Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Side channel vulnerabilities



On Mon, Sep 06, 2021 at 08:14:28AM +0000, Emmanuel Dreyfus wrote:
> On Mon, Sep 06, 2021 at 09:55:09AM +0200, Manuel Bouyer wrote:
> > AFAIK with the latest pkgsrc Xen versions we are safe.
> > But this also depends on the CPU model and microcode version, which
> > makes it even more tricky to track down. In some cases a microcode or
> > BIOS update may be needed.
> 
> It there a way to check stats? I read that there is a L1TF shadowing
> workaround, but that is works only for 64 bis domU

One would need to check for the security issues about the specific CPU
from Intel or AMD. You could also check the Xen SAs for details.

> And is there a minimal NetBSD kernel version required?

No, all countermeasures that can be implemented in software have to be
in the Xen kernel, not in the guests.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--


Home | Main Index | Thread Index | Old Index