Loading...
1.. SPDX-License-Identifier: GPL-2.0
2
3SRBDS - Special Register Buffer Data Sampling
4=============================================
5
6SRBDS is a hardware vulnerability that allows MDS
7Documentation/admin-guide/hw-vuln/mds.rst techniques to
8infer values returned from special register accesses. Special register
9accesses are accesses to off core registers. According to Intel's evaluation,
10the special register reads that have a security expectation of privacy are
11RDRAND, RDSEED and SGX EGETKEY.
12
13When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved
14to the core through the special register mechanism that is susceptible
15to MDS attacks.
16
17Affected processors
18-------------------
19Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may
20be affected.
21
22A processor is affected by SRBDS if its Family_Model and stepping is
23in the following list, with the exception of the listed processors
24exporting MDS_NO while Intel TSX is available yet not enabled. The
25latter class of processors are only affected when Intel TSX is enabled
26by software using TSX_CTRL_MSR otherwise they are not affected.
27
28 ============= ============ ========
29 common name Family_Model Stepping
30 ============= ============ ========
31 IvyBridge 06_3AH All
32
33 Haswell 06_3CH All
34 Haswell_L 06_45H All
35 Haswell_G 06_46H All
36
37 Broadwell_G 06_47H All
38 Broadwell 06_3DH All
39
40 Skylake_L 06_4EH All
41 Skylake 06_5EH All
42
43 Kabylake_L 06_8EH <= 0xC
44 Kabylake 06_9EH <= 0xD
45 ============= ============ ========
46
47Related CVEs
48------------
49
50The following CVE entry is related to this SRBDS issue:
51
52 ============== ===== =====================================
53 CVE-2020-0543 SRBDS Special Register Buffer Data Sampling
54 ============== ===== =====================================
55
56Attack scenarios
57----------------
58An unprivileged user can extract values returned from RDRAND and RDSEED
59executed on another core or sibling thread using MDS techniques.
60
61
62Mitigation mechanism
63--------------------
64Intel will release microcode updates that modify the RDRAND, RDSEED, and
65EGETKEY instructions to overwrite secret special register data in the shared
66staging buffer before the secret data can be accessed by another logical
67processor.
68
69During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core
70accesses from other logical processors will be delayed until the special
71register read is complete and the secret data in the shared staging buffer is
72overwritten.
73
74This has three effects on performance:
75
76#. RDRAND, RDSEED, or EGETKEY instructions have higher latency.
77
78#. Executing RDRAND at the same time on multiple logical processors will be
79 serialized, resulting in an overall reduction in the maximum RDRAND
80 bandwidth.
81
82#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other
83 logical processors that miss their core caches, with an impact similar to
84 legacy locked cache-line-split accesses.
85
86The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable
87the mitigation for RDRAND and RDSEED instructions executed outside of Intel
88Software Guard Extensions (Intel SGX) enclaves. On logical processors that
89disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
90take longer to execute and do not impact performance of sibling logical
91processors memory accesses. The opt-out mechanism does not affect Intel SGX
92enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
93as EGETKEY execution).
94
95IA32_MCU_OPT_CTRL MSR Definition
96--------------------------------
97Along with the mitigation for this issue, Intel added a new thread-scope
98IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and
99RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =
1009]==1. This MSR is introduced through the microcode update.
101
102Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor
103disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
104enclave on that logical processor. Opting out of the mitigation for a
105particular logical processor does not affect the RDRAND and RDSEED mitigations
106for other logical processors.
107
108Note that inside of an Intel SGX enclave, the mitigation is applied regardless
109of the value of RNGDS_MITG_DS.
110
111Mitigation control on the kernel command line
112---------------------------------------------
113The kernel command line allows control over the SRBDS mitigation at boot time
114with the option "srbds=". The option for this is:
115
116 ============= =============================================================
117 off This option disables SRBDS mitigation for RDRAND and RDSEED on
118 affected platforms.
119 ============= =============================================================
120
121SRBDS System Information
122------------------------
123The Linux kernel provides vulnerability status information through sysfs. For
124SRBDS this can be accessed by the following sysfs file:
125/sys/devices/system/cpu/vulnerabilities/srbds
126
127The possible values contained in this file are:
128
129 ============================== =============================================
130 Not affected Processor not vulnerable
131 Vulnerable Processor vulnerable and mitigation disabled
132 Vulnerable: No microcode Processor vulnerable and microcode is missing
133 mitigation
134 Mitigation: Microcode Processor is vulnerable and mitigation is in
135 effect.
136 Mitigation: TSX disabled Processor is only vulnerable when TSX is
137 enabled while this system was booted with TSX
138 disabled.
139 Unknown: Dependent on
140 hypervisor status Running on virtual guest processor that is
141 affected but with no way to know if host
142 processor is mitigated or vulnerable.
143 ============================== =============================================
144
145SRBDS Default mitigation
146------------------------
147This new microcode serializes processor access during execution of RDRAND,
148RDSEED ensures that the shared buffer is overwritten before it is released for
149reuse. Use the "srbds=off" kernel command line to disable the mitigation for
150RDRAND and RDSEED.
1.. SPDX-License-Identifier: GPL-2.0
2
3SRBDS - Special Register Buffer Data Sampling
4=============================================
5
6SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to
7infer values returned from special register accesses. Special register
8accesses are accesses to off core registers. According to Intel's evaluation,
9the special register reads that have a security expectation of privacy are
10RDRAND, RDSEED and SGX EGETKEY.
11
12When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved
13to the core through the special register mechanism that is susceptible
14to MDS attacks.
15
16Affected processors
17-------------------
18Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may
19be affected.
20
21A processor is affected by SRBDS if its Family_Model and stepping is
22in the following list, with the exception of the listed processors
23exporting MDS_NO while Intel TSX is available yet not enabled. The
24latter class of processors are only affected when Intel TSX is enabled
25by software using TSX_CTRL_MSR otherwise they are not affected.
26
27 ============= ============ ========
28 common name Family_Model Stepping
29 ============= ============ ========
30 IvyBridge 06_3AH All
31
32 Haswell 06_3CH All
33 Haswell_L 06_45H All
34 Haswell_G 06_46H All
35
36 Broadwell_G 06_47H All
37 Broadwell 06_3DH All
38
39 Skylake_L 06_4EH All
40 Skylake 06_5EH All
41
42 Kabylake_L 06_8EH <= 0xC
43 Kabylake 06_9EH <= 0xD
44 ============= ============ ========
45
46Related CVEs
47------------
48
49The following CVE entry is related to this SRBDS issue:
50
51 ============== ===== =====================================
52 CVE-2020-0543 SRBDS Special Register Buffer Data Sampling
53 ============== ===== =====================================
54
55Attack scenarios
56----------------
57An unprivileged user can extract values returned from RDRAND and RDSEED
58executed on another core or sibling thread using MDS techniques.
59
60
61Mitigation mechanism
62--------------------
63Intel will release microcode updates that modify the RDRAND, RDSEED, and
64EGETKEY instructions to overwrite secret special register data in the shared
65staging buffer before the secret data can be accessed by another logical
66processor.
67
68During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core
69accesses from other logical processors will be delayed until the special
70register read is complete and the secret data in the shared staging buffer is
71overwritten.
72
73This has three effects on performance:
74
75#. RDRAND, RDSEED, or EGETKEY instructions have higher latency.
76
77#. Executing RDRAND at the same time on multiple logical processors will be
78 serialized, resulting in an overall reduction in the maximum RDRAND
79 bandwidth.
80
81#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other
82 logical processors that miss their core caches, with an impact similar to
83 legacy locked cache-line-split accesses.
84
85The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable
86the mitigation for RDRAND and RDSEED instructions executed outside of Intel
87Software Guard Extensions (Intel SGX) enclaves. On logical processors that
88disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
89take longer to execute and do not impact performance of sibling logical
90processors memory accesses. The opt-out mechanism does not affect Intel SGX
91enclaves (including execution of RDRAND or RDSEED inside an enclave, as well
92as EGETKEY execution).
93
94IA32_MCU_OPT_CTRL MSR Definition
95--------------------------------
96Along with the mitigation for this issue, Intel added a new thread-scope
97IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and
98RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL =
999]==1. This MSR is introduced through the microcode update.
100
101Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor
102disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
103enclave on that logical processor. Opting out of the mitigation for a
104particular logical processor does not affect the RDRAND and RDSEED mitigations
105for other logical processors.
106
107Note that inside of an Intel SGX enclave, the mitigation is applied regardless
108of the value of RNGDS_MITG_DS.
109
110Mitigation control on the kernel command line
111---------------------------------------------
112The kernel command line allows control over the SRBDS mitigation at boot time
113with the option "srbds=". The option for this is:
114
115 ============= =============================================================
116 off This option disables SRBDS mitigation for RDRAND and RDSEED on
117 affected platforms.
118 ============= =============================================================
119
120SRBDS System Information
121------------------------
122The Linux kernel provides vulnerability status information through sysfs. For
123SRBDS this can be accessed by the following sysfs file:
124/sys/devices/system/cpu/vulnerabilities/srbds
125
126The possible values contained in this file are:
127
128 ============================== =============================================
129 Not affected Processor not vulnerable
130 Vulnerable Processor vulnerable and mitigation disabled
131 Vulnerable: No microcode Processor vulnerable and microcode is missing
132 mitigation
133 Mitigation: Microcode Processor is vulnerable and mitigation is in
134 effect.
135 Mitigation: TSX disabled Processor is only vulnerable when TSX is
136 enabled while this system was booted with TSX
137 disabled.
138 Unknown: Dependent on
139 hypervisor status Running on virtual guest processor that is
140 affected but with no way to know if host
141 processor is mitigated or vulnerable.
142 ============================== =============================================
143
144SRBDS Default mitigation
145------------------------
146This new microcode serializes processor access during execution of RDRAND,
147RDSEED ensures that the shared buffer is overwritten before it is released for
148reuse. Use the "srbds=off" kernel command line to disable the mitigation for
149RDRAND and RDSEED.