[Cryptography] Does RISC V solve Spectre ?
Bill Stewart
billstewart at pobox.com
Fri Mar 23 16:25:03 EDT 2018
On 3/23/2018 2:09 AM, Raphael Jacquot wrote:
> RiscV is an ISA, for which there are a number of implementations possible..
> Spectre and Meltdown are consequences of implementation fallacies /
> bugs, most notably, allowing a process to access cached data whether or
> not it is authorized to do so in certain circumstances.
> those bugs have nothing to do with core frequency.
> thus, RiscV may or may not be susceptible, depending on implementation
> details.
I read an analysis that said that LowRisc (a minimalist RISC-V variant)
was immune to the Spectre attacks, because they're attacks on
speculative execution, which LowRisc doesn't implement,
and Meltdown (which abuses out-of-order execution as well as speculative
execution) doesn't affect BOOM, the Berkeley Out-of-Order Machine,
which was then-currently the only OOE implementation of RISC-V
and which also doesn't implement speculative execution.
That doesn't mean you couldn't build a higher-end RISC-V implementation
that has OOE and Speculative, and could therefore be vulnerable to the
attacks, and doesn't fit on a small cheap student-friendly FPGA,
but now that we know about those attacks, designers are more likely to
try to prevent them.
More information about the cryptography
mailing list