> > > Ie can the cpuid be turned on again by any software? Or is it a one time
> > > decision for the life of the cpu or the life of a session (between power-on
> > > and power-off)?
>
> > It is my understanding that the psn microcode is only reactivated
> > upon system power-up and cannot be activated by a processor reset
> > "in-flight" during a Linux session. In other words, you do not have to
> > worry about the psn as long as you boot into a kernel with the deactivation
> > code.
>
> Intel has said this is the case; however, the German magazine c't has a hacker
> on staff who has managed to turn the serial number back on from userland,
> using only documented features of the processor.
No.
The serial number, although proven by c't to be possible to switch on
without rebooting the machine (using a powermanagement trick), is not
possible to switch back on from userland. You need kernel privileges for
that as far as I know. So, if you boot a kernel that disables this feature
on boot, you should be safe (*).
In W9x it's a different story, though - any program can load a .VXD, which
has the 'kernel' privileges and does the job without the user noticing.
Intel's serial number disabling utility 'fixes' this security hole (or
backdoor?) by disabling the serial number feature repeatedly every 15
seconds. Anyway, if a .VXD can switch it on, for 15 seconds, it'll of course
also manage to read it in that time and save it somewhere and disable it
afterward not to cause an alarm from the Intel utility.
A difference between an OS and an 'OS' ....
Have fun,
Vojtech
(*) Unless you load third party binary-only modules / run third party
binary-only suid root programs ... these of course can do it as well.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/