Diff for /wikisrc/security/intel_taa.mdwn between versions 1.4 and 1.6

version 1.4, 2019/11/12 21:25:11 version 1.6, 2019/11/12 21:33:54
Line 1 Line 1
 [[!meta title="Intel TAA"]]  [[!meta title="Intel TAA"]]
   
   Release date: 2019-11-12
   
 ###Description  ###Description
 Details and mitigation information about a sub-class of speculative execution  Details and mitigation information about a sub-class of speculative execution
 side-channel vulnerabilities called TSX Asynchronous Abort (TAA).  side-channel vulnerabilities called TSX Asynchronous Abort (TAA).
   
   Please refer to the Intel Security Advisory 00270 located at:
   [Intel website](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html).
   
 The TAA vulnerability is a sub-set of the MDS vulnerability, already mitigated  The TAA vulnerability is a sub-set of the MDS vulnerability, already mitigated
 in NetBSD.  in NetBSD.
   
Line 33  machdep.taa.method = {string} constructe Line 38  machdep.taa.method = {string} constructe
 The TAA mitigation may be provided by the already-existing MDS mitigation.  The TAA mitigation may be provided by the already-existing MDS mitigation.
 Before enabling the TAA mitigation, you should first  Before enabling the TAA mitigation, you should first
 [enable the MDS mitigation](https://wiki.netbsd.org/security/intel_mds/)  [enable the MDS mitigation](https://wiki.netbsd.org/security/intel_mds/)
 if not already enabled.  if not already enabled. This may imply loading an updated microcode, if not
   already provided by the BIOS.
   
 Two cases must then be considered, depending the content of `machdep.taa.method`:  Two cases must then be considered, depending the content of `machdep.taa.method`:
   
Line 50  Two cases must then be considered, depen Line 56  Two cases must then be considered, depen
   
    * If the BIOS does not provide this updated microcode, you may use NetBSD's     * If the BIOS does not provide this updated microcode, you may use NetBSD's
      pkgsrc to fetch the latest microcode distribution from Intel via the       pkgsrc to fetch the latest microcode distribution from Intel via the
      **sysutils/intel-microcode-netbsd** package. Once loaded, you can issue the       **sysutils/intel-microcode-netbsd** package. With the new microcode loaded,
      `sysctl -w machdep.taa.mitigated=1` command to enable the TAA-specific       you can issue the `sysctl -w machdep.taa.mitigated=1` command to enable the
      mitigation.       TAA-specific mitigation.

Removed from v.1.4  
changed lines
  Added in v.1.6


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb