Analysis In connection with Intel's coordinated disclosure today of a family of security issues discovered in millions of processors, Google has turned off Hyper-Threading in Chrome OS to fully protect its users.
Meanwhile, Apple, Microsoft, IBM's Red Hat, QubesOS and Xen have informed customers that they might want to take similar steps.
The family of errors is called microarchitecture data sampling (MDS), and Chipzilla's official advice is here, along with the necessary microcode updates to reduce the data-lingering security issues and list of affected products. Installing these solutions and disabling Intel's Hyper-Threading feature is a sure-fire way to kill the errors, even though it may be a result feature.
Hyper-Threading is Intel's simultaneous multithreading (SMT) implementation, a technique for sharing a single physical processor core into two virtual cores known as hardware threads. It will improve performance by allowing two software threads to run simultaneously through each physical core, and sharing available resources on silicon as needed. This means that a physical core can juggle two threads, either in the same application or two separate applications, while improving the throughput. Some workloads benefit from this, some are obstructed or see no gain. You mileage may vary.
However, one thing that brings into the mix is the risk that side channel monitoring techniques, such as MDS, can break hardware bar isolation and access sensitive data, it should not be able to see. In other words, a thread can sniff the memory access of another thread that shares the same physical CPU core, and potentially promises passwords, keys, and other secrets.
Really, today's rendering of chip errors covers a group of design blunders: ZombieLoad (CVE-201
There are also RIDL and Fallout (CVE-2018-12126, CVE-2018-12127, CVE-2019-11091) that can be exploited to steal confidently. info from the memory.
Reducing these security surveillance in Intel's chips will require microcode updates to be installed, and operating system and hypervisor patches to use them, so check the OS vendor and system manufacturer if necessary for new software and install it as soon as you are able. These fixes can introduce a performance hit, depending on the type of programs you run.
You can choose to turn off Hyper-Threading to fully neutralize the threat, although you may want to weigh up if it's worth the cost of your tests by testing your programs with the feature on and off.
Google said it disables Hyper-Threading by default on Chrome OS 74 and cites security issues, noting that Chrome OS 75 will have additional limitations.
"The decision to disable or enable Hyper-Threading is a security versus performance discrepancy," said the web giant's people in a notification alert. "With Hyper-Threading disabled, Intel CPUs can experience reduced performance, which varies with workload. But with Hyper-Threading enabled, users can perform code, for example, by visiting a site or running an Android app that utilizes MDS read sensitive content in memory. "
Google has further details on how it handles the errors, from client applications to cloud services, here.
The OpenBSD community for one came to that conclusion last year when it disabled Hyber-Threading in OpenBSD 6.4. Due to earlier Intel processor vulnerabilities (TLBleed and L1TF) showing Hyper-Threading being a risk, OpenBSD leader Theo de Raadt discovered that Hyper-Threading is fundamentally corrupted because shares resources between two CPU instances without securing secure isolation.
"DISABLE HREPERTHREADING ON ALL THE INTEL MACHINES IN THE BIOSET," he said in a mailing list at that time.
"Complete limitation requires you to use the Terminal app to enable additional CPU instruction and disable high-thread processing technology," warns Apple. in his advisory. "This feature is available for MacOS Mojave, High Sierra and Sierra in the latest security updates, and can reduce performance by up to 40 percent, with the greatest impact on intensive multithreaded computing tasks."
Unfortunately for Apple customers with older Macs, Intel has not made microcode solutions available for Mac models from 2010 or earlier.
Microsoft in the MDS threat management does not stand firm, but notes that "To be fully protected, customers must also disable Hyper-Threading." The Windows giant has released operating system updates to reduce Intel's design errors in connection with with required microcode updates. See the aforementioned link.
Red Hat contains a link to disable Hyper-Threading in their advice without giving any recommendation in any way. Security Page Hyper-Threading (SMT) Security Page Notes, "Various microprocessor errors have been discovered recently. Certain issues require SMT to be disabled to make the problem more trouble-free."
Enterprise Linux sligner has several technical notes here and here on cause and effects – or you can check out the knowledge below. Other Linux distros will also roll out their solutions. Here is the situation with Ubuntu and Debian, for example.
Google Cloud recommends only disabling Hyper-Threading for Compute Engine users "if you use Container Optimized OS (COS) as your Guest OS and you run unsafe, multi-purpose workloads on your virtual machine." It makes a similar recommendation for those who run insecure code on several Kubernetes Engine tenants.
Xen, which makes a hypervisor used by AWS (advisory) and other cloud providers others, issued a guide describing the risk of Hyper-Thread while refusing to disable the technology by default because it would be too disruptive. Mitigations and repairs are available from the above link.
"Data leakage from Xen or other guests can only be prevented completely by disabling hyper-threading (if available and active in the BIOS), and by using the updates for Xen,"
Intel has a fine technology, and leaves the decision to disable Hyper-Threading to their industry partners.
"Intel I do not recommend disabling HT," told a company spokesman The Register in an email.
"It is important to understand that disabling SMT / HT not only provides protection against MDS, and this can affect workload performance or resource utilization that may vary depending on workload.
" After the systems have been updated, there are some cases where additional considerations may apply. Our software partners will provide guidance that can help customers make the right decisions for their systems and workloads that are critical to their needs. "®