• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 135
  • Last Modified:

What is the status of AMD and ARM processor after Spectre/Meltdown?

How can Intel, AMD and ARM escape this meltdown and spectre without replacing the chips? Is patching the only solution? Or even it has some loopholes?
0
Giridhara Raam M
Asked:
Giridhara Raam M
1 Solution
 
JohnBusiness Consultant (Owner)Commented:
If the chips are modern 64-chips, the operating system can be patched. Windows has already done this. Apple will update theirs soon and I understand that some Android patches have been issued.

No need to replace chips.

Dump X86 machines yesterday or earlier.
1
 
Adam BrownSr Solutions ArchitectCommented:
In short, the problem is a hardware level bug that lets processes with lower levels of permission snoop on the memory used by everything else, including the OS kernal. Any CPU with the bug will be vulnerable to these attacks forever. The only resolution to the problem is to change how applications access memory in a way that works around the bug or hardens applications against the bug, which is what the patches do. Unfortunately, this takes a lot of processing power to do. The only way these vulnerabilities will be resolved is to completely redesign the CPUs so they work in a way that isn't vulnerable to attack. This is probably going to take a while to happen, since CPU designs take a *long* time. Most of the CPUs in computers now and that are on shelves now are vulnerable and will always be vulnerable, so patching applications and OSes is the only way to fix it.
1
 
JohnBusiness Consultant (Owner)Commented:
Now, less than 2 years away, BIOS will be gone, NetBIOS will be gone, UEFI will be the only startup method for computers. I am fairly sure we will not see any x86 computers. And in Windows, only Windows 10 or an as yet unannounced successor will be available.
1
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
btanExec ConsultantCommented:
The change of chips is future and more of enhancements as there is need to measure performance against such flaws. It can slow the chips itself which is not the intent but most of the solution by the vendors are patching first for Meltdown that can solve it and mitigation for Spectre which is more tricky and complex. Guarding against Spectre will still need operating system and application-level changes.

 I do expect the microcode patch will still be done for all chips going ahead. But operation system vendors have their own tricks to remediate such as dual page table protection, in context switching reset the branch-prediction buffers, disabling JavaScript shared buffers and adding random jitters in JS timer at the browser end, etc.

 Ultimately when the new capabilities of the chip microcode is clearer, the OS community will also hop obto using them actively as another Layer of defence.

Here are some summary for the chip vendors.
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

For Intel, on Meltdown, they are recommending the operating system level fix. Future generation processors will also include the capabilities, with Intel promising a lower performance impact. There are three new capabilities in total: one to "restrict" certain kinds of branch prediction, one to prevent one HyperThread from influencing the branch predictor of the other HyperThread on the same core, and one to act as a kind of branch prediction "barrier" that prevents branches before the "barrier" from influencing branches after the barrier.

These new restrictions will need to be supported and used by operating systems; they won't be available to individual applications. Some systems appear to already have the microcode update.

Intel whitepaper
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf


For AMD's chips, they aren't believed susceptible to the Meltdown flaw at all. The company also says (vaguely) that it should be less susceptible to the branch prediction attack. The array bounds problem has, however, been demonstrated on AMD systems, and for that, AMD is suggesting a very different solution from that of Intel: specifically, operating system patches. Not clear on their direction till next week the coordinated disclosure of action is released.


For ARM, on the array bounds attack, they are introducing a new instruction that provides a speculation barrier; similar to Intel's serializing instructions, the new ARM instruction should be inserted between the test of array bounds and the array access itself. ARM even provides sample code to show this.

ARM doesn't have a generic approach for solving the branch prediction attack, and, unlike Intel, it doesn't appear to be developing any immediate solution. However, the they note that many of its chips already have systems in place for invalidating or temporarily disabling the branch predictor and that operating systems should use that.

ARM's very latest high-performance design, the Cortex A-75, is also vulnerable to Meltdown attacks. The solution proposed is the same as Intel suggests and the same that Linux, Windows, and macOS are known to have implemented: change the memory mapping so that kernel memory mappings are no longer shared with user processes. ARM engineers have contributed patches to Linux to implement this for ARM chips.

ARM whitepaper
https://developer.arm.com/-/media/Files/pdf/Cache_Speculation_Side-channels.pdf?revision=966364ce-10aa-4580-8431-7e4ed42fb90b&la=en
1
 
Giridhara Raam MDigital Marketing SpecialistAuthor Commented:
Thanks everyone for detailed explanations.
0
 
dbruntonCommented:
>>  How can Intel, AMD and ARM escape this Meltdown and Spectre without replacing the chips?

The patches can stop the problem.  That's the present scenario everyone is working on and hoping that it will do.  The only question is how much impact on the processor do the patches make.  At present it is unknown until lots of testing in all sorts of workplace scenarios is done.  The biggest impact looks like in VM machines in cloud based systems.  Guesses for standard desktop machines looks like about 1% but we'll have to wait for test results.

And no manufacturer wants to replace the chips.  Intel would go broke and so would AMD and ARM.  There is 10 years of chips to replace.  And I think there are enough loopholes for the chip manufacturers to escape any claims made upon them.

>>  Is patching the only solution?  Or even it has some loopholes?

It is the only solution at present.  Remember there are 3 patches.  CPU microcode from the system vendor (for chips under 5 years old) and probably only Intel.  Operating system patches.  Anti-virus patches.  All three need to be installed for best protection.  If you've got a chip over 5 years old then you might be stuffed - you'll have some protection but not the best.

I'm expecting a new range of chips in about 12 months or earlier that will stop the Meltdown problem.  That's an easy design problem.  As for the Spectre problem the CPU manufacturers have lots of work to do there.  Don't expect a quick easy fix.

Now the patches will probably solve the problem temporarily.  Don't know what the hackers/malware people will do.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now