If someone overclocks their cpu, and an attacker does some x87 operation in a tight loop for a few minutes, how confident are you a branches won't be miscalculated? Usually no security consequences for this, so vendors didn't test, It worried me
e.g.https://devblogs.microsoft.com/oldnewthing/20050412-47/?p=35923 …
Well, that's half of it. The other half of your response is that if we don't do this test that does nothing, we also shouldn't test anything? But no one is proposing removing CPUID feature checks for features you're actually using.
-
-
What's your mental model of the failure mode you're going to catch? The reason a competent CPU engineer is going to tell you this is useless is that their model of what might fail will expect that you get no new information from running the test even on thousands of chips.
-
Interesting, so if I test 1000 chips, and they all fail, your saying that it's still safe to make this security sensitive?

- 30 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.