1.. SPDX-License-Identifier: GPL-2.0 2 3SRBDS - Special Register Buffer Data Sampling 4============================================= 5 6SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to 7infer values returned from special register accesses. Special register 8accesses are accesses to off core registers. According to Intel's evaluation, 9the special register reads that have a security expectation of privacy are 10RDRAND, RDSEED and SGX EGETKEY. 11 12When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved 13to the core through the special register mechanism that is susceptible 14to MDS attacks. 15 16Affected processors 17-------------------- 18Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may 19be affected. 20 21A processor is affected by SRBDS if its Family_Model and stepping is 22in the following list, with the exception of the listed processors 23exporting MDS_NO while Intel TSX is available yet not enabled. The 24latter class of processors are only affected when Intel TSX is enabled 25by software using TSX_CTRL_MSR otherwise they are not affected. 26 27 ============= ============ ======== 28 common name Family_Model Stepping 29 ============= ============ ======== 30 IvyBridge 06_3AH All 31 32 Haswell 06_3CH All 33 Haswell_L 06_45H All 34 Haswell_G 06_46H All 35 36 Broadwell_G 06_47H All 37 Broadwell 06_3DH All 38 39 Skylake_L 06_4EH All 40 Skylake 06_5EH All 41 42 Kabylake_L 06_8EH <= 0xC 43 Kabylake 06_9EH <= 0xD 44 ============= ============ ======== 45 46Related CVEs 47------------ 48 49The following CVE entry is related to this SRBDS issue: 50 51 ============== ===== ===================================== 52 CVE-2020-0543 SRBDS Special Register Buffer Data Sampling 53 ============== ===== ===================================== 54 55Attack scenarios 56---------------- 57An unprivileged user can extract values returned from RDRAND and RDSEED 58executed on another core or sibling thread using MDS techniques. 59 60 61Mitigation mechanism 62------------------- 63Intel will release microcode updates that modify the RDRAND, RDSEED, and 64EGETKEY instructions to overwrite secret special register data in the shared 65staging buffer before the secret data can be accessed by another logical 66processor. 67 68During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core 69accesses from other logical processors will be delayed until the special 70register read is complete and the secret data in the shared staging buffer is 71overwritten. 72 73This has three effects on performance: 74 75#. RDRAND, RDSEED, or EGETKEY instructions have higher latency. 76 77#. Executing RDRAND at the same time on multiple logical processors will be 78 serialized, resulting in an overall reduction in the maximum RDRAND 79 bandwidth. 80 81#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other 82 logical processors that miss their core caches, with an impact similar to 83 legacy locked cache-line-split accesses. 84 85The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable 86the mitigation for RDRAND and RDSEED instructions executed outside of Intel 87Software Guard Extensions (Intel SGX) enclaves. On logical processors that 88disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not 89take longer to execute and do not impact performance of sibling logical 90processors memory accesses. The opt-out mechanism does not affect Intel SGX 91enclaves (including execution of RDRAND or RDSEED inside an enclave, as well 92as EGETKEY execution). 93 94IA32_MCU_OPT_CTRL MSR Definition 95-------------------------------- 96Along with the mitigation for this issue, Intel added a new thread-scope 97IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and 98RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL = 999]==1. This MSR is introduced through the microcode update. 100 101Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor 102disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX 103enclave on that logical processor. Opting out of the mitigation for a 104particular logical processor does not affect the RDRAND and RDSEED mitigations 105for other logical processors. 106 107Note that inside of an Intel SGX enclave, the mitigation is applied regardless 108of the value of RNGDS_MITG_DS. 109 110Mitigation control on the kernel command line 111--------------------------------------------- 112The kernel command line allows control over the SRBDS mitigation at boot time 113with the option "srbds=". The option for this is: 114 115 ============= ============================================================= 116 off This option disables SRBDS mitigation for RDRAND and RDSEED on 117 affected platforms. 118 ============= ============================================================= 119 120SRBDS System Information 121----------------------- 122The Linux kernel provides vulnerability status information through sysfs. For 123SRBDS this can be accessed by the following sysfs file: 124/sys/devices/system/cpu/vulnerabilities/srbds 125 126The possible values contained in this file are: 127 128 ============================== ============================================= 129 Not affected Processor not vulnerable 130 Vulnerable Processor vulnerable and mitigation disabled 131 Vulnerable: No microcode Processor vulnerable and microcode is missing 132 mitigation 133 Mitigation: Microcode Processor is vulnerable and mitigation is in 134 effect. 135 Mitigation: TSX disabled Processor is only vulnerable when TSX is 136 enabled while this system was booted with TSX 137 disabled. 138 Unknown: Dependent on 139 hypervisor status Running on virtual guest processor that is 140 affected but with no way to know if host 141 processor is mitigated or vulnerable. 142 ============================== ============================================= 143 144SRBDS Default mitigation 145------------------------ 146This new microcode serializes processor access during execution of RDRAND, 147RDSEED ensures that the shared buffer is overwritten before it is released for 148reuse. Use the "srbds=off" kernel command line to disable the mitigation for 149RDRAND and RDSEED. 150