Help - Search - Members - Calendar
Full Version: Meltdown and Spectre: Every modern processor has unfixable security flaws
OESF Portables Forum > General Forums > General Discussion
Varti
ArsTechnica has published an article on the two recently discovered flaws which plague every modern CPU:

https://arstechnica.com/gadgets/2018/01/mel...security-flaws/

Thanks to SMD for mentioning the news on Indiegogo.

Varti
HoloVector
This issue still seems to be a moving target as there is some conflicting info coming out. Intel hasn’t been very forth coming at all with the extent this affects their product line (could affect all processors going back to 1995 or not). AMD is not/is affected. ARM is only affected in a small subset of their Cortex processors but, are they ignoring their older models like StrongARM?Basically, it is a real mess. dry.gif
Varti
I hope that both Gemini's Planet Computers and GPD will be able to confirm if the CPUs they use are affected or not by these two bugs.

Varti
greguu
There is a lot of confusion going on at the moment and I agree, the official communication from Intel was very misleading. Even popular online IT outlets struggle to get the story straight and can not separate clearly the cause and impact of "Meltdown" vs "Spectre". This is quite frustrating.

Intel Atom (x86):

Any Atom CPUs before 2013 should be fine. Any newer ones are affected from Meltdown and Spectre AFAIK. Take this with a grain of salt, if you like to know for sure, compile and run these source files on your Atom based Hand Held:
Spectre.c https://gist.github.com/Badel2/ba8826e66072...26c5ed098d98d27
Meltdown.c https://github.com/paboldin/meltdown-exploit

Intel Xscale (Zaurus Series, PXA2xx):

There is strong indication that Meltdown does not apply to PXA2xx, but currently this can not be confirmed 100% as the meldown.c files circulating on github do rely on X86. If you have a proof of concept .c file for ARMv5, let me know.
The same applies for Spectre. The Raspberry Pi seems not be be affected (ARMv7+), but Xscale ARMv5 cores (older) do actually have proper dynamic branch prediction/folding as opposed to some ARMv7 cores AFAIK. It may be possible to exploit PXA2xx with Spectre (this may need a specific approach), but because current Spectre.c files on github do not compile on ARM due to a SSE specific "_mm_clflush" this can not be confirmed at this stage.

Please note that none of the released linux kernels working with ArchLinuxARM for the Zaurus Cxx00 Series does feature Kernel Page Table Isolation (KPTI). This feature may be implemented in a newer kernel release for ALARMZ. (4.16)

Gemini PDA:

This is platform is interesting, as the chip used, a MediaTek, seems to use a few different ARM cores. The Cortex A72 is affected from spectre but he Cortex A53 is apparently not. According to the spec sheet the Gemini PDA CPU consists of:

2x Cortex A72 @2.6GHz
4x Cortex A53 @2.0GHz
4x Cortex A53 @1.6GHz

so there may be some impact via the primary 2 core Cortex A72 I would assume.

QUOTE(HoloVector @ Jan 5 2018, 02:51 PM) *
This issue still seems to be a moving target as there is some conflicting info coming out. Intel hasn’t been very forth coming at all with the extent this affects their product line (could affect all processors going back to 1995 or not). AMD is not/is affected. ARM is only affected in a small subset of their Cortex processors but, are they ignoring their older models like StrongARM?Basically, it is a real mess. dry.gif
Varti
QUOTE(greguu @ Jan 6 2018, 10:00 AM) *
There is a lot of confusion going on at the moment and I agree, the official communication from Intel was very misleading. Even popular online IT outlets struggle to get the story straight and can not separate clearly the cause and impact of "Meltdown" vs "Spectre". This is quite frustrating.

Thanks greguu for this write up, it was an interesting read. For the XScale CPU, maybe the folks on the Arm Linux ARM forum will make a compatible version of both tools.

Varti
HoloVector
Any more news on the PXA-2xx in the Zaurii?
greguu
According to "Toradex", a Swiss ARM SOC company, PXA-27x are not affected by meltdown or spectre. If this is true, this possibly also applies to PXA-25x. I am still looking for a proof of concept spectre.c or meltdown.c that compiles on a Cxx00.

https://www.toradex.com/news/vulnerability-...wn-and-spectre# (Released Friday, January 19, 2018 )
QUOTE(HoloVector @ Jan 16 2018, 03:55 AM) *
Any more news on the PXA-2xx in the Zaurii?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2019 Invision Power Services, Inc.