SoylentNews is people
SoylentNews
Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed. The attacks were named Meltdown and Spectre. Since then, numerous variants of these attacks have been devised. In tandem, a range of mitigation techniques has been created to enable at-risk software, operating systems, and hypervisor platforms to protect against these attacks.
A research team—including many of the original researchers behind Meltdown, Spectre, and the related Foreshadow and BranchScope attacks—has published a new paper disclosing yet more attacks in the Spectre and Meltdown families. The result? Seven new possible attacks. Some are mitigated by known mitigation techniques, but others are not. That means further work is required to safeguard vulnerable systems.
The previous investigations into these attacks have been a little ad hoc in nature: examining particular features of interest to provide, for example, a Spectre attack that can be performed remotely over a network or Meltdown-esque attack to break into SGX enclaves. The new research is more systematic, looking at the underlying mechanisms behind both Meltdown and Spectre and running through all the different ways the speculative execution can be misdirected.
(Score: 1, Offtopic) by MichaelDavidCrawford on Monday November 19 2018, @10:03AM (7 children)
That what my boss Scott Lydiard told me in 1988 was that reason that the military was "very interested in RISC".
But much of what used to be RISC is now very complex.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by inertnet on Monday November 19 2018, @11:18AM (1 child)
Off topic:
Searching for "Fuck MDC" gets me over 4 million hits: "Ongeveer 4.040.000 resultaten".
On topic: which current processors would the people here recommend for building a new Linux desktop? Just ignore the Spectre and Meltdown hype? I read somewhere that Intel is selling (or planning to sell) processors without hyper-threading.
(Score: 0) by Anonymous Coward on Tuesday November 20 2018, @08:58AM
If your budget is under 100 dollars, RaspPi, Rock64/Rock64Pro (latter has a hex core with 2xOoO cores, non-pro and the other 4 cores of the Pro are In-Order), most other Pi marketed SBCs, specifically 2-4GB models. Out of those the Rock64Pro is the most usable. 2-4GB of GDDR4, and a 4x PCIe slot with an open end. If you have the money for addons, get a PCIe x16 bridge board intended for 8x PCIe x1 slots over USB3 cables and populate 4 of them. You will need an external power supply or a molex to 5v barrel to power the Rock64Pro, but that gives you a Quad In-Order processor, PCIe expansion, and if you customize your linux configuration to either blacklist or sandbox the Out of Order cores, it is just as safe as an in-order processor with some extra horsepower if you want to game or something.
Alternately if you have 1-5 grand, you can buy a Talos/Blackbird system from Raptor Engineering, who is producing IBM Power 8(9?) workstation boards capable of running between 128GB and 2TB of Registered DDR4, depending on motherboard model. Each processor can support up to 1TB of RAM using 128GB RDIMMs, although the Blackbird motherboard only has dual channel and 2 dimm sockets limiting it to 256GB maximum, and based on research, only 64-128GB given current ram availability and pricing.
If you mean Intel or AMD, they are both crap now. No manual reflashing of bios. Only accepting signed bios images, firmware tpms which if entrusted with your crypto keys makes it invisible for a remote adversary to gain access to if they have the keys and either an exploit or a signing key for the Intel ME/AMD SP (Latter is ARM Trustzone, with the same risks on your CellPhone, ignoring the baseband processor, which is its own can of worms.)
(Score: 2) by choose another one on Monday November 19 2018, @11:57AM (4 children)
RISC definitely was of interest due to potential to be provable (probably still is - I don't do Mil-stuff anymore).
x86 has never been RISC, though some of these attacks work on ARM too.
Fundamentally though, "You can prove that it works." does not actually mean that something else is unable to see what it did. Provability is all about demonstrating you get the right result every time, which is orthogonal to proving that no malicious actor can detect what the result was. I expect that in almost every mil scenario, by the time malicious code is close enough to perform these sort of attacks the security is already well past broken. Much more important (probably, IMO) are the civilian scenarios where unknown code is _expected_ to be running close enough to your code, shared hosting services particularly.
(Score: 2) by bzipitidoo on Monday November 19 2018, @05:19PM (2 children)
I certainly understand not doing Mil stuff. The military boys are wont to make unreasonable demands, and think they're not asking for all that much. Formal verification of a computer system, yes, it's possible to do that, but at what price? Even when money is not an issue, it can still take years to verify a system, by which time it is hopelessly obsolete. Really, you'd have to start from scratch. No, OpenBSD is not good enough. Make your own microkernel based OS. But then, you're losing out on years of OS refinement and performance tuning, and what can happen with that is that even if it is secure, it is hopelessly impractical because it is far too slow. All the worse if it's only certified to run on verified secure processors which are no longer manufactured due to obsolescence. Then they turn around and demand that it run what they know, which is Windows. They want formally verified, secure Windows, and they want MS Office.
However, under the hood, x86 has been RISC for years. Since the Pentium, each x86 instruction is implemented with a few instructions of microcode on the underlying RISC processor. Think the 486 was the last x86 CPU that implemented the instruction set directly in hardware.
Proving that "it works", AKA, that there are no bugs, is not at all orthogonal to security. I'd go as far as saying that security is a poor focus, and that a better way to more secure computer systems is to concentrate on eliminating bugs. And I don't mean the custom of endlessly rolling out patches to deal with the bug du jour, I mean designing the systems to entirely avoid whole classes of bugs. Like with these Spectre and Meltdown problems. Perhaps it's impractical to eschew speculation altogether, would be too much of a performance hit. But, is it really so burdensome for the hardware to make permission checks before doing the speculative execution?
(Score: 2) by RamiK on Monday November 19 2018, @07:59PM
Sure just load and... Oh wait...
(400 cycles later)
Ah shit.
compiling...
(Score: 0) by Anonymous Coward on Tuesday November 20 2018, @12:38AM
Pentium 90 was the last true CISC chip from Intel*. RISC was introduced with the Pentium Pro and continued with the PII.
*ISTR There being other x86 CISC chips after that from other manufacturers, but they didn't sell well and have been abandoned.
(Score: 2) by FatPhil on Monday November 19 2018, @05:24PM
... and therefore Spectre!
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves