[Cryptography] Speculation considered harmful?
Nemo
nemo at self-evident.org
Fri Jan 19 12:14:15 EST 2018
Henry Baker <hbaker1 at pipeline.com> writes:
> There used to be DSP's with instructions that you could utilize to
> *bypass the cache* -- both for loading and storing.
The x86 SSE instructions actually provide this. Try a search for
"non-temporal".
Using such instructions to avoid covert channels via cache is an
interesting thought... But ultimately I do not think it would work
unless maybe you used them exclusively, which would be murderous for
performance.
Not sharing caches across protection domains looks like the only robust
fix. Others are thinking along lines; see e.g. https://lkml.org/lkml/2018/1/3/797
- Nemo
https://self-evident.org/
More information about the cryptography
mailing list