For those who came in late Hyper-threading (HT) is Intel's proprietary implementation of Simultaneous Multithreading (SMT), a technology that allows processors to run parallel operations on different cores of the same multi-core CPU. It has been added to all Intel CPUs released since 2002 and has come enabled by default, with Intel citing its performance boost as the main reason for its inclusion.
Mark Kettenis of the OpenBSD project, told Bleeping Computer that the OpenBSD team was removing support for Intel HT because, by design, this technology just opens the door for more timing attacks which are cryptographic attacks through which a third party observer can deduce the content of encrypted data by recording and analyzing the time taken to execute cryptographic algorithms.
The recently disclosed Meltdown and Spectre CPU vulnerabilities, along with their many variations [1, 2, 3] were all timing attacks.
"Intel HT can make cache timing attacks a lot easier, and we strongly suspect that this will make several Spectre-class bugs exploitable", Kettenis said.
The OpenBSD team is now stepping in to provide a new setting to disable HT support because "many modern machines no longer provide the ability to disable hyper-threading in the BIOS setup".
"This can [now] be controlled through a new hw.smt sysctl", Kettenis said. "For now this only works on Intel CPUs when running OpenBSD/amd64. But we're planning to extend this feature to CPUs from other vendors and other hardware architectures."
Kettenis says that SMT doesn't really have a positive effect on performance, as Intel and other CPU vendors have advertised, and the change shouldn't bring a significant performance hit.
Intel have told us it was looking into this feedback and thanked the community for its ongoing efforts.
"Protecting our customers and their data continues to be a critical priority for us. We are looking into this feedback and thank the community for their ongoing efforts.”