Announcement regarding the Meltdown and Spectre attacks
260 views
Skip to first unread message
Andrew David Wong
Jan 4, 2018, 10:27:29 AM1/4/18
to qubes...@googlegroups.com, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Qubes Community,
The Qubes Security Team is currently investigating the extent to which
[XSA-254] (and the [Meltdown] and [Spectre] attacks more generally)
affect the security of Qubes OS. The practical impact of these attacks
on Qubes is currently unclear. While the Qubes Security Team is a
member of the [Xen predisclosure list], [XSA-254] was disclosed on an
accelerated timetable ahead of schedule, so our team has not yet had a
chance to analyze these attacks, nor has the Xen Project released any
patches associated with [XSA-254]. We are continuing to monitor the
situation closely. Once the Security Team makes a determination about
the impact on Qubes, we will make another announcement, update the
[XSA Tracker], and, if appropriate, issue a [Qubes Security Bulletin]
with information about patching.
[XSA-254]: https://xenbits.xen.org/xsa/advisory-254.html
[Meltdown]: https://meltdownattack.com/
[Spectre]: https://spectreattack.com/
[Xen predisclosure list]: https://www.xenproject.org/security-policy.html
[XSA Tracker]: https://www.qubes-os.org/security/xsa/
[Qubes Security Bulletin]: https://www.qubes-os.org/security/bulletins/
This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2018/01/04/xsa-254-meltdown-spectre/
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpOR88ACgkQ203TvDlQ
MDCJ4w//WNeEUpsJ77Lj4ld5+nhqbUEYymGRjMPQAFQBrgnwzl4e9B1XlSyiSgfE
/moCRziePUy3rbjxg9CQhYau2qWIFLtsxjPggM6t//dWOcQY1P9Agc0HWvNqOKLO
tetILbCD1ttz4/WdcRvJTBD7y4NbeCcdDguuPjXgVbA3pRZ2fewUhlQ8/cjS8xV3
/xJfUHNiV5iT9W7pWVMuz7Z79xpZB7Yz3ONAN5OqS0eXEG0M3k77VQfTLylPzuXR
L8suGjeyZeeuUVVCFxHCyHaPod+e8YvHsCmDZLiTUZQZew8teG2QrM4eMRHrCxfG
aJrApSTqBTr35YxopkjKLWeSUjj41sA1sLQv4dM0xCknXQmb9vS3YCL4oVde/Fmy
LhqXu1Y5jmFrkRdVggaDWfCziINwFR6aQ86JTH9JqXmPvlKcEq+lGfgloCVWvDwf
KfdTMXmrsRGH7aY/KpM8oVMhARTOf+JSaGTPmztyaPifNy0chdh/jFdnRFmhqa+x
uay7EAml9VmknmdYtp1iOv9xu1ZnPxW5X2Y6PvL5zpExOWJSA6PeapciW382RTds
dmNmp/ynyw98mm3VQA81yaSgHlRk5HEntW209dsuIgPWcws5eU+clUORnSaQWaK+
SffR4NeXsO3HkTddL6VmDsZv40mwmi5J8gtgGAlN5uBUZQASbJM=
=gdii
-----END PGP SIGNATURE-----
Hash: SHA512
Dear Qubes Community,
The Qubes Security Team is currently investigating the extent to which
[XSA-254] (and the [Meltdown] and [Spectre] attacks more generally)
affect the security of Qubes OS. The practical impact of these attacks
on Qubes is currently unclear. While the Qubes Security Team is a
member of the [Xen predisclosure list], [XSA-254] was disclosed on an
accelerated timetable ahead of schedule, so our team has not yet had a
chance to analyze these attacks, nor has the Xen Project released any
patches associated with [XSA-254]. We are continuing to monitor the
situation closely. Once the Security Team makes a determination about
the impact on Qubes, we will make another announcement, update the
[XSA Tracker], and, if appropriate, issue a [Qubes Security Bulletin]
with information about patching.
[XSA-254]: https://xenbits.xen.org/xsa/advisory-254.html
[Meltdown]: https://meltdownattack.com/
[Spectre]: https://spectreattack.com/
[Xen predisclosure list]: https://www.xenproject.org/security-policy.html
[XSA Tracker]: https://www.qubes-os.org/security/xsa/
[Qubes Security Bulletin]: https://www.qubes-os.org/security/bulletins/
This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2018/01/04/xsa-254-meltdown-spectre/
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpOR88ACgkQ203TvDlQ
MDCJ4w//WNeEUpsJ77Lj4ld5+nhqbUEYymGRjMPQAFQBrgnwzl4e9B1XlSyiSgfE
/moCRziePUy3rbjxg9CQhYau2qWIFLtsxjPggM6t//dWOcQY1P9Agc0HWvNqOKLO
tetILbCD1ttz4/WdcRvJTBD7y4NbeCcdDguuPjXgVbA3pRZ2fewUhlQ8/cjS8xV3
/xJfUHNiV5iT9W7pWVMuz7Z79xpZB7Yz3ONAN5OqS0eXEG0M3k77VQfTLylPzuXR
L8suGjeyZeeuUVVCFxHCyHaPod+e8YvHsCmDZLiTUZQZew8teG2QrM4eMRHrCxfG
aJrApSTqBTr35YxopkjKLWeSUjj41sA1sLQv4dM0xCknXQmb9vS3YCL4oVde/Fmy
LhqXu1Y5jmFrkRdVggaDWfCziINwFR6aQ86JTH9JqXmPvlKcEq+lGfgloCVWvDwf
KfdTMXmrsRGH7aY/KpM8oVMhARTOf+JSaGTPmztyaPifNy0chdh/jFdnRFmhqa+x
uay7EAml9VmknmdYtp1iOv9xu1ZnPxW5X2Y6PvL5zpExOWJSA6PeapciW382RTds
dmNmp/ynyw98mm3VQA81yaSgHlRk5HEntW209dsuIgPWcws5eU+clUORnSaQWaK+
SffR4NeXsO3HkTddL6VmDsZv40mwmi5J8gtgGAlN5uBUZQASbJM=
=gdii
-----END PGP SIGNATURE-----
Tai...@gmx.com
Jan 8, 2018, 1:36:05 PM1/8/18
to qubes...@googlegroups.com, Andrew David Wong, marm...@invisiblethingslab.com
Is there any news on a fix or work-around coming for 3.2?
Converting all the templates to HVM is doable and would greatly improve
security, in light of the severity of these exploits I see no reason not
to do it despite it not being in the original requirements.
I would appreciate advice on how to perform this.
Converting all the templates to HVM is doable and would greatly improve
security, in light of the severity of these exploits I see no reason not
to do it despite it not being in the original requirements.
I would appreciate advice on how to perform this.
Yuraeitha
Jan 8, 2018, 2:28:25 PM1/8/18
to qubes-users
In terms of economics of development time and cost, I wonder where the trade off will lay between bringing 3.2. up to speed in security against these threats, versus migrating all users to Qubes 4 (hopefully RC-4 will be stable enough to be final version).
Questions boggle my mind though, when would Qubes 4 overall be considered just as safe (and thereon safer) than Qubes 3.2? I'm sure at some points Qubes 4 is already more secure, but as we all know it's not fully finished and polished yet.
Does it have a low development cost to implement HVM in Qubes 3.2? or would it be more feasible to recommend everyone to migrate to qubes 4 as fast as possible?
Thinking about it, at the very least for the spectre attack from the little understanding I have, it seems like it's difficult and resourceful to pull off. Maybe most people would be fine on Qubes 3.2. for a while yet, while high profile targets may want to move to Qubes 4 sooner rather than later?
I definitely don't have any full pictures here, I'm merely poking to questions or different perspectives and see what comes out of it. To me a solution seems like high profile targets could move to Qubes 4 soon, while the low profile targets (at least when it comes to spectre) can feel somewhat safe for a while yet? Or is that a failed logic?
Vít Šesták
Jan 10, 2018, 5:21:44 PM1/10/18
to qubes-users
Meltdown can be mitigated by using HVM/PVH. If you look at the XSA, they also have prepared PV-in-PVH mode that mitigates it also for PVs. (This probably won't work for CPUs without VT-x/AMD-v, but those are rare today. It also probably won't work for VMs with PCI devices if system does not support IOMMU (AKA VT-d), but in this case, you are already doomed due to DMA attacks.) So, Meltdown seems to be easily mitigated, it is just matter of time.
It seems that PV-in-PVH is going to fix some other issues. IIUC, it should mitigate all PV-specific vulnerabilities and even bring PVH for stubdoms, which sounds as a nice side effect of Meltdown fix.
Spectre is harder to mitigate and you might need microcode update.
Regards,
Vít Šesták 'v6ak'
It seems that PV-in-PVH is going to fix some other issues. IIUC, it should mitigate all PV-specific vulnerabilities and even bring PVH for stubdoms, which sounds as a nice side effect of Meltdown fix.
Spectre is harder to mitigate and you might need microcode update.
Regards,
Vít Šesták 'v6ak'
awokd
Jan 10, 2018, 5:36:42 PM1/10/18
to "Vít Šesták", qubes-users
On Wed, January 10, 2018 10:21 pm, Vít Šesták wrote:
> Meltdown can be mitigated by using HVM/PVH. If you look at the XSA, they
> also have prepared PV-in-PVH mode that mitigates it also for PVs. (This
I pointed this one out too last week, sounds interesting.
> Meltdown can be mitigated by using HVM/PVH. If you look at the XSA, they
> also have prepared PV-in-PVH mode that mitigates it also for PVs. (This
> probably won't work for CPUs without VT-x/AMD-v, but those are rare
> today. It also probably won't work for VMs with PCI devices if system
> does not support IOMMU (AKA VT-d), but in this case, you are already
> doomed due to DMA attacks.) So, Meltdown seems to be easily mitigated, it
> is just matter of time.
>
> It seems that PV-in-PVH is going to fix some other issues. IIUC, it
> should mitigate all PV-specific vulnerabilities and even bring PVH for
> stubdoms, which sounds as a nice side effect of Meltdown fix.
Andrew David Wong
Jan 10, 2018, 11:10:57 PM1/10/18
to Tai...@gmx.com, qubes...@googlegroups.com, marm...@invisiblethingslab.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
MDDfDw//RAvqScSmgCtiDkZYA3gyDkkJ7W9VdHaqgFzD7aKo74JfKZ47QiEXGh56
rF2BLYFgWBpDcIIoIji0WLD4la1MsfdnBn1HKusY1W4zHxaHDTp+xnVK6Q3zCO5X
P1iMb2DS9vTd4Q5G8oBrddg8/nYg4DYPh1Q7AueineXGCJ7o9mtRIaSyKdnZUSrx
eTHoWCztYPHscXiKwhODtiAf5G+0Mtz+WoWywbO+eWjvEzwKV53ir2mt5hosbfwZ
SMFd2jvKMTCy+6LORCZYtkPgIFVQp8jOW213JCIsSiuhLbt+vNKLSXrNy7Wm2T7H
qBqtkJyi4IPpBLnrEfE0eZHCppsjILiAYuP1cI4NdXEBpf2CRRwToJGa7ZIy7Ra5
HYwbkSLytDTeYTEDNTzL7MqW2FVwHJ7KFNUg2YX70KxWA/DoAdzT/vXiPqUDWN53
zIQlLKXntc2cqThM4TwsUgrP1xOI5xLN7IXPSe24cWYHdKCmdw6UNS63d8gmubaZ
Knao5FV9cK90tUWtjqnIqBBph7si+DdZVIjrijf4YYCNfg/RRTcloQcpqx5kJCGN
RJjPSZ5CV1Gu6TwSxIHZNpAv4uBOg8OXUQEadQiQpDggDtf+NHw5vf05OQ4Fc83g
dMkVaXiGLdQBExCs0KPEZjJRENTL2e8cDugOl4sNmHp6JZcK4Fc=
=O9yq
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages