Difference between revisions of "Configuring Spectre Protection Level"

From RCS Wiki
Jump to navigation Jump to search
m (clarify that a full restart is required to apply the changes)
(Add detailed information on the vulnerabilities.)
Line 1: Line 1:
The Spectre protections on [[POWER9]] can be partly or fully disengaged if desired. Note that disengaging the protections will leave you vulnerable to attack via Spectre variant 2, and could result in data leakage and/or system compromise.
+
RaptorCS ships [[POWER9]] default for the Spectre mitigation protection as Kernel + User protection. The security vulnerabilities, [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 CVE-2017-5753] and [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 CVE-2017-5715] (collectively known as Spectre) allow user-level code to infer data from unauthorized memory by using speculative execution to perform side-channel information disclosure attacks. If the default Spectre protection level had been changed on the system previously, this modified level of Spectre protection will persist across the firmware update. 
 +
 
 +
The following are the steps that can be used to override the default Spectre protection to provide Kernel protection for Spectre or provide for more performance by fully disengaging the Spectre protection. Note that disengaging the protections will leave the system vulnerable to attack via Spectre variant 2, and could result in data leakage and/or system compromise. '''The override is controlled by the BMC and requires a reboot of the POWER9 to take effect'''.
  
 
To override the protection level:
 
To override the protection level:
Line 6: Line 8:
 
* Add the following contents:
 
* Add the following contents:
 
  # Control speculative execution mode
 
  # Control speculative execution mode
  0 0x283a 0x00000001  # bits 28:31 are used for init level -- in this case 1
+
  0 0x283a 0x00000001  # bits 28:31 are used for init level -- in this case set to Init level 1 (Kernel protection)
  0 0x283F 0x20000000  # Indicate scratch 3 is valid
+
  0 0x283F 0x20000000  # Indicate override register is valid
*  Re-[[IPL]] (fully power off and restart the host system) to apply changes.
+
*  Re-[[IPL]] (reboot) to apply changes.
  
 
Key:
 
Key:

Revision as of 18:16, 25 March 2020

RaptorCS ships POWER9 default for the Spectre mitigation protection as Kernel + User protection. The security vulnerabilities, CVE-2017-5753 and CVE-2017-5715 (collectively known as Spectre) allow user-level code to infer data from unauthorized memory by using speculative execution to perform side-channel information disclosure attacks. If the default Spectre protection level had been changed on the system previously, this modified level of Spectre protection will persist across the firmware update.

The following are the steps that can be used to override the default Spectre protection to provide Kernel protection for Spectre or provide for more performance by fully disengaging the Spectre protection. Note that disengaging the protections will leave the system vulnerable to attack via Spectre variant 2, and could result in data leakage and/or system compromise. The override is controlled by the BMC and requires a reboot of the POWER9 to take effect.

To override the protection level:

  • Create/edit the /var/lib/obmc/cfam_overrides on the BMC.
  • Add the following contents:
# Control speculative execution mode
0 0x283a 0x00000001  # bits 28:31 are used for init level -- in this case set to Init level 1 (Kernel protection)
0 0x283F 0x20000000  # Indicate override register is valid
  • Re-IPL (reboot) to apply changes.

Key:

  • Init level 0 — Kernel and User protection (safest, default)
  • Init level 1 — Kernel protection only
  • Init level 2 — No protection