Pavel,
On Wed, 28 Aug 2019, Pavel Machek wrote:
On Tue 2019-08-27 15:30:30, Thomas Gleixner wrote:
There is no way to reinitialize RDRAND from the kernel otherwise we would have exactly done that. If you know how to do that please tell.
Would they? AMD is not exactly doing good job with communication
Yes they would. Stop making up weird conspiracy theories.
here. If BIOS can do it, kernel can do it, too...
May I recommend to read up on SMM and BIOS being able to lock down access to certain facilities?
or do you have information saying otherwise?
Yes. It was clearly stated by Tom that it can only be done in the BIOS.
Also disabling it for every BIOS is the only way which can be done because there is no way to know whether the BIOS is fixed or not at cold boot time. And it has to be known there because applications cache the
I'm pretty sure DMI-based whitelist would help here. It should be reasonably to fill it with the common machines at least.
Send patches to that effect.
Plus, where is the CVE, and does AMD do anything to make BIOS vendors fix them?
May I redirect you to: https://www.amd.com/en/corporate/contact
Thanks,
tglx