Rowhammer
116 views
Skip to first unread message
Demi Obenour
Apr 5, 2020, 12:10:56 AM4/5/20
to qubes-devel
Are either of the Qubes-certified laptops vulnerable to Rowhammer or to TRRespass? I believe that immunity to both should be required. Also, are Lenovo P51s vulnerable?
Sincerely,
Demi
David Hobach
Apr 5, 2020, 4:14:22 AM4/5/20
to Demi Obenour, qubes-devel
change depending on availability.
memtest86 has a test for Rowhammer, but in my experience it usually
shows "all good" which contradicts the papers ("80% vulnerable to
Rowhammer").
Zach Lym
May 15, 2020, 12:52:32 PM5/15/20
to qubes-devel
You should probably ask the vendors who are selling it.
The only truly effective mitigation for ROWHAMMER that I am aware of is encrypted memory, which is only available on some AMD processors.
dhorf-qrir...@hashmail.org
May 15, 2020, 1:40:13 PM5/15/20
to Zach Lym, qubes-devel
On Fri, May 15, 2020 at 09:52:32AM -0700, Zach Lym wrote:
> The only truly effective mitigation for ROWHAMMER that I am aware of is
> encrypted memory, which is only available on some AMD processors.
do you have any reference/paper/link for this?
> The only truly effective mitigation for ROWHAMMER that I am aware of is
> encrypted memory, which is only available on some AMD processors.
aiui pure "destructive" rowhammer will not be changed by "memory
encryption" at all.
a "privilege escalation / limited targeted write" rowhammer will
only be a little harder and easier to detect. (depending on
implementation details)
and a memory encrpytion implementation that was designed with this
problem in mind might make "rambleed / reading through reverse
rowhammer" somewhat hard.
Zach Lym
May 16, 2020, 11:22:33 PM5/16/20
to dhorf-qrir...@hashmail.org, qubes-devel
Damn, you are right: AMD uses weasle wording in their documention, but from their security notices it doesn't appear that they are verify integrity.
Reply all
Reply to author
Forward
0 new messages