Linux kernel maintainer: Intel chip security issues will exist for a long time
Greg Kroah-Hartman, a stable kernel maintainer, said in a keynote speech at the Open Source Summit Europe that the security of Intel chips will exist for a long time. Kroah-Hartman said, “These problems are going to be with us for a very long time, they’re not going away. They’re all CPU bugs, in some ways they’re all the same problem,” but each has to be solved in its own way. “MDS, RDDL, Fallout, Zombieland: They’re all variants of the same basic problem.”
For example, the RIDL and Zombieload vulnerabilities can steal data across applications, virtual machines, and secure enclaves. Ironically, Intel Software Protection Extensions (SGX) protects data security on the chip, and the results themselves are many vulnerabilities. Kroah-Hartman calls it a fix for every exposure, and you must patch the Linux kernel, CPU BIOS, and microcode at the same time. This is not just a Linux issue, any operating system faces the same problem.
He acknowledged that OpenBSD has given a recent solution to address this type of vulnerability: turning off hyper-threading on Intel processors to overcome the performance penalty. Kroah-Hartman says you have to choose performance or security, and there is no good choice here.
Via: ZDNet