[Cryptography] RISC-V isn't the answer
Tony Arcieri
bascule at gmail.com
Sun Jan 21 21:22:44 EST 2018
On Sun, Jan 21, 2018 at 6:05 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> Ok, so I've reviewed a number of discussions of
> the RISC-V architecture, and my conclusion is that
> RISC-V isn't going to be a "silver bullet" for
> high security & privacy applications.
>
Why?
> Although RISC-V was a "clean sheet" design in
> 2011 (?), a lot of water has gone under the
> bridge since then (cough, Snowden, cough),
>
So FUD?
> I don't believe that RISC-V adequately
> addresses all of the side-channel issues that
> have been discovered in the mean time.
>
Which sidechannel issues? If you're alluding to Meltdown and Spectre,
RISC-V isn't vulnerable to either, because no RISC-V core supports
speculative execution yet (the closest thing is the BOOMv2 core, which only
does out-of-order execution)
There are, of course, numerous other potential sidechannels, from DPA to
EM. These attacks require physical access and aren't remotely exploitable
like Meltdown/Spectre. Any chip which isn't specifically designed to resist
them is almost certainly vulnerable, but that's a different threat model.
The important point about RISC-V with regard to Meltdown and Spectre is the
RISC-V architecture is a major research testbed, they are just starting to
look at speculative execution now, and now have the opportunity of 20/20
hindsight. They also have designs with great memory protection
architectures already in place (lowRISC).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180121/771f7017/attachment.html>
More information about the cryptography
mailing list