[Cryptography] Secure erasure in C.

Jerry Leichter leichter at lrw.com
Tue Sep 13 06:32:20 EDT 2016 

> On the hardware side I just learned that some ARM cores have a mix
> of large and small cores that share memory and cache.  The information 
> leak and software reliability risk  is the little cores must always flush 
> cache as if they were a big core.     
> Code could migrate from one to another and the code would not 
> be able to know it moved or how wide the cache line is so it must
> assume the largest possible.
I'm not sure what the significance of two different core sizes is.  Processes migrate across cores in all multi-core implementations I'm aware of.  OS's *try* to keep a process on a single core because it improves performance - any per-core caches or other bits of state are likely to retain some information for the process, even if some OS code or even another process has used the code since - but that's certainly no guarantee.  Depending on the details of the chip/cache/other state design, some stuff may need to be flushed while other stuff will be protected by the hardware.  For example, in a simple design with virtually addressed cache, cache lines may have to be flushed to prevent the next process reading data the previous one loaded into the cache and the same virtual address (which of course may correspond to some entirely different physical address).  More sophisticated caches tag lines with a process id, so even if the virtual address matches, the new process will not be given access to the old one's line.  Process tags are probably universal in modern CPU's.

Having two different kinds of cores makes the design of the OS scheduler somewhat more complex, but the resulting reduction in power usage can be worth it.  (For example, Apple - which has complete control over both the hardware and software and measures things in fine detail - hasn't previously used a big/little design, but has done so in the A10 chip that's in the new iPhone 7.)  Perhaps this makes core-to-core migration more common, though it's not clear that it would - choice of big or little core is based on power demand, which is unlikely to change very often relative to the time scales of other events in the OS.  But the cache control issues remain unchanged.
                                                        -- Jerry

More information about the cryptography mailing list