Irenes (many)2d ago

when Intel introduced a cpuid instruction, around 1998 or so

there was a debate on the Linux kernel mailing list as to whether Linux should provide a way to call that instruction

you know, because of its potential uses for surveillance and how that was sharply at odds with the idea of computers being owned by their users

Show threadIrenes (many)2d ago
the resolution, at least for a while, was that Linux would implement an interface for programs to invoke the instruction, but would also add an interface that allows the user to instruct the kernel to lie and return a user-specified identifier instead
Show threadgaytabase2d ago
@ireneista that's kind of funny. i'm glad we can use cpuid though, a lot of my performance gaming relies on it.
Show threadIrenes (many)2d ago
@dysfun sure, but you understand it relies on it in the sense that DRM and anticheat look at it, right? it's not a feature that helps with graphics or anything like that
Show threadIrenes (many)2d ago
@dysfun like notionally there was a possible world in which a harder line was taken, and game studios were forced to accept that selling on Linux means not being able to do those things. we don't live in that world, because the kernel did eventually sell out wrt DRM.
Show threadJosh Simmons2d ago
@ireneista @dysfun cpuid isn't something which anticheats will rely on the veracity of either fwiw, it's not a security feature and it's spoofable.
Show threadvriska, thief of light 2d ago
@dotstdy @ireneista @dysfun i have heard that there are games that check cpuid to only support the steam deck and not other hardware. this is trivially bypassable but they do it anyway
Show threadJosh Simmons2d ago
@leo @ireneista @dysfun stuff like that is not unheard of, just because they only test on steam deck and don't officially support anything else. It's a bit silly but not really hard to work around. But that's nothing to do with surveillance or performance. (It can just check the CPU model says aerith)
Show threadIrenes (many)2d ago

@dotstdy @leo @dysfun mm. similar stories have played out with browser user-agents, but it would be strange to claim that user-agents have nothing to do with surveillance... if anything, having innocuous uses for it widely-deployed makes the surveillance stronger because it means turning it off comes at a compatibility cost.

we agree of course that the intention is not to surveil, but good intentions don't even count in Horseshoes

Show threadJosh Simmons
@ireneista @leo @dysfun that's not the problem though, cpuid lets you enumerate feature support, which lets you fingerprint, but even without an instruction to enumerate features you can still just try to use them and fingerprint the CPU from that. So you make the non malicious use cases harder, and the malicious folks can keep doing what they already were doing.
Mar 19 at 10:45pmPhanpy
Show threadgaytabase2d ago
@dotstdy @ireneista @leo yes that's technically possible, but it is not as easy as you think. there are ABI changes with some instruction sets and you can only tell you can't execute something by getting a trap trying.
Show threadJosh Simmons2d ago
@dysfun @ireneista @leo you can also time instructions, check exact behavior. Because cpuid is so trivially spoofed, this is what vm detection does anyway, it's far more sophisticated than just checking cpuid. I'm just saying because the indication is that games or anticheats are enabled by cpuid, and I'm just saying that era of sophistication is loooooong past.
Show threadIrenes (many)2d ago
@dotstdy @dysfun @leo we do agree that that sort of technique is widely deployed, at this point. alas.