OESF Portal | OESF Forum | OESF Wiki | LinuxPDA | #planetgemini chat on matrix.org | #gemini-pda chat on Freenode | #zaurus and #alarmz chat on Freenode | ELSI (coming soon) | Ibiblio

IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Meltdown and Spectre: Every modern processor has unfixable security flaws
Varti
post Jan 4 2018, 07:32 AM
Post #1





Group: Admin
Posts: 934
Joined: 30-April 08
From: Italy
Member No.: 21,713



ArsTechnica has published an article on the two recently discovered flaws which plague every modern CPU:

https://arstechnica.com/gadgets/2018/01/mel...security-flaws/

Thanks to SMD for mentioning the news on Indiegogo.

Varti
Go to the top of the page
 
+Quote Post
HoloVector
post Jan 5 2018, 05:51 AM
Post #2





Group: Members
Posts: 533
Joined: 22-March 06
From: Winnipeg, Canada
Member No.: 9,420



This issue still seems to be a moving target as there is some conflicting info coming out. Intel hasn’t been very forth coming at all with the extent this affects their product line (could affect all processors going back to 1995 or not). AMD is not/is affected. ARM is only affected in a small subset of their Cortex processors but, are they ignoring their older models like StrongARM?Basically, it is a real mess. dry.gif
Go to the top of the page
 
+Quote Post
Varti
post Jan 5 2018, 05:59 AM
Post #3





Group: Admin
Posts: 934
Joined: 30-April 08
From: Italy
Member No.: 21,713



I hope that both Gemini's Planet Computers and GPD will be able to confirm if the CPUs they use are affected or not by these two bugs.

Varti
Go to the top of the page
 
+Quote Post
greguu
post Jan 6 2018, 01:00 AM
Post #4





Group: Moderators
Posts: 374
Joined: 14-November 05
From: New Zealand
Member No.: 8,535



There is a lot of confusion going on at the moment and I agree, the official communication from Intel was very misleading. Even popular online IT outlets struggle to get the story straight and can not separate clearly the cause and impact of "Meltdown" vs "Spectre". This is quite frustrating.

Intel Atom (x86):

Any Atom CPUs before 2013 should be fine. Any newer ones are affected from Meltdown and Spectre AFAIK. Take this with a grain of salt, if you like to know for sure, compile and run these source files on your Atom based Hand Held:
Spectre.c https://gist.github.com/Badel2/ba8826e66072...26c5ed098d98d27
Meltdown.c https://github.com/paboldin/meltdown-exploit

Intel Xscale (Zaurus Series, PXA2xx):

There is strong indication that Meltdown does not apply to PXA2xx, but currently this can not be confirmed 100% as the meldown.c files circulating on github do rely on X86. If you have a proof of concept .c file for ARMv5, let me know.
The same applies for Spectre. The Raspberry Pi seems not be be affected (ARMv7+), but Xscale ARMv5 cores (older) do actually have proper dynamic branch prediction/folding as opposed to some ARMv7 cores AFAIK. It may be possible to exploit PXA2xx with Spectre (this may need a specific approach), but because current Spectre.c files on github do not compile on ARM due to a SSE specific "_mm_clflush" this can not be confirmed at this stage.

Please note that none of the released linux kernels working with ArchLinuxARM for the Zaurus Cxx00 Series does feature Kernel Page Table Isolation (KPTI). This feature may be implemented in a newer kernel release for ALARMZ. (4.16)

Gemini PDA:

This is platform is interesting, as the chip used, a MediaTek, seems to use a few different ARM cores. The Cortex A72 is affected from spectre but he Cortex A53 is apparently not. According to the spec sheet the Gemini PDA CPU consists of:

2x Cortex A72 @2.6GHz
4x Cortex A53 @2.0GHz
4x Cortex A53 @1.6GHz

so there may be some impact via the primary 2 core Cortex A72 I would assume.

QUOTE(HoloVector @ Jan 5 2018, 02:51 PM) *
This issue still seems to be a moving target as there is some conflicting info coming out. Intel hasn’t been very forth coming at all with the extent this affects their product line (could affect all processors going back to 1995 or not). AMD is not/is affected. ARM is only affected in a small subset of their Cortex processors but, are they ignoring their older models like StrongARM?Basically, it is a real mess. dry.gif


This post has been edited by greguu: Jan 6 2018, 02:49 AM
Go to the top of the page
 
+Quote Post
Varti
post Jan 8 2018, 07:43 AM
Post #5





Group: Admin
Posts: 934
Joined: 30-April 08
From: Italy
Member No.: 21,713



QUOTE(greguu @ Jan 6 2018, 10:00 AM) *
There is a lot of confusion going on at the moment and I agree, the official communication from Intel was very misleading. Even popular online IT outlets struggle to get the story straight and can not separate clearly the cause and impact of "Meltdown" vs "Spectre". This is quite frustrating.

Thanks greguu for this write up, it was an interesting read. For the XScale CPU, maybe the folks on the Arm Linux ARM forum will make a compatible version of both tools.

Varti
Go to the top of the page
 
+Quote Post
HoloVector
post Jan 15 2018, 06:55 PM
Post #6





Group: Members
Posts: 533
Joined: 22-March 06
From: Winnipeg, Canada
Member No.: 9,420



Any more news on the PXA-2xx in the Zaurii?
Go to the top of the page
 
+Quote Post
greguu
post Jan 20 2018, 07:25 PM
Post #7





Group: Moderators
Posts: 374
Joined: 14-November 05
From: New Zealand
Member No.: 8,535



According to "Toradex", a Swiss ARM SOC company, PXA-27x are not affected by meltdown or spectre. If this is true, this possibly also applies to PXA-25x. I am still looking for a proof of concept spectre.c or meltdown.c that compiles on a Cxx00.

https://www.toradex.com/news/vulnerability-...wn-and-spectre# (Released Friday, January 19, 2018 )
QUOTE(HoloVector @ Jan 16 2018, 03:55 AM) *
Any more news on the PXA-2xx in the Zaurii?


This post has been edited by greguu: Jan 24 2018, 12:24 AM
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 14th November 2019 - 02:10 AM