Announcement

Collapse
No announcement yet.

Security Researchers Detail New "BlindSide" Speculative Execution Attack

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #21
    Took some serious effort though. 200+ seconds.

    Comment

    • #22
      Originally posted by starshipeleven View Post
      Are ARM immune or did they just not test them? Because they do speculative execution too
      They were not tested (only Intel and AMD)

      Cortex-A53 (2012) and newer A55 (2017) uses in order execution pipelines. The A53 is used in Raspberry Pi 3 (and 3+).

      Cortex-A72 and newer versions (all the way to A77) uses a "out-of-order, speculative issue 3-way superscalar execution pipeline". The A72 is used in Raspberry Pi 4.

      Hopefully the Raspberry Pi Foundation learns it's from this. ARM at least announces vulnerabilities while Raspberry Pi Foundation just ignores it. This is the ONLY post made by them and not updated after the release of the Raspberry Pi 4... "Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown" -- https://www.raspberrypi.org/blog/why...e-or-meltdown/
      • Likes 5

      Comment

      • #23
        Extra points for the researchers actually testing on AMD for once.

        Originally posted by onlyLinuxLuvUBack View Post
        intel swiss-lake...
        Haha. But I don't think anyone outside the United States will get that joke.
        • Likes 3

        Comment

        • #24
          Originally posted by Vistaus View Post
          An attack that works on an AMD CPU? Is this fake news or what? 'Cause everyone, esp. on this site, keeps saying AMD is 100% safe against this kind of stuff...
          Who said it ? Claiming that AMD CPUs have fewer speculative vulnerabilities than Intel does not mean that they are 100% secure. There is nothing 100% certain in life, let alone in software-hardware.
          Next time you hear someone talking about 100% secure software or hardware, just tell them they don't understand shit.
          • Likes 5

          Comment

          • #25
            So The Odroid C4 running RedoxOS would be the most secure, performant option. Amazon/Apple/Microsoft all have custom ARM chips and more money than everyone else, it would be nice if they stepped in and fixed this mess. (Intel and AMD can't be botherd apparently)
            • Likes 2

            Comment

            • #26
              Originally posted by xfcemint View Post

              Nope, you are wrong. OOO does not require speculation. OOO is perfectly safe, at least as far as we currently know .
              I wonder how many more years it will be until the realization comes: "We need to give up on speculation."
              • Likes 4

              Comment

              • #27
                Originally posted by xfcemint View Post
                Also, speculation is safe if done just on registers and a few buffers close to the ALU. The problem with current CPUs is that manufacturers are relentlessly and dangerously speculating on every shit they can think of to get out that last 1% performance. Than the CPU looks good on benchmarks when it is released.
                One of the variants of Spectre is called Rogue System Register Read so I wouldn't be so sure registers are safe. On top of that the Cortex-A57 at least is vulnerable to Spectre-3a as well which is basically "meltdown but for registers".
                • Likes 2

                Comment

                • #28
                  Originally posted by xfcemint View Post
                  I wonder how many more years before the CPU manufacturers realize that they can offer a user-controlled option to disable speculation (a so-called "chicken bit") and carve out a niche marked there of customers who value additional security.
                  Don't we already have something like that with chips that employ ARM's big.LITTLE architecture?
                  Last edited by ed31337; 11 September 2020, 08:21 PM.

                  Comment

                  • #29
                    Originally posted by CochainComplex View Post
                    so where are the non speculative CPU's? is it still possible or will this push us back to pre-P4 era (performancewise)?
                    In-order designs with today's performance won't be possible unless we break the memory wall.

                    On the other hand, with the performance impact of mitigating those flaws we'd be better off with an overclocked 486 + modern extensions.

                    Comment

                    • #30
                      Originally posted by elatllat View Post
                      So The Odroid C4 running RedoxOS would be the most secure, performant option. Amazon/Apple/Microsoft all have custom ARM chips and more money than everyone else, it would be nice if they stepped in and fixed this mess. (Intel and AMD can't be botherd apparently)
                      That would be a very secure combo in theory.

                      Comment

                      Previous 1 2 3 4 template Next
                      Working...
                      X