Today, the OpenBSD project announced plans to disable support for hyper-threading of Intel CPUs due to security concerns regarding the theoretical threat of more “vulnerabilities like Spectre”.
Hyper-threading (HT) is Intel’s patented simultaneous multiprocessing (SMT) implementation, a technology that allows processors to run parallel operations on different cores of the same multi-core CPU.
The feature has been added to all Intel CPUs released since 2002 and has been enabled by default, with Intel citing its performance boost as the primary reason for its inclusion.
Intel HT susceptible to more timing attacks
But today, Mark Kettenis of the OpenBSD project said the OpenBSD team was eliminating support for Intel HT because, by design, this technology only opens the door to more timing attacks.
Timing attacks are a class of side-channel cryptographic attacks through which an external observer can deduce the content of encrypted data by recording and analyzing the time required to execute cryptographic algorithms.
The newly revealed vulnerabilities of Meltdown and Spectre CPUs, along with their many variations, are all timing attacks.
“Intel HT] can make caching attacks much easier and we suspect that this will make various Spectre vulnerabilities exploitable,” said Kettenis.
New sysctl available for some versions of OpenBSD
The OpenBSD team now intervenes to provide a new configuration to disable HT support because “many modern machines no longer offer the ability to disable hyper-threading in BIOS configuration”.
“This can now be controlled through a new hw.smt sysctl,” Kettenis said. “For now, this only works on Intel CPUs when running OpenBSD/amd64. But we are planning to extend this feature to third-party CPUs and other hardware architectures.
Kettenis says SMT doesn’t really have a positive effect on performance, as Intel and other CPU providers have announced, and the change should not have a big impact on performance.