Comment by mehrdadn

8 years ago

I would love to but how in the world do I do this when I'm using Windows and Lenovo doesn't give me an option in the BIOS?

5 comments

mehrdadn

Reply
JBiserkov  8 years ago

One way to achieve something similar would be via a software tool which would set the process affinity to only run on real cores.

Or you could only run Chrome (untrusted JavaScript) on core 2 and 3, and run the app that has your secrets on core 0 and 1. (It is my understanding that 2k cores are real, and 2k+1 is their matching, "virtual" core) This way you get both hyperthreading and security. I'm not a security expert though.

https://bitsum.com/docs/pl/Using%20the%20GUI/using_the_gui.h...

  • mehrdadn  8 years ago

    I'm not sure it would be that easy since I believe e.g. I/O can go through the System process (or other processes even), which has full affinity. We'd likely have to set thread affinities for all processes/threads. But then it would clash with manually-set affinities, and I'm also not sure if it would have worse performance than actually disabling hyper-threading or not.

    Right now I'm looking at what making a UEFI application to disable HT before boot might involve... not sure if that's too late in the boot process or not.

  • Liquid_Fire  7 years ago

    > It is my understanding that 2k cores are real, and 2k+1 is their matching, "virtual" core)

    I'm not sure that's true. For example, on a i7-4770 I get:

      $ cat /sys/devices/system/cpu/cpu[0-3]/topology/thread_siblings_list
  0,4
  1,5
  2,6
  3,7

    (Of course, that might just be Linux renumbering them)