[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting constant-time mode CPU flag


  • To: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Wed, 7 Sep 2022 10:51:55 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PHUaX32//UmlLZr3kDOAUXue1NlS8qQrKgnTLnUUlQ8=; b=FAyTzGAwhR40warT46nG0uoPE99Uyt5JEo3g0FEZPWSOytXGF1lzFvUmnpo4G1UUxN25LlyxnH84uCabYbE+mSQNMiABVwydjk6/YvDHkM2to7jOl5LDQLJkpxClxVUZ7u1G8It1mXZSadU90/2txa8+Av1arzvqxbApYW8HkhPGWQSYgM4z6EAGvG32wf4OylM4Gm4ckvzmpJaGij+hWuaSrPBa8DTCl6N1WQDL7WI1M6Wb/4lEAB15OtkwuOFye/rB1tnbXjbwtWGt0uUI3nugx12HWhv8639ED3w13A77z7nk6mEL8kYVq0ud4xd4VuZ/gJH+AxbdI0cFX36xZQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PHUaX32//UmlLZr3kDOAUXue1NlS8qQrKgnTLnUUlQ8=; b=XHwvwt88wb9t6H48Qmx92qturkuKXXQ4WWS9Z2AVlqjflBQm3QcgWGZ57G1kvxPqPcXoyFCnDPf4SnRbkXq9+W/2I0ynfaIag0KXRon1otvvs4CKARWoH3oxuq9VU3VL/7/BgitQQoFFQ5FwLHL2DZBfZaPEc+SZWlNGQ/crENObJ+yUBQUNYD8pzgEkYnIhlmYQCBEzQTWNehKsvBXLwpW10GwGZ5hOs9uX0/dUejDc4Y/zXtXcFI6dqNsuKeYYGcgUSxCSgJO+SJdsj2tWlm8D/DTGl4iUAiLIu9NjeMEmZEgRgVIQTSWzQ89ItGPq+nQcafkhrT1B8gEWzG0xRw==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=dFSTpt7Z832onP/39P3o5y0lB6MuxGbngz8YUe8UtgJEiJ9OU4x1odcBtsCz1rsS9GaWn5kPygg8zibpnS1R+SuBlSGmpoYhZDS0V/6KH9WU3ssj0Lc2X8gmMoZmP8+k2DO+zPjcTKMbghjljwm7za3GJvIe4eP7dgq/XSOwaKErcCv51uKzyNGOd21ZomeJiJAKDEkS+1BoT99qxKEE1QFWBuJi/eDmsV6doU2YC4zi8avlH5BpvyUkpPN8e5zq3WvxG7sUKoRIviMSSOjS0wdzNbG/owGuIr9ee3EHlSKqNqiTZvI5fhlnrHYfIwgIOMIBTgxSR7ql3C53+kpghg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a0Fpr0vgMD6SjkHIMA+/XZ4Td3jKTE+9HtkOS2MVlrV9sw+2TiE0EHyVuHanmPNPKfJ5tp1mfF063n74MTJ5lHR9XvNplUb7Z3iFn5uwUDAuvTGYa/ZzmrkzormXsn/r0I9MTQ6w66VUh1SKabuLJB8zRxtwEye0RUusEQ/wZExPV2uSaO7wOH0/1iAgKwCTCdYT1YHcSL57PnL7xR9VJyJOB4Ql0WuB21Ezpf/EfjcA0WqSLMZRqKz1Oy37iBJn/6nDqqUUDWxc1z5xqok9vlEXsZ7mQbF8shnNHi62DHFwcKgO0WE5gXVuJGztse9S1xAVtlN9bKDulgzxUvHlEw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Simon Gaiser <simon@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Delivery-date: Wed, 07 Sep 2022 10:52:12 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHYvnCFtdzK/xNtMUekqKxcT1Pan63T0s+A
  • Thread-topic: Setting constant-time mode CPU flag

Hi Demi,

> On 2 Sep 2022, at 03:05, Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> 
> wrote:
> 
> On Intel chips (Ice Lake and later) and ARM64, a bit needs to be set in

This bit would not change anything on Arm currently so nothing is required for 
now (and nothing has been done in Linux for ARM64).

Thanks a lot for notifying us.

Kind regards
Bertrand

> a CPU register to enforce constant-time execution.  Linux plans to set
> this bit by default; Xen should do the same.  See
> https://lore.kernel.org/lkml/YwgCrqutxmX0W72r@xxxxxxxxx/T/ for details.
> I recommend setting the bit unconditionally and ignoring guest attempts
> to change it.
> -- 
> Sincerely,
> Demi Marie Obenour (she/her/hers)
> Invisible Things Lab




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.