Microarchitectural Attacks on Hardware RISC-V CPUs

38 views
Skip to first unread message

Matthias Tarasiewicz

unread,
Jul 12, 2023, 1:35:46 PM7/12/23
to RISC-V Developer Board Community
Not sure if anyone has seen this?


Cheers, Matthias

--
Matthias Tarasiewicz
RIAT Embedded R+D

Don Bailey

unread,
Jul 12, 2023, 1:52:01 PM7/12/23
to Matthias Tarasiewicz, RISC-V Developer Board Community
Thanks for shipping this out. This is a good paper and it's the first I've observed it. I only skimmed it, but I need to dive in. 

D


--
You received this message because you are subscribed to the Google Groups "RISC-V Developer Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to devboard-commun...@riscv.org.

Daniel Maslowski

unread,
Jul 13, 2023, 4:04:51 AM7/13/23
to Don Bailey, Matthias Tarasiewicz, RISC-V Developer Board Community
I have read this, and it shows typical symptoms of hardware/firmware mess:
The authors haven't looked into setting vendor specific CSRs that may partially mitigate the issues. That is sad.
On the other hand, firmware needs to be *easily* accessible and SoCs need *full* *public* documentation for better evaluation.

That said, I have yet to reproduce their work (haven't bothered yet), and then I'd like to see if CSR tweaks can improve things.

Theo de Raadt

unread,
Jul 13, 2023, 8:19:12 AM7/13/23
to Daniel Maslowski, Don Bailey, Matthias Tarasiewicz, RISC-V Developer Board Community
'Daniel Maslowski' via RISC-V Developer Board Community <devboard-...@riscv.org> wrote:

> The authors haven't looked into setting vendor specific CSRs that may partially
> mitigate the issues. That is sad.

They took on the responsibility of academic review.

They did not take on additional responsibilities. That is fine.

Your mail doesn't contain an actual list of mitigations either...

The lack of rigor in riscv64 product is not surprising; it is not an
emergent property. I do not know of a new product which didn't arrive
with such errors. Future hardware can be better (I won't say "will").

Reply all
Reply to author
Forward
0 new messages