Pavel, On Wed, 28 Aug 2019, Pavel Machek wrote: > On Tue 2019-08-27 15:30:30, Thomas Gleixner wrote: > > There is no way to reinitialize RDRAND from the kernel otherwise we would > > have exactly done that. If you know how to do that please tell. > > Would they? AMD is not exactly doing good job with communication Yes they would. Stop making up weird conspiracy theories. > here. If BIOS can do it, kernel can do it, too... May I recommend to read up on SMM and BIOS being able to lock down access to certain facilities? > or do you have information saying otherwise? Yes. It was clearly stated by Tom that it can only be done in the BIOS. > > Also disabling it for every BIOS is the only way which can be done because > > there is no way to know whether the BIOS is fixed or not at cold boot > > time. And it has to be known there because applications cache the > > I'm pretty sure DMI-based whitelist would help here. It should be > reasonably to fill it with the common machines at least. Send patches to that effect. > Plus, where is the CVE, and does AMD do anything to make BIOS vendors > fix them? May I redirect you to: https://www.amd.com/en/corporate/contact Thanks, tglx
