Most active commenters

    ←back to thread

    Intel-undervolt: CPU undervolting and throttling configuration tool for Linux

    (github.com)
    132 points cl3misch | 16 comments | 17 Jun 24 22:44 UTC | HN request time: 0.655s | source | bottom
    1. voidbert ◴[18 Jun 24 00:20 UTC] No.40712750[source]
    Please consider the risks of the following vulnerability before deciding whether or not to undervolt: https://plundervolt.com/
    replies(6): >>40712818 #>>40712825 #>>40712902 #>>40713134 #>>40713189 #>>40713668 #
    2. rany_ ◴[18 Jun 24 00:31 UTC] No.40712818[source]
    In all likelihood this tool does not work for most users, specifically in response to this vulnerability. If you're on the latest microcode, undervolting is no longer possible due to Intel's mitigation: https://www.intel.com/content/www/us/en/security-center/advi...
    replies(1): >>40714772 #
    3. yjftsjthsd-h ◴[18 Jun 24 00:32 UTC] No.40712825[source]
    > We were able to corrupt the integrity of Intel SGX on Intel Core processors by controling the voltage when executing enclave computations

    > If you are not using SGX, no actions are required. If you are using SGX, it suffices to apply the microcode update provided by Intel to mitigate Plundervolt.

    It's not nothing, but that seems minor to irrelevant to most people.

    4. aftbit ◴[18 Jun 24 00:43 UTC] No.40712902[source]
    Wow, I never considered a power attack from software of an untrusted OS. Ring -1 and SGX and the like lead to some very harsh security environments for modern processors. IMO if you want cryptographic security, you should probably use an external component that you control, but that isn't always possible and is never the cheaper option.
    5. dannyw ◴[18 Jun 24 01:22 UTC] No.40713134[source]
    Isn’t SGX mostly used for DRM, remote attestation, and other anti-consumer stuff in practice today?

    I haven’t came across a use case of SGX that benefits me.

    replies(3): >>40713437 #>>40715703 #>>40717485 #
    6. tedunangst ◴[18 Jun 24 01:32 UTC] No.40713189[source]
    If you're in a position to choose not to undervolt, you're not vulnerable.
    7. mscrivo ◴[18 Jun 24 02:12 UTC] No.40713437[source]
    Here's one: https://signal.org/blog/private-contact-discovery/
    replies(1): >>40714745 #
    8. gruez ◴[18 Jun 24 03:00 UTC] No.40713668[source]
    Aren't you vulnerable to this regardless of whether wether you're using this tool? The vulnerability in question relies on untrusted code being able to lower voltages to very low levels, causing the cpu to malfunction. Using this tool or having it installed isn't a relevant factor. If you have untrusted code running on your PC, it's already game over, and any malicious tool can use the same api this tool uses to control voltages.
    replies(1): >>40714025 #
    9. Bognar ◴[18 Jun 24 04:17 UTC] No.40714025[source]
    Not exactly. The promise of SGX and secure hardware enclaves is that the code that executes there should run with access to protected encrypted memory pages (enforced by the CPU VMM), and the state of the enclave can be remotely attested. Basically, it's designed to run a secure application in an untrusted computing environment as long as you trust the hardware to implement the features correctly.

    That last part being the rub.

    replies(1): >>40714578 #
    10. damsalor ◴[18 Jun 24 06:17 UTC] No.40714578{3}[source]
    Yea about that „promise“ …
    11. RussianCow ◴[18 Jun 24 06:44 UTC] No.40714745{3}[source]
    But that's something that Signal implements on their own backend, not something that runs on consumer devices, so it's not really relevant to a discussion about the risks of undervolting your CPU.
    replies(1): >>40720742 #
    12. gravescale ◴[18 Jun 24 06:49 UTC] No.40714772[source]
    Which is a pity because my i7 Lenovo laptop is acoustically and thermally some kind of jet turbine in a case, because I was foolish enough to believe a review, and I really wish I could undervolt it so it can make it to lunchtime on a charge.
    replies(1): >>40767386 #
    13. AshamedCaptain ◴[18 Jun 24 09:36 UTC] No.40715703[source]
    Except when Apple does it (on their server hardware). Then it supposedly benefits you. See the thread for the "Private Cloud" analysis.
    14. bobbiechen ◴[18 Jun 24 13:16 UTC] No.40717485[source]
    SGX is actually deprecated on client devices like PCs, so it is rather difficult to use it in anti-consumer ways now (and as mentioned in a sibling thread, makes this rather irrelevant to the topic of undervolting your own PC).

    In my experience (working in the field at Anjuna), SGX and other Confidential Computing are quietly used on the server-side in enterprises a lot. It's a part of defense-in-depth, often to protect critical secrets and cryptographic keys, or the systems that manage them.

    15. mscrivo ◴[18 Jun 24 18:36 UTC] No.40720742{4}[source]
    I was directly replying to the parent's question of whether there were any uses of SGX that were not anti-consumer. Signal's use of it, is very much in line with my thinking of what constitutes pro-consumer.

    I agree though, we're all getting slightly off topic

    16. rany_ ◴[23 Jun 24 13:37 UTC] No.40767386{3}[source]
    I was actually wrong about that, it turned out to be possible on my 11th gen Intel CPU but it was definitely not as easy as it should've been.

    I used https://github.com/datasone/setup_var.efi to modify the UEFI variables. The README has all the info you'd need. It turns out that both a BIOS and microcode update is required to kill off this feature, and you could just configure the BIOS to not lock it.