Twitter | Pretraživanje | |
Dan Luu 7. pro
This kind of thing is why the CPU startup I worked for allowed users to change the CPUID: you get huge performance gains from putting GenuineIntel in CPUID(0), but it would be a copyright violation to distribute our CPU with GenuineIntel in the CPUID
Reply Retweet Označi sa "sviđa mi se"
Dan Luu 7. pro
Odgovor korisniku/ci @danluu
That post blames Intel, but it's not just them. NaCl forcibly crashed (and Google refused our trivial fix!!!), random drivers wouldn't work, you had to get a patched Windows installer for multiple releases of Windows (difficult in the days of CD installers), etc.
Reply Retweet Označi sa "sviđa mi se"
Dan Luu
The Google Chromium team banning our CPUs is especially ironic in retrospect since they cited security concerns. At the time, we were mostly shipping in-order CPUs, not vulnerable to Metldown/Spectre/etc. and of course Intel is the most vulnerable these.
Reply Retweet Označi sa "sviđa mi se" More
Dan Luu 9. pro
Odgovor korisniku/ci @danluu
BTW, if you want to try CPUID spoofing without virtualization and have a VIA processor, Agner Fog wrote this little utility: Performance delta on benchmarks varies, here's an example of a ~50% gain (47%):
Reply Retweet Označi sa "sviđa mi se"
Tavis Ormandy 8. pro
Odgovor korisniku/ci @danluu @chort0
The security of NaCL required accurately predicting controlflow, and confidence it would work in adversarial conditions (e.g. someone trying to induce faults, undocumented opcodes, etc.). I said it seemed prudent to whitelist cpus we had tested, I stand by that. 🤷🏻‍♂️
Reply Retweet Označi sa "sviđa mi se"
Tavis Ormandy 8. pro
Odgovor korisniku/ci @danluu @chort0
If someone overclocks their cpu, and an attacker does some x87 operation in a tight loop for a few minutes, how confident are you a branches won't be miscalculated? Usually no security consequences for this, so vendors didn't test, It worried me 🤷🏻‍♂️e.g.
Reply Retweet Označi sa "sviđa mi se"
Sven Slootweg @ 36C3 8. pro
Odgovor korisniku/ci @danluu
Clearly the correct solution would have been to take a page from the browser book, and call your CPU "AuthenticAMD (like GenuineIntel)"!
Reply Retweet Označi sa "sviđa mi se"
Daniel Bilar 8. pro
Odgovor korisniku/ci @danluu @threadreaderapp
kindly unroll
Reply Retweet Označi sa "sviđa mi se"
Thread Reader App 8. pro
Odgovor korisniku/ci @daniel_bilar @danluu
Halo!, you can read it here: Thread by : This kind of thing is why the CPU startup I worked for allowed users to change the CPUID: you get… . Share this if you think it's interesting. 🤖
Reply Retweet Označi sa "sviđa mi se"
Marsh Ray 8. pro
Odgovor korisniku/ci @danluu @brouhaha
Did your CPU recognize any special opcodes, or in any way handle EIP differently? It’s hard to prove a negative. I think I would have made the same call.
Reply Retweet Označi sa "sviđa mi se"
Andrew Bingham 8. pro
Odgovor korisniku/ci @marshray @danluu @brouhaha
Let's make Google the gatekeepers of more stuff, that will be great.
Reply Retweet Označi sa "sviđa mi se"