Remember, more than two years ago, when Intel’s CPUs were exposed to a critical security flaw that practically turned the PC industry on its head? No? No worries. You aren’t alone. Still, the severity of the Meltdown and Spectre vulnerabilities was real and the potential harm they carried was of legitimate concern. Thankfully, most Chrome OS devices were patched before the issues were made public and to my knowledge, an attack on a Chromebook was never realized in the wild. While Spectre and Meltdown are distance memories for most, it appears that Chrome OS has not escaped the long-term effects of such vulnerabilities.
When these flaws were exposed back in 2018, the immediate response was to disable hyper-threading as a mitigation for the security vulnerabilities. What is hyper-threading? Good question. Hyper-threading is Intel’s brand name for SMT or simultaneous multithreading. In simple terms, multithreading takes a single CPU core and splits it into two, virtual cores. The purpose is to produce a more efficient machine without extra hardware. Now, this doesn’t instantly double the power of a CPU. Instead, the machine’s kernel can now use the virtual threads to perform two tasks at the same time instead of the core completing one task before moving on to the next. In may cases, it increases overall CPU performance. Spectre and Meltdown were able to leverage a weakness in the SMT process to access sensitive information stored in the memory of a user’s device.
That was nearly three years ago but I received an email from Joe Romeo last night alerting me to the fact that Chromium developers are still taking steps to prevent these types of security breaches and one of those steps is to disable hyper-threading when using a VM(virtual machine) on Chrome OS. If you’re wondering what Chrome OS is using VMs for, it’s a lot more than you may think. Android emulators are one example but more importantly, Crostini utilizes the VM layer. That means, when you open the terminal or a Linux application, hyper-threading is immediately disabled. You can see the process in action below in a screen recording from Joe R.
You can see that, when using COG system viewer, the Core i5 device is splitting the four available cores into 8 virtual threads. The minute the Terminal app is open, four of the cores are immediately disabled. Looking a bit closer at a bug report that Mr. Romeo opened, we find that developers have marked this WIA which means “works as intended.” Regardless fo the setting you have enabled for hyper-threading, it will not work when a VM is running. Further down in the comments, we see why.
This is WAI. On newer kernels we disable hyperthreading, for security reasons, once you start a Virtual Machine. Your setting in the session is only respected till[sic] you start a VM.Chromium Bug Tracker
Hyper-threading is apparently still a security concern for developers and exposing the CPU to untrusted VMs is something they’d like to avoid. Still, this a bit of a disappointment. We’ve been steadily looking for clues that Chrome OS could soon leverage hardware such as discrete and even external GPUs. Taking full advantage of the hardware on premium Chrome OS devices is the key to Chromebooks finally being able to bridge the ever-narrowing app gap that exists between it and Windows, Mac, and Linux. To think that hyper-threading could be permanently nerfed is unfortunate at best. Thankfully, the last comment of the bug report gives a glimmer of hope as the assigned developer stated that they are still discussing this matter. If you’d like to follow along with the progress of this bug report, you can do so here.