ARMv8.5-A Support Being Prepped To Battle Spectre-Style Vulnerabilities
Earlier this month Arm began publishing details of the ARMv8.5-A instruction set update, which is expected to be officially documented and released by the end of Q1'2019, while the LLVM compiler stack has already received initial support for the interesting additions.
Landing yesterday in LLVM Git/SVN is the new ARMv8.5-A target while hitting the tree today is the more interesting work.
One of the most interesting additions with ARMv8.5-A -- and now supported by LLVM -- are architectural additions for fending off possible Spectre-style speculative execution security vulnerabilities. First up are new speculation restriction system registers. These new registers allow for restricting certain types of speculative execution.
There is also a new speculation barrier with the ARMv8.5-A instruction set for limiting speculative execution to instructions following it. Also are prediction invalidation instructions as barriers to speculative execution based on an earlier execution within a given execution context. There is also SSBB and PSSBB speculation barriers for restricting speculative execution of load instructions.
Outside of the security space, ARMv8.5-A is baking a new persistent memory instruction and random number instructions.
While not part of this LLVM compiler work, some of the other ARMv8.5-A improvements on deck include "memory tagging" as another security feature, support for debugging across power resets, finer grained traps for virtualization, and other persistent memory capabilities.
It's great that ARM is quick in getting out instruction set extensions to better deal with speculative execution in light of Spectre (and for the ARMv8.5-A compiler support being punctually added to LLVM), but it's going to be well into 2019 at the earliest before actually seeing any ARMv8.5-A hardware.
Landing yesterday in LLVM Git/SVN is the new ARMv8.5-A target while hitting the tree today is the more interesting work.
One of the most interesting additions with ARMv8.5-A -- and now supported by LLVM -- are architectural additions for fending off possible Spectre-style speculative execution security vulnerabilities. First up are new speculation restriction system registers. These new registers allow for restricting certain types of speculative execution.
There is also a new speculation barrier with the ARMv8.5-A instruction set for limiting speculative execution to instructions following it. Also are prediction invalidation instructions as barriers to speculative execution based on an earlier execution within a given execution context. There is also SSBB and PSSBB speculation barriers for restricting speculative execution of load instructions.
Outside of the security space, ARMv8.5-A is baking a new persistent memory instruction and random number instructions.
While not part of this LLVM compiler work, some of the other ARMv8.5-A improvements on deck include "memory tagging" as another security feature, support for debugging across power resets, finer grained traps for virtualization, and other persistent memory capabilities.
It's great that ARM is quick in getting out instruction set extensions to better deal with speculative execution in light of Spectre (and for the ARMv8.5-A compiler support being punctually added to LLVM), but it's going to be well into 2019 at the earliest before actually seeing any ARMv8.5-A hardware.
9 Comments