Displaying 2 results from an estimated 2 matches for "insecure_development_mod".
Did you mean:
insecure_development_mode
2020 Apr 25
5
[PATCH] Allow RDTSC and RDTSCP from userspace
On Sat, Apr 25, 2020 at 1:23 PM Joerg Roedel <joro at 8bytes.org> wrote:
>
> On Sat, Apr 25, 2020 at 12:47:31PM -0700, Andy Lutomirski wrote:
> > I assume the race you mean is:
> >
> > #VC
> > Immediate NMI before IST gets shifted
> > #VC
> >
> > Kaboom.
> >
> > How are you dealing with this? Ultimately, I think that NMI will need
2020 Apr 27
0
Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace)
...ss that entails.
2. Say that we SEV-ES client support on Rome and Naples is for
development only and do a quick boot-time check for whether #DB is
intercepted. (Just set TF and see what vector we get.) If #DB is
intercepted, print a very loud warning and refuse to boot unless some
special sev_es.insecure_development_mode or similar option is set.
#2 results in simpler and more robust entry code. #1 is more secure.
So my question is: will anyone actually use SEV-ES in production on
Rome or Naples? As I understand it, it's not really ready for prime
time on those chips. And do we care if the combination of...