much for security fixes in the 2.3.x branch ... I know, you said you cannot comment yet.
The "official" announcement of "only 2.4.x branch and amd64" still stands, doesn't it?

From a security standpoint this killed the 2.3.x branch - and doing so significantly before reaching the promised lifespan.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 09, 2018, 06:58:34 pm
Well, that's in contrast to "fixes will only be available for pfSense® 2.4.x and amd64 architecture".
I'm not a native in this language but "only" usually means exclusively. Correct me if I'm wrong...

You should really pay more attention to what others say. We can’t implement fixes we don’t have. We will have 64-bit fixes for pfSense 2.4.x but we don’t have anything yet for i386 and it's unclear when or if fixes will be available. You don't seem to understand the magnitude of these vulnerabilities.

And who has the final decision at netgate, you or jwt (who wrote the "only" blog post)?

How is that relevant for this discussion? What's "only" blog post?

So much for security fixes in the 2.3.x branch ... I know, you said you cannot comment yet.

That's rude and unwelcome attitude. We promised to support 2.3.x branch for at least a year after 2.4 release but we cannot implement fixes we do not have.

The "official" announcement of "only 2.4.x branch and amd64" still stands, doesn't it?

I'm not sure what you're asking me.

From a security standpoint this killed the 2.3.x branch - and doing so significantly before reaching the promised lifespan.

Vulnerabilities like these and fixing of the same is the main reason why we dropped i386 support, and spent a long time announcing it. Once and if fixes for i386 are available, we will incorporate them. However, predictions like "this killed 2.3.x branch" are not welcome. You are welcome to help in finding solutions but what you're doing is not helpful.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: jahonix on January 09, 2018, 07:42:19 pm
Quote from: https://www.netgate.com/blog/an-update-on-meltdown-and-spectre.html
fixes will only be available for pfSense® 2.4.x and amd64 architecture.
Only means exclusively what in return means that neither ARM nor 2.3.x will ever get available fixes, otherwise it wouldn't be "only". jwt would not have written it that way if he didn't mean it.

This has nothing to do with my understanding of the magnitude of these vulnerabilities. This is about a business decision and the language to describe it.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: gsiemon on January 10, 2018, 04:25:18 am
@jahonix

The FreeBSD Devs have said that initially they are targeting patches for AMD64 (x86-64) in the next couple of weeks for FreeBSD 11.1.  They have not said when 32 bit patches will be available, nor have they said when they will patch FreeBSD 10.x releases although they do mention 10.3 and 10.4 in their mailing list.  The pfSense team most likely doesn't have much more information at this stage and is probably why the blog post was worded as it is.  Hope that helps.

Ref: https://lists.freebsd.org/pipermail/freebsd-security/2018-January/009719.html (https://lists.freebsd.org/pipermail/freebsd-security/2018-January/009719.html)
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: ivor on January 10, 2018, 05:29:21 am
gsiemon is correct.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 10, 2018, 09:11:44 am
As far as I understood, Meltdown and Spectre only affects 64-bit CPUs. 32-bit CPUs are not affected, correct me if I'm wrong.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: mikeisfly on January 10, 2018, 11:02:46 am
As far as I understood, Meltdown and Spectre only affects 64-bit CPUs. 32-bit CPUs are not affected, correct me if I'm wrong.

Respectfully you would be wrong. If your processor does any kind of speculative branch prediction you are in the target zone.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 10, 2018, 11:08:59 am
Mikeisrespectful...   Yeah.  32 bit got hit too.

The thing I find interesting is that researchers with nothing to gain or lose say this can't be truly fixed.

Meanwhile people who stand to lose billions upon billions are saying "We can fix it with patches".
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Ryu945 on January 10, 2018, 01:33:30 pm
Mikeisrespectful...   Yeah.  32 bit got hit too.

The thing I find interesting is that researchers with nothing to gain or lose say this can't be truly fixed.

Meanwhile people who stand to lose billions upon billions are saying "We can fix it with patches".

From how I understand it, it can be fixed by turning a feature off in a specific way such that you don't cause to much of a performance hit but there will be a performance hit.  In the future, they will have to develop new hardware that doesn't have this problem.  That could be what they mean by "truely fixed".  No matter how you patch this, there will be a performance hit.  It is impossible to patch this in a way that will not cause a performance hit.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: mikeisfly on January 10, 2018, 07:05:30 pm
Also they will have to try to find performance gains another way. Out of order Instruction execution and branch prediction were big deals when they were implemented. Limiting access to a page frame to the process that created it is a way that may be able to fix the issue. Reducing the access to the high resolution clock (if possible) may also be a way to mitigate these timing leak attacks. I'm not a expert though, I just stayed at a Holiday Inn Express last night.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: VAMike on January 10, 2018, 09:12:03 pm
Mikeisrespectful...   Yeah.  32 bit got hit too.

The thing I find interesting is that researchers with nothing to gain or lose say this can't be truly fixed.

Meanwhile people who stand to lose billions upon billions are saying "We can fix it with patches".
researchers with nothing to lose have no reason to distinguish between "perfect" and "good enough". for most people "good enough" is sufficient, or else we'd all be twiddling our thumbs waiting for a "perfect" system to appear.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 11, 2018, 12:40:36 am
Limiting access to high resolution timers is what google chrome and firefox have done.  Also strictly segmenting memory between pages.  The patch sucks to high heaven performance wise and still is vunerable. 

Good enough security?  Hmmmm.   I don't think we will have that before a processor redesign.  I mean I'm not selling my laptop or anything but I'm well aware that I need to change how I use my machines.  I'm going to have to cut way back on the number of sketchy porn sites I visit.

I think they should be presenting the patches for what they are.  An attempt to reduce the risk.  However they consistently use language that leads people to believe the patches fix things.  Last time I saw writing that misleading was when cigarette companies tried to convince everyone that smoking was perfectly harmless.

However, because of the way pfsense is used and the fact that it isn't a web browsing machine, I worry about pfsense way less than my computers that have desktops and keyboards.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: JKnott on January 11, 2018, 05:59:32 am
Mikeisrespectful...   Yeah.  32 bit got hit too.

The thing I find interesting is that researchers with nothing to gain or lose say this can't be truly fixed.

Meanwhile people who stand to lose billions upon billions are saying "We can fix it with patches".
researchers with nothing to lose have no reason to distinguish between "perfect" and "good enough". for most people "good enough" is sufficient, or else we'd all be twiddling our thumbs waiting for a "perfect" system to appear.

Also, you can't fix a problem that you don't know about.  Apparently, Google discovered this problem last June, so Intel wouldn't have considered fixing it years ago.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 11, 2018, 06:29:24 am
Thats true, and totally understandable.  However, downplaying the severity and lack of full fix isn't understandable. 

In the end, the first company to come up with a high performance chip that isn't susceptible is going to make trillions of dollars.  Hopefully it will be a new contender and an entirely new architecture.  We are due for a refresh.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 11, 2018, 07:26:48 am
In the future, they will have to develop new hardware that doesn't have this problem.
I'd love to see the following:
- replace all the CPUs sold last "x" years free of charge (under warranty - the product is faulty, right?)
- offer massive discounts to upgrade CPUs from affected models to fixed models outside the warranty time
- offer discounts through OEM partners for CPUs embedded in motherboards, to replace CPUs and motherboards too (for cases when CPU is soldered to the board, like atoms and such)
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: jahonix on January 11, 2018, 07:48:09 am
- replace all the CPUs sold last "x" years free of charge (under warranty - the product is faulty, right?)
That's why Intel chose the "working as designed" lingo. They never said "yes, we have a fault here" which makes it incredibly hard to get a dime from them. Maybe if you take it to court, maybe not.

- offer massive discounts to upgrade CPUs ...
- offer discounts through OEM partners for CPUs embedded in motherboards ...
First they would have to admit a problem caused by them. If they did so it would be a "hara-kiri" mission which even Intel wouldn't survive.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 11, 2018, 07:52:22 am
Likely there will be massive class action suits now that you mention it.  Wonder when that hammer will drop?

It wouldn't take much work to prove that the people who designed and manufactured the chips are responsible for their flawed design.  One would think?

Looking around the web I can see that several states are already filing suit against intel saying that by keeping the flaw secret for six months they allowed people to buy their products who likely would not have given the flaw.  You can put me on that list.  I'd have to be desperate for a new machine to buy one right now.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Ryu945 on January 11, 2018, 09:42:29 am
I don't think a 5% performance drop would be declared as defective and not work in a court though.  If they can't declare it defective then Intel is off the hook.  Intel would lose way to much money to be a viable company if they had to pay to replace every CPU.  If the CPUs didn't work, that would be one thing but crashing a company over a 5% performance loss is something else.  Their reputation is on the hook though.  It is also standard to not mention bugs for a period of time to give patchers time to patch.  Many businesses involved in doing the patch knew about this months ago.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: JKnott on January 11, 2018, 09:46:32 am
Likely there will be massive class action suits now that you mention it.  Wonder when that hammer will drop?

It wouldn't take much work to prove that the people who designed and manufactured the chips are responsible for their flawed design.  One would think?

Looking around the web I can see that several states are already filing suit against intel saying that by keeping the flaw secret for six months they allowed people to buy their products who likely would not have given the flaw.  You can put me on that list.  I'd have to be desperate for a new machine to buy one right now.

You'd have to prove they knew there was a problem.  This sort of thing might not be that obvious.  What I'd really like to see investigated is the CEO selling off most of his stock, AFTER Intel was advised of the problem, but before it was announced to the public.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 11, 2018, 10:10:11 am
I don't think a 5% performance drop would be declared as defective and not work in a court though.  If they can't declare it defective then Intel is off the hook.  Intel would lose way to much money to be a viable company if they had to pay to replace every CPU.  If the CPUs didn't work, that would be one thing but crashing a company over a 5% performance loss is something else.
It's not about the fact that you loose any percent of performance. Until now, everybody was sure that the hardware is 100% safe, only software can be the blame if it contains security holes. This time is a whole lot different: the hardware mis-design causes a security hole, and this cannot be fixed, because it's hardware... the product is defective. Software can be patched, fixed afterwards, etc, and that depends on the agreement between the software manufacturer and the customer, but hardware (specially CPUs) can't be patched. It turns out that hardware contains a defect, which can be worked around by software patching - but that requires a third party to be involved.

Certain bussinesses bought software and hardware combinations based on benchmarks and performance counts, if they are not fulfilled after the patch, who's the blame? The software, because it tried to fix a fault caused by the hardware?

Intel should either replace the faulty CPU, or pay for the software fixes to each bussiness, or pay for the bussiness quality degradation if CPU can't be changed.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: JKnott on January 11, 2018, 10:21:34 am
Quote
This time is a whole lot different: the hardware mis-design causes a security hole, and this cannot be fixed, because it's hardware...

I guess you've never heard of microcode.  It's the software within the CPU that enables it to understand the instruction set.  Back when I used to maintain DEC VAX 11/780 computers, there were occasional microcode updates.  Modern CPUs also use microcode and a recent Linux update for this problem included some microcode.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 11, 2018, 10:40:45 am
But this wasn't declared as a 100% fix to the issues!
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: VAMike on January 11, 2018, 11:23:52 am
Limiting access to high resolution timers is what google chrome and firefox have done.  Also strictly segmenting memory between pages.  The patch sucks to high heaven performance wise and still is vunerable. 

Good enough security?  Hmmmm.   I don't think we will have that before a processor redesign.  I mean I'm not selling my laptop or anything but I'm well aware that I need to change how I use my machines.  I'm going to have to cut way back on the number of sketchy porn sites I visit.

I think they should be presenting the patches for what they are.  An attempt to reduce the risk.  However they consistently use language that leads people to believe the patches fix things.  Last time I saw writing that misleading was when cigarette companies tried to convince everyone that smoking was perfectly harmless.

However, because of the way pfsense is used and the fact that it isn't a web browsing machine, I worry about pfsense way less than my computers that have desktops and keyboards.
No, google has also implemented per-site process segmentation as a chrome option. That makes inter-site security subject to hardware-enforced page table permissions. The hard problem is restricting memory access from a virtual machine running in the same address space as sensitive data. There are various approaches for addressing this ranging from changing the isolation model (as google did in chrome, sidestepping the problem) to adding various kinds of barriers to the userspace code (including by adding new CPU instructions). What we're talking about here is "spectre variant 1". The "meltdown variant 3" part of the announcement was basically that the guarantees provided by the page table permissions weren't being properly enforced, but that issue has been addressed. Way too many people are confused because there are multiple different vulnerabilities with a different number of different cutesy names, and those different things are being lumped together in various incorrect ways.

The "spectre variant 1" problem is the hardest and can't be magically fixed with a single patch, because there's nothing in the current design of that software to indicate to the kernel or to the hardware what code is untrusted and should be restricted from accessing memory within the process. That's why people say the problem isn't "fixed"--it can't be, until every software vendor addresses it in their own code. It isn't a fault in the hardware the way the crazies want to believe (e.g., a full replacement of basically every CPU in operation) because there was never a guarantee that code in a particular address space couldn't perform a side channel attack against data in the same address space. This basic class of attack has been known for more than 40 years, but it simply wasn't something anyone tried to address in commodity hardware & software. (Hence my comment that if we were waiting for perfect you would have had to just not use a computer for the past 40 years--which is a silly position to take, because good enough has been good enough for decades.)
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 11, 2018, 11:53:17 am
I'm sure its not a hardware problem like everyone says.  haha.
I think there is an expectation that the hardware is fundamentally secure in its design and that only software and OS issues could make it otherwise.
I'm sure the government IT guys are fairly panicked because I promise you they will not feel the patches are "good enough".
Put in other terms, if a computer was a car we would be dealing with a massive recall.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: VAMike on January 11, 2018, 11:53:44 am
Quote
This time is a whole lot different: the hardware mis-design causes a security hole, and this cannot be fixed, because it's hardware...

I guess you've never heard of microcode.  It's the software within the CPU that enables it to understand the instruction set.  Back when I used to maintain DEC VAX 11/780 computers, there were occasional microcode updates.  Modern CPUs also use microcode and a recent Linux update for this problem included some microcode.
Again, there are multiple different issues being lumped together. The meltdown/variant3 issue can't be fixed in microcode because it's an MMU problem, and the microcode patching function can only affect instruction processing. That vulnerability is addressed by adding additional code to the kernel. The intel microcode updates are mostly aimed at spectre/variant2, which can largely be addressed in software--but the software changes can also take advantage of new CPU functionality to improve protections.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: VAMike on January 11, 2018, 12:00:21 pm
Put in other terms, if a computer was a car we would be dealing with a massive recall.
A proper car analogy would be:
1) someone sells a car with remote keyless entry. the key isn't super-secure, but it's good enough given what's practical to implement.
2) some time later, someone comes up with a way to override the keyless entry using what's now a fairly cheap and readily available device.
3) the car manufacturer shrugs.

A proper house analogy would be:
1) someone sells a remote garage door opener. the opener isn't super-secure, but it's good enough given what's practical to implement.
2) some time later, someone comes up with a way to override the garage door opener using what's now a fairly cheap and readily available device.
3) the garage door opener manufacturer shrugs.

Those are both actual examples. In no case was there a massive recall. I don't fully understand the level of irrational hysteria around the possibility that almost every general purpose CPU in existence might be replaced in some sort of ridiculously unlikely recall.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 11, 2018, 12:09:00 pm
The problem is you think things will be patched and fairly usable and secure.

We disagree on this point.  I think it is a basic flaw that will never be adequately patched.

Time will tell.  I believe (an opinion) the CPU makers will end up paying lots and lots over this. 

Perhaps not going broke levels of cash but I wouldn't expect profits til the next slew of hardware is released and tested to be 100% immune.

If Intel and AMD doesn't do this, another chip maker will and that would be a disaster for the current makers.

We will know one way or another pretty soon whether people just accept this or if they start looking elsewhere for hardware. 

If Intel is smart they have rooms filled with overpaid geniuses designing new hardware this very second working 24/7....  Because someone does.
I definitely won't buy the "We are the only game in town so you have to accept it" line.  If they try that nonsense, they will end up extinct.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: VAMike on January 11, 2018, 12:22:25 pm
The problem is you think things will be patched and fairly usable and secure.

We disagree on this point.  I think it is a basic flaw that will never be adequately patched.
No, you will never eliminate all side channel attacks in commodity hardware with commodity OSs. Nobody would buy a commodity OS on commodity hardware subject to the performance and functionality limitations that would entail. Again, there has been research on this topic literally for decades. The question is whether the systems are resistant to anticipated attacks. (That is always the bar to acceptance, nothing new or specific to this topic.) The only thing that happened in the past year is that some specific techniques for exploiting specific instances from a class of vulnerabilities were identified. Some countermeasures for those specific techniques have been deployed. The cat and mouse game continues, as it has since cats and mice were invented. What you seem to be conflating is whether the general class of problem has been fixed (no, that's impossible with the current technology) and whether the specific techniques have been mitigated against (yes, they have). There is the caveat that a lot of 3rd party code will need a lot of fixes, and there may be bugs in some of the code already released--but there is always the possibility of bugs.

Quote
Perhaps not going broke levels of cash but I wouldn't expect profits til the next slew of hardware is released and tested to be 100% immune.

We will know one way or another pretty soon whether people just accept this or if they start looking elsewhere for hardware.

If Intel is smart they have rooms filled with overpaid geniuses designing new hardware this very second working 24/7....  Because someone does.
I definitely won't buy the "We are the only game in town so you have to accept it" line.  If they try that nonsense, they will end up extinct.
There will not be any major differences in the next generation of hardware. It would require a major paradigm shift which is simply not on the horizon. There are no other hardware vendors, as every modern CPU design is subject to the same class of vulnerabilities. (Not just Intel and AMD, but also ARM, POWER, etc.) It's fundamental to the way modern CPUs work, and you can either accept the performance penalty of not utilizing modern functionality or you can come up with a radical new way to achieve equivalent performance. (That is, without caches or speculative execution or instruction pipelines or NUMA, etc.) That isn't the sort of thing that just happens because someone on the internet wants it to. Generally that kind of radical change is presaged by laboratory results that are eventually refined into something commercially viable, or by incremental changes to existing products. You don't go directly from an 8080 to a Kaby Lake with nothing in between--and there isn't any sign of that kind change making its way through the pipeline.

No offense, but it doesn't seem as though you have any particular expertise in this area--which seems pretty common for the most inflammatory rhetoric on the topic. If you want to be more specific than "I think it is a basic flaw" that can't be "fairly usable and secure", then we could try to talk at a more detailed level about what the implications of each of the three variants are. Lumping the whole mess together into a vague pile of FUD doesn't offer much insight.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 11, 2018, 12:35:28 pm
Time will tell. 
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: w0w on January 11, 2018, 01:37:12 pm
Three days ago Intel released CPU microcode updates, it's time to update your BIOSes or VMware. Even if it's stated as Linux* Processor Microcode Data File, it contains binary files with a lot of processors microcode, I can't comment if it's all updated, but Haswell is updated. I've succefully edited three different BIOSes on ASUS motherboards.

https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?product=33932

Title: Re: Intel CPUs Massive Security Flaw issue
Post by: corvey on January 11, 2018, 04:05:11 pm
Massive news.   Intel has been ripped a new one over this.     

The moral of the story is: never trust anyone...
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: chpalmer on January 12, 2018, 03:00:05 pm
https://www.dslreports.com/shownews/Intels-MeltdownSpectre-Fix-Causes-Numerous-CPU-Headaches-141049
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 12, 2018, 03:25:12 pm
I'm sure its nothing. No sense crying over spilled milk...   Especially when its only 10% - 30% of your milk.  Thats nothing....  You still have 70% of what you paid for after all, with good-nuff security to boot. 

Most of the time anyway (Work load dependent, of course).  I mean if all you do is display a static image on your monitor, you might not notice any performance hit at all (-:

(Unless your computer won't boot or keeps rebooting) - My AMD just sort of slows to a crawl and hangs eventually.  Its only a problem if I need to use it though.  The rest of the time its barely noticeable.

Anyway - Its "fixed"ish.  Stop whining!
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: w0w on January 12, 2018, 10:05:57 pm
Will the microcode update be available  to install on pfSense? There is no problem with official hardware via BIOS update, but what about others?
I know that in FreeBSD it possible via sysutils/devcpu-data but it's currently would not work on pfSense because lack of support — repo and cpuctl module missing.
There are a lot of hardware that will never get any updates from manufacturers and getting it on FreeBSD/pfSense side should be the best solution.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 13, 2018, 04:11:27 am
In the releasenote of the download you just provided, this is what is instructed:

Code: [Select]
-- Microcode update instructions --
This package contains Intel microcode files in two formats:
* microcode.dat
* intel-ucode directory

microcode.dat is in a traditional text format. It is still used in some
Linux distributions. It can be updated to the system through the old microcode
update interface which is avaialble in the kernel with
CONFIG_MICROCODE_OLD_INTERFACE=y.

To update the microcode.dat to the system, one need:
1. Ensure the existence of /dev/cpu/microcode
2. Write microcode.dat to the file, e.g.
  dd if=microcode.dat of=/dev/cpu/microcode bs=1M

intel-ucode dirctory contains binary microcode files named in
family-model-stepping pattern. The file is supported in most modern Linux
distributions. It's generally located in the /lib/firmware directory,
and can be updated throught the microcode reload interface.

To update the intel-ucode package to the system, one need:
1. Ensure the existence of /sys/devices/system/cpu/microcode/reload
2. Copy intel-ucode directory to /lib/firmware, overwrite the files in
/lib/firmware/intel-ucode/
3. Write the reload interface to 1 to reload the microcode files, e.g.
  echo 1 > /sys/devices/system/cpu/microcode/reload

Doesn't look too complicated. Should be feasible on freebsd too.

Linux detailed steps: https://www.cyberciti.biz/faq/install-update-intel-microcode-firmware-linux/
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: w0w on January 13, 2018, 09:39:59 am
Actually I already did that with sysutils/devcpu-data, installed from FreeBSD repo ports and placed missing module (taken from 11.1 FreeBSD) into pfSense, but I can not make it work automagically via rc.conf.local — it does not load MCU on boot. I've used shellcmd package to run it in earlycmd. But it just experimental and I am not sure will it work when FreeBSD patch is available or will not.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Ryu945 on January 13, 2018, 09:58:13 am
I don't think a 5% performance drop would be declared as defective and not work in a court though.  If they can't declare it defective then Intel is off the hook.  Intel would lose way to much money to be a viable company if they had to pay to replace every CPU.  If the CPUs didn't work, that would be one thing but crashing a company over a 5% performance loss is something else.
It's not about the fact that you loose any percent of performance. Until now, everybody was sure that the hardware is 100% safe, only software can be the blame if it contains security holes. This time is a whole lot different: the hardware mis-design causes a security hole, and this cannot be fixed, because it's hardware... the product is defective. Software can be patched, fixed afterwards, etc, and that depends on the agreement between the software manufacturer and the customer, but hardware (specially CPUs) can't be patched. It turns out that hardware contains a defect, which can be worked around by software patching - but that requires a third party to be involved.

Certain bussinesses bought software and hardware combinations based on benchmarks and performance counts, if they are not fulfilled after the patch, who's the blame? The software, because it tried to fix a fault caused by the hardware?

Intel should either replace the faulty CPU, or pay for the software fixes to each bussiness, or pay for the bussiness quality degradation if CPU can't be changed.
 

It has been know for years that hardware is not 100% safe.  That is why there are companies with security based products that offer more secure hardware.  This would be the first time I have heard of a vulnerability in a CPU though.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 13, 2018, 10:31:58 am
So are you saying pfsense hardware isn't a security product?
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: Ryu945 on January 13, 2018, 10:41:45 am
So are you saying pfsense hardware isn't a security product?

I am saying that standard hardware likely has some vulnerability in it somewhere.  Here is an example of a company that advertises a cell phone they custum made the hardware to try to remove these vulnerabilities.  That is their claim at least.

https://www.silentcircle.com/about-us/
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: kejianshi on January 13, 2018, 01:23:47 pm
I would say those companies are actually similar to pfsense in that they use readily available consumer grade hardware and run a tightly secured OS and software.

I think any processors that are immune to spectre are immune accidentally.  I really don't think anyone purposely made a CPU to be immune to these attacks, but they will soon be doing it for sure.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: robi on January 13, 2018, 02:14:09 pm
I'd love to see some general-purpose tool to edit BIOS files and update microcode inside them. Something that would know most BIOS formats, open the BIN file, advise which binary microcode file to choose, and compile a new image from it.
Because most manufacturers won't care to release BIOS updates for motherboards older than 1-2 years.

pfSense would also want to have a nice GUI somewhere to allow us to browse for a microcode pack we can download from Intel etc. and apply it at each boot at runtime. And write in the logs whether the runtime update was successful or not.
Title: Re: Intel CPUs Massive Security Flaw issue
Post by: w0w on January 15, 2018, 12:54:26 pm
Do not update microcode now, wait.
Quote from: https://support.lenovo.com/ee/en/solutions/len-18282
Withdrawn Broadwell & Haswell CPU Microcode Update:  Intel provides the CPU microcode updates required to address Variant 2, which manufacturers like Lenovo then incorporate into their UEFI firmware. Intel has notified manufacturers of quality issues in the initial Broadwell and Haswell microcode updates with instructions to no longer distribute the affected microcode. As such, Lenovo has withdrawn previously issued UEFI firmware containing the affected Broadwell and Haswell CPU microcode. We will issue revised UEFI firmware updates as soon as possible following Intel’s release of revised Broadwell and Haswell CPU microcode. Servers affected by this issue are noted, below, as “Earlier update X withdrawn due to a microcode quality issue.”

I'd love to see some general-purpose tool to edit BIOS files and update microcode inside them. Something that would know most BIOS formats, open the BIN file, advise which binary microcode file to choose, and compile a new image from it.
Because most manufacturers won't care to release BIOS updates for motherboards older than 1-2 years.

pfSense would also want to have a nice GUI somewhere to allow us to browse for a microcode pack we can download from Intel etc. and apply it at each boot at runtime. And write in the logs whether the runtime update was successful or not.

It is not so simple. Every BIOS is copyrighted by AWARD, AMI and whoever else... Phoenix  ;D. So you just can't edit it without buying proper license and most manufacturers use also security checks, for example I just can not flash edited BIOS into Asus motherboard with standard methods — only BIOS flashback function or hardware tools, also there are some special BIOSes like HP uses for their enterprise grade hardware.
Even not so universal tool for BIOS modding like UBU (https://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html) have had copyright problem with AMI.