Hi Aaron,

Considering heavy traffic load&requests through web/sql server on the system, wouldn't that decrease performance? HT might not be too safe - OpenBSD is. :) I do know and am aware of that OpenBSD team suggest turning it of, but.. Other than that, have you read anything else *specifically* regarding the security implementation of these CPUs?

Many thanks.
Best,
Ozgur Kazancci




On 24/01/2020 03:06, Aaron Mason wrote:
After reviewing your dmesg and googling the model of your CPU, might I
suggest/recommend turning off hyperthreading if you can.  Bad security
juju.







On Thu, Jan 23, 2020 at 6:29 PM Andreas Kusalananda Kähäri
<andreas.kah...@abc.se> wrote:

On Wed, Jan 22, 2020 at 11:30:51PM +0300, Özgür Kazancci wrote:
> Hello everyone! Greetings to misc people!
>
> Got a brand new dedicated server with a hardware: Intel Xeon-E 2274G - 64GB
> DDR4 ECC 2666MHz - 2x SSD NVMe 960GB
> and installed "brand new" OpenBSD 6.6 on it. (I'm managing it remotely via
> KVM/IPMI)
>
> After the first boot, dmesg is outputting sequentally between few seconds
> delays:
> "wsdisplay0 at inteldrm0 mux 1
> init: can't open /dev/console: Device not configured" and the system doesn't
> boot at all.

Is it possible that it does actually boot but that you just don't see the messages. Did you try pinging the machine or accessing it through SSH?


>
> Please refer to the screenshot attached: https://ibb.co/sQbt7F7
>
> And after few hours of forums/IRC-logs readings, I tried to try the
> suggestion of lots of similar-people: "disable inteldrm"
>
> To do that, during the boot I typed "boot -c", then got a brand new error
> (IPMI/KVM freezes, no more keyboard input):
> "kbc: cmd word write error" (with a weird cursor)
> Please refer to the screenshot attached: https://ibb.co/QchqhtY
>
> Anyways, wanted to skip that -for now-, rebooted the server again, and
> booted into bsd.rd, mounted the / and /usr on the harddisk, chrooted into
> there and did;
> "config -ef /bsd", then "disable inteldrm" and "quit" to save the changes.
> Finally rebooted.
>
> The system booted up fine! Got the login prompt shell, logged in, well, with
> -an another- brand new error :)
>
> "reorder_kernel: failed - see /usr/...GENERIC.MP/relink.log"

This sometimes indicates that the previous boot got to the kernel
re-linking stage but that it got interrupted there.  I see this on VMs
if I forcefully reboot them as soon as the login prompt appears.


>
> I guess that was because I modified the kernel, anyway, wanted to skip that
> too -for now-. Did what I always do the first: syspatch
>
> installed the patches, rebooted the system, aand...Tada! "inteldrm0 is back,
> b1tch3z!" :)
>
> Dmesg has again: "init: can't open /dev/console: Device not configured" and
> delays there. No boot, again.
>
> My questions are:
>
> How can I get the rid of the error "init: can't open /dev/console: Device
> not configured" to be able to boot into the system?
>
> if that was the only way (disabling inteldrm), would I repeat it each time I
> issue syspatch?
>
> And each time syspatch (re)installs the kernel, should I get the error
> "reorder_kernel: failed", because I modified (disabled inteldrm) kernel?
>
> Any words on "kbc: cmd word write error" when I tried the 'boot -c'?
>
> I thank you for your time in reading all these,
> And many thanks for your suggestions, in advance!
>
> Best,
> Özgür Kazancci

--
Andreas (Kusalananda) Kähäri
SciLifeLab, NBIS, ICM
Uppsala University, Sweden

.


Reply via email to