The security of NaCL required accurately predicting controlflow, and confidence it would work in adversarial conditions (e.g. someone trying to induce faults, undocumented opcodes, etc.). I said it seemed prudent to whitelist cpus we had tested, I stand by that. 
-
-
Well, that's half of it. The other half of your response is that if we don't do this test that does nothing, we also shouldn't test anything? But no one is proposing removing CPUID feature checks for features you're actually using.
-
What's your mental model of the failure mode you're going to catch? The reason a competent CPU engineer is going to tell you this is useless is that their model of what might fail will expect that you get no new information from running the test even on thousands of chips.
- 31 more replies
New conversation -
-
-
Well, it must be nice to not have to compromise. I disagree, we can test and get vendor buy-in on supporting novel new security models.
-
I've seen the other side of these vendor discussions at hardware vendors and cloud vendors and in both cases I've seen management directly lie to customers to get customers to think that their concerns have been addressed. YMMV, of course.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.