(github.com)

132 points cl3misch | 1 comments | 17 Jun 24 22:44 UTC | HN request time: 0.001s | source

Show context

voidbert ◴[18 Jun 24 00:20 UTC] No.40712750[source]▶

>>40712020 (OP) #

Please consider the risks of the following vulnerability before deciding whether or not to undervolt: https://plundervolt.com/

replies(6): >>40712818 #>>40712825 #>>40712902 #>>40713134 #>>40713189 #>>40713668 #

gruez ◴[18 Jun 24 03:00 UTC] No.40713668[source]▶

>>40712750 #

Aren't you vulnerable to this regardless of whether wether you're using this tool? The vulnerability in question relies on untrusted code being able to lower voltages to very low levels, causing the cpu to malfunction. Using this tool or having it installed isn't a relevant factor. If you have untrusted code running on your PC, it's already game over, and any malicious tool can use the same api this tool uses to control voltages.

replies(1): >>40714025 #

Bognar ◴[18 Jun 24 04:17 UTC] No.40714025[source]▶

>>40713668 #

Not exactly. The promise of SGX and secure hardware enclaves is that the code that executes there should run with access to protected encrypted memory pages (enforced by the CPU VMM), and the state of the enclave can be remotely attested. Basically, it's designed to run a secure application in an untrusted computing environment as long as you trust the hardware to implement the features correctly.

That last part being the rub.

replies(1): >>40714578 #

1. damsalor ◴[18 Jun 24 06:17 UTC] No.40714578[source]▶

>>40714025 #

Yea about that „promise“ …

↑

Intel-undervolt: CPU undervolting and throttling configuration tool for Linux