[Cryptography] Speculation considered harmful?

[Tom Mitchell]

On Tue, Jan 23, 2018 at 1:24 PM, Arnold Reinhold <agr at me.com> wrote:

> Most  discussions of the Spectre vulnerabilities have centered on how to
> keep speculative execution from revealing contents of kernel memory without
> paying a big cost in performance. It might be worth exploring other
> directions including safer storage of secrets now kept in kernel memory and
> adding hardware to detect such attacks.
>

The solution will be a moving target but it might be interesting if Intel
and others enhanced their WiFi devices that plug into
the M.2 bus interfaces on a lot of smaller systems.  Packaged:   M.2 22x30;
M.2 12x16 and M.2 2230: 22 mm x 30 mm x 2.4 mm.

The solution today and tomorrow are likely to be different but a device on
the PCI Express Mini Card standard bus might
be sufficient with the kernel mapping some of the device ONLY when needed.
On demand page faults would devolve to
a security question does the system need it then map and unmap sequence
perhaps at a changing location in phys and virtual space.  Write only
configuration registers would place it some place and a program that
attempts to discover data would have to trigger access
to random bits or cause a trap to spring allowing the detection of bad
actors programs.

Not as fast as cache... by a lot.

WiFi devices are about $26 for a dual band AC device.
As long as the BIOS white list allows it these can be easy to update.
Larger system boards do not have this interface connector but could.
Updating a little $26 device might be better than a $500+ processor.
Motherboards can be less expensive to replace than the high
end  processors so an external service device is not insane (this problem
is).

Ease of installing revision B, C, D... should be part of the plan.








-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180123/94f9f1fd/attachment.html>