Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Disables Intel CPU Hyper-Threading Due To Security Concerns (bleepingcomputer.com)

Posted by BeauHD on from the safety-first dept.

The OpenBSD project announced today plans to disable support for Intel CPU hyper-threading due to security concerns regarding the theoretical threat of more "Spectre-class bugs." Bleeping Computer reports: Hyper-threading (HT) is Intel's proprietary implementation of Simultaneous Multithreading (SMT), a technology that allows processors to run parallel operations on different cores of the same multi-core CPU. The feature has been added to all Intel CPUs released since 2002 and has come enabled by default, with Intel citing its performance boost as the main reason for its inclusion.

But today, Mark Kettenis of the OpenBSD project, said the OpenBSD team was removing support for Intel HT because, by design, this technology just opens the door for more timing attacks. Timing attacks are a class of cryptographic attacks through which a third-party observer can deduce the content of encrypted data by recording and analyzing the time taken to execute cryptographic algorithms. The OpenBSD team is now stepping in to provide a new setting to disable HT support because "many modern machines no longer provide the ability to disable hyper-threading in the BIOS setup."

16 of 234 comments (clear)

  1. Opt-In? by thegarbz · · Score: 4, Insightful

    Given the class of Spectre and Meltdown attacks rely on someone else having the freedom to execute code on your hardware, shouldn't something like this be opt-in? There's a whole world of servers out that where Spectre is ultimately completely irrelevant in terms of a security threat, but hyperthreading is definitely not irrelevant in terms of performance.

    1. Re:Opt-In? by Anonymous Coward · · Score: 5, Insightful

      No, it shouldn't because security should have higher priority over speed. If people want to run their computer in a less secure mode they can do so themselves after making an informed decision and accepting the risks it includes. The default state should be the more secure mode so that it covers everyone.

      +1 to the OpenBSD project for putting security above speed.
      -1 to intel for putting speed above security.

      When you turn off hyperthreading Intel and AMD are much more closer to each other. This is why my next major computer build will be AMD. I will have speed and security.

    2. Re:Opt-In? by Humbubba · · Score: 5, Insightful
      thegarbz says

      Given the class of Spectre and Meltdown attacks rely on someone else having the freedom to execute code on your hardware, shouldn't something like this be opt-in? There's a whole world of servers out that where Spectre is ultimately completely irrelevant in terms of a security threat, but hyperthreading is definitely not irrelevant in terms of performance.

      I can't do any better than quote OpenBSD on this:

      OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than most vendors are able to. We can make changes the vendors would not make.

      https://www.openbsd.org/security.html

    3. Re:Opt-In? by Anonymous Coward · · Score: 2, Insightful

      Read reviews of hyperthreaded performance gain. It's somewhere like 0% or 10%, depending on what you're doing. Not a whole lot. Hyper threading is more like a "silicon trick gone wrong".

    4. Re:Opt-In? by Tsolias · · Score: 5, Insightful

      My mode points expired yesterday, so you'll have a comment instead.

      Why the fuck would you need an opt-in for a security feature?
      "Your data are set to be stolen by default. To change the settings please refer to the respective manual"
      Why the fuck isn't data mining, spying, advertising(in windows and ubuntu) opt-in, instead everything bad is opt-out
      and now we see people asking for security features to be opt-in.
      If you are concerned about that administrator that has to flip a value to enable the security holes in his system, it's his job, you don't have to think about him.
      You'll have to think about your average joe, who wants to use *BSD or Linux and isn't specializing in infosec or isn't yet familiar with those terms and practices.
      (yes, there are people who aren't programmers, who know how to use bsd and linux)

    5. Re:Opt-In? by Anonymous Coward · · Score: 3, Insightful

      Lolz. Yes.

    6. Re: Opt-In? by jd · · Score: 3, Insightful

      Lolz? I can has cheezburger?

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    7. Re:Opt-In? by EETech1 · · Score: 1, Insightful

      Without data, all you have is an opinion.

      I don't care about your opinion.

    8. Re:Opt-In? by Anonymous Coward · · Score: 1, Insightful

      No, it shouldn't because security should have higher priority over speed.

      The highest priority is control. Running OpenBSD with or without hyper-threading should be up to the individual user. An OS that takes away control isn't much of an OS.

    9. Re: Opt-In? by DrXym · · Score: 4, Insightful

      If we're going to go down this reductionist security-trumps-all argument then OpenBSD should disable networking too. And keyboard and monitor support. In fact it should shut down when it starts, but not before throwing away the disk encryption key and bricking the device. Now it's secure. The point is that security is a trade-off between what the device allows and what the threats actually are. Crippling a computers performance to mitigate a threat that doesn't exist for a user is wrong. At the very least it should be an option that might disabled by default but can be enabled if the users wants it to be.

    10. Re:Opt-In? by Anonymous Coward · · Score: 4, Insightful

      Yep, I would like to buy a car with no fender or airbags. You simply can't do that, but you can remove them afterwards.

      OpenBSD is secure by default. This is a step to keeping it that way and it totally correct that HT is off to begin with. They already said it will be a switch you can twiddle yourself, but the default will be HT disabled.

      You can leave your car doors unlocked if you want after you finish the default install and start playing.

    11. Re: Opt-In? by jaa101 · · Score: 4, Insightful

      If we're going to go down this reductionist security-trumps-all argument then OpenBSD should disable networking too.

      There's a fundamental difference between I/O and hyperthreading. Without I/O the computer can do nothing. Without hyperthreading it might be a little slower.

    12. Re:Opt-In? by jddimarco · · Score: 5, Insightful

      OpenBSD is adding a control to turn off hyper-threading (because some BIOSes these days don't have such a control), and is turning it off by default on Intel CPUs. But it can be turned on again. So OpenBSD is providing control, not taking it away. Read for yourself. https://undeadly.org/cgi?actio...

    13. Re: Opt-In? by chill · · Score: 4, Insightful

      JavaScript in a browser is the ability to run malicious code on demand. If you run a web browser, you use a multi-user computer. Short of something with an air-gap, there aren't any true single-user systems anymore.

      OpenBSD is adding a control to let the system owner mitigate if they decide the risk is not acceptable. You are correct in that security can't trump all and that likelihood is part of the risk equation.

      --
      Learning HOW to think is more important than learning WHAT to think.
  2. Re:Given the number of Intel PCs in Theo's house.. by spth · · Score: 3, Insightful

    For some of the recent vulnerabilities, the OpenBSD team, unlike other OS vendors was not informed in advance. So even when one assumes that there is a SpectreNG-variant that uses Hyperthreading, it is not so obvious that it is known to the OpenBSD developers.

    On the other hand, knowing that there are more SpectreNG-variants, and not having been informed about the details might make the OpenBSD devlopers even more cautious about any hardware feature that looks suspicious.

  3. Track records matter. by emil · · Score: 5, Insightful

    The current release of OpenBSD, version 6.3, has issued a total of 10 patches against base since release on April 15th. Four of these are security-related, and six are reliability bug fixes.

    Oracle / Red Hat Linux in that time has issued 50 security-related patches, and hundreds more that are classed as bug fixes or enhancements.

    Linux is strong because it scales up and down very well, it exploits CPU features for speed to make applications run very fast, it is friendly to new features, and it has the most market share in the POSIX realm. Linux is weak because it has sacrificed security for speed in many cases, and we have Dirty Cow, Towelroot, and many similar problems in userspace - this makes Linux a bad choice for systems that will not receive patches (i.e. phones, IoT devices, embedded systems, etc.).

    OpenBSD prioritizes security over speed and flexibility. It does not implement fine-grained SMP due to security concerns, and has a "big kernel lock" that Linux left behind in 2.2. It ignores many well-known standards (i.e. NFSv4). There are many things that you cannot do on OpenBSD, but what you can do is magnitudes safer than Linux.

    Android politely stole OpenBSD's entire libc implementation (and then ignored it for several years), and IIRC the OpenBSD code is the largest contribution outside of the kernel itself.

    OpenBSD is also the home of OpenSSH, which itself is quite secure.

    I trust the opinions of the OpenBSD kernel architects, and I will look forward to their patch.