[Development] Broken RNG on AMD Ryzen CPUs affect QTemporaryFile, Qt IFW
Konstantin Ritt
ritt.ks at gmail.com
Wed Feb 19 18:00:15 CET 2020
Just for clarity: systemd has worked around this issue back in 2019 IIRC ,
once the issue has been widely reported and confirmed. Did that allow the
user to boot his linux? Yes, the user is now able to boot into his shiny
and fast (yet insecure and highly vulnerable) operation system. Months
later, do we (Qt) REALLY have to be the only "secure" citizen in the
0xFFFFFFFF world? If so, then what about ASLR, SSP and other techniques
aimed to protect your lovely lib/app/os from ACE but can not (due to broken
HW RNG, which the user could never know about)?!
Regards,
Konstantin
ср, 19 февр. 2020 г. в 18:26, Konstantin Ritt <ritt.ks at gmail.com>:
> Should we ever try to work around issues caused by broken CPUs? Maybe we
> should warn the user instead (with big red banner) and decline to install
> anything at all?
>
> > <snip /> (or buy Intel)
>
> Or let's maybe also try to work around Meltdown and Spectre on i, just for
> symmetry? ;)
>
> Regards,
> Konstantin
>
>
> ср, 19 февр. 2020 г. в 01:51, Thiago Macieira <thiago.macieira at intel.com>:
>
>> On Tuesday, 18 February 2020 05:36:56 PST Sze Howe Koh wrote:
>> > > Christian Kandeler (18 February 2020 12:59) replied
>> > >
>> > > > Probably the same as https://bugreports.qt.io/browse/QTBUG-77375.
>>
>> Also https://bugreports.qt.io/browse/QTBUG-70606, which is when I
>> reported the
>> problem to AMD, but we did not introduce a workaround since we didn't
>> know it
>> was this widespread.
>>
>> > > Which version was this encountered in ?
>> > >
>> >
>> > Judging from the screenshots, it's the latest and greatest version of
>> > the Qt installer (qt-opensource-windows-x86-5.14.1.exe) [1]
>>
>> Okay, but what version of Qt is the Qt Installer using? Installer team,
>> can
>> you check?
>>
>> Also, anyone affected, PLEASE upgrade your BIOS right now. Your system is
>> insecure. (or buy Intel)
>>
>> --
>> Thiago Macieira - thiago.macieira (AT) intel.com
>> Software Architect - Intel System Software Products
>>
>>
>>
>> _______________________________________________
>> Development mailing list
>> Development at qt-project.org
>> https://lists.qt-project.org/listinfo/development
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20200219/ed401c4b/attachment.html>
More information about the Development
mailing list