Diff for /wikisrc/security/intel_taa.mdwn between versions 1.3 and 1.6

version 1.3, 2019/11/12 21:22:49 version 1.6, 2019/11/12 21:33:54
Line 1 Line 1
 [[!meta title="Intel TAA"]]  [[!meta title="Intel TAA"]]
   
   Release date: 2019-11-12
   
 ###Description  ###Description
 Details and mitigation information about a sub-class of speculative execution  Details and mitigation information about a sub-class of speculative execution
 side-channel vulnerabilities called TSX Asynchronous Abort (TAA).  side-channel vulnerabilities called TSX Asynchronous Abort (TAA).
   
   Please refer to the Intel Security Advisory 00270 located at:
   [Intel website](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html).
   
 The TAA vulnerability is a sub-set of the MDS vulnerability, already mitigated  The TAA vulnerability is a sub-set of the MDS vulnerability, already mitigated
 in NetBSD.  in NetBSD.
   
Line 31  machdep.taa.method = {string} constructe Line 36  machdep.taa.method = {string} constructe
 """]]  """]]
   
 The TAA mitigation may be provided by the already-existing MDS mitigation.  The TAA mitigation may be provided by the already-existing MDS mitigation.
 Before enabling the TAA mitigation, you should first enable the MDS mitigation  Before enabling the TAA mitigation, you should first
 [enable the MDS mitigation](https://wiki.netbsd.org/security/intel_mds/)  [enable the MDS mitigation](https://wiki.netbsd.org/security/intel_mds/)
 if not already enabled.  if not already enabled. This may imply loading an updated microcode, if not
   already provided by the BIOS.
   
 Two cases must be considered, depending the content of `machdep.taa.method`:  Two cases must then be considered, depending the content of `machdep.taa.method`:
   
  * If this leaf is set to `[MDS]`, then there is no TAA-specific mitigation to   * If this leaf is set to `[MDS]`, then there is no TAA-specific mitigation to
    use: the `machdep.taa.mitigated` leaf will be equal to `machdep.mds.mitigated`,     use: the `machdep.taa.mitigated` leaf will be equal to `machdep.mds.mitigated`,
Line 50  Two cases must be considered, depending  Line 56  Two cases must be considered, depending 
   
    * If the BIOS does not provide this updated microcode, you may use NetBSD's     * If the BIOS does not provide this updated microcode, you may use NetBSD's
      pkgsrc to fetch the latest microcode distribution from Intel via the       pkgsrc to fetch the latest microcode distribution from Intel via the
      **sysutils/intel-microcode-netbsd** package. Once loaded, you can issue the       **sysutils/intel-microcode-netbsd** package. With the new microcode loaded,
      `sysctl -w machdep.taa.mitigated=1` command to enable the TAA-specific       you can issue the `sysctl -w machdep.taa.mitigated=1` command to enable the
      mitigation.       TAA-specific mitigation.

Removed from v.1.3  
changed lines
  Added in v.1.6


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb