Diff for /wikisrc/security/intel_taa.mdwn between versions 1.2 and 1.4

version 1.2, 2019/11/12 21:19:44 version 1.4, 2019/11/12 21:25:11
Line 31  machdep.taa.method = {string} constructe Line 31  machdep.taa.method = {string} constructe
 """]]  """]]
   
 The TAA mitigation may be provided by the already-existing MDS mitigation.  The TAA mitigation may be provided by the already-existing MDS mitigation.
 Before enabling the TAA mitigation, you should first enable the MDS mitigation  Before enabling the TAA mitigation, you should first
 [enable the MDS mitigation](https://wiki.netbsd.org/security/intel_mds/)  [enable the MDS mitigation](https://wiki.netbsd.org/security/intel_mds/)
 if not already enabled.  if not already enabled.
   
 Two cases must be considered, depending the content of `machdep.taa.method`:  Two cases must then be considered, depending the content of `machdep.taa.method`:
   
  * If this leaf is set to `[MDS]`, then there is no TAA-specific mitigation to   * If this leaf is set to `[MDS]`, then there is no TAA-specific mitigation to
    use: the `machdep.taa.mitigated` leaf will be equal to `machdep.mds.mitigated`,     use: the `machdep.taa.mitigated` leaf will be equal to `machdep.mds.mitigated`,
Line 44  Two cases must be considered, depending  Line 44  Two cases must be considered, depending 
  * Otherwise, there is a TAA-specific mitigation needed. Two sub-cases must be   * Otherwise, there is a TAA-specific mitigation needed. Two sub-cases must be
    considered:     considered:
   
  ** If the BIOS provides an updated microcode containing this TAA-specific     * If the BIOS provides an updated microcode containing this TAA-specific
      mitigation, then NetBSD will have set `machdep.taa.mitigated=1` automatically       mitigation, then NetBSD will have set `machdep.taa.mitigated=1` automatically
      at boot time.       at boot time.
   
  ** If the BIOS does not provide this updated microcode, you may use NetBSD's     * If the BIOS does not provide this updated microcode, you may use NetBSD's
      pkgsrc to fetch the latest microcode distribution from Intel via the       pkgsrc to fetch the latest microcode distribution from Intel via the
      **sysutils/intel-microcode-netbsd** package. Once loaded, you can issue the       **sysutils/intel-microcode-netbsd** package. Once loaded, you can issue the
      `sysctl -w machdep.taa.mitigated=1` command to enable the TAA-specific       `sysctl -w machdep.taa.mitigated=1` command to enable the TAA-specific

Removed from v.1.2  
changed lines
  Added in v.1.4


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb