[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Does RISC V solve Spectre ?

On 3/23/2018 2:09 AM, Raphael Jacquot wrote:
RiscV is an ISA, for which there are a number of implementations possible..
Spectre and Meltdown are consequences of implementation fallacies /
bugs, most notably, allowing a process to access cached data whether or
not it is authorized to do so in certain circumstances.
those bugs have nothing to do with core frequency.
thus, RiscV may or may not be susceptible, depending on implementation

I read an analysis that said that LowRisc (a minimalist RISC-V variant)
was immune to the Spectre attacks, because they're attacks on
speculative execution, which LowRisc doesn't implement,
and Meltdown (which abuses out-of-order execution as well as speculative execution) doesn't affect BOOM, the Berkeley Out-of-Order Machine,
which was then-currently the only OOE implementation of RISC-V
and which also doesn't implement speculative execution.

That doesn't mean you couldn't build a higher-end RISC-V implementation that has OOE and Speculative, and could therefore be vulnerable to the attacks, and doesn't fit on a small cheap student-friendly FPGA,
but now that we know about those attacks, designers are more likely to
try to prevent them.
The cryptography mailing list
cryptography AT metzdowd.com