[Cryptography] Speculation considered harmful?
Viktor Dukhovni
cryptography at dukhovni.org
Sat Jan 6 17:28:36 EST 2018
> On Jan 6, 2018, at 10:51 AM, Howard Chu <hyc at symas.com> wrote:
>
> No. For the Spectre attack to work the cache has to already be in a known state beforehand. The attack code always does a clflush on the target address to initialize it, which leaves it invalid. Explicitly marking the cacheline as invalid after the cancelled speculative fetch would just restore it to its initial state and the attacker will get no information, every reference will always cause a memory fetch.
There's not much point in debating on this list largely impractical
seat-of-the-pants CPU-design changes. Making the cache transactional
is I expect almost certainly far too complex a design option.
Measures to improve process isolation are likely much more realistic.
--
Viktor.
More information about the cryptography
mailing list