Eben Upton Explains Why Raspberry Pi Isn't Vulnerable To Spectre Or Meltdown (raspberrypi.org) 116
Raspberry Pi founder and CEO Eben Upton says the Raspberry Pi isn't susceptible to the "Spectre" or "Meltdown" vulnerabilities because of the particular ARM cores they use. "Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel's address space (which should normally be inaccessible to user programs)," Upton writes. He goes on to provide a "primer on some concepts in modern processor design" and "illustrate these concepts using simple programs in Python syntax..."
In conclusion: "Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly, while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve," writes Upton. "Meltdown and Spectre are examples of what happens when we reason about security in the context of that abstraction, and then encounter minor discrepancies between the abstraction and reality. The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort."
In conclusion: "Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly, while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve," writes Upton. "Meltdown and Spectre are examples of what happens when we reason about security in the context of that abstraction, and then encounter minor discrepancies between the abstraction and reality. The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort."
Re:tl;dr (Score:5, Informative)
It doesn't use an Intel cpu
True for "Meltdown", which only breaks Intel CPUs. But "Spectre" also breaks some AMD and ARM processors.
Fortunately, the particular ARM cores in the Raspbery Pi are also NOT doing the thing that lets Spectre break them.
Re: (Score:2)
Spectre breaks anything that does out of order processing, and it's the first shoe to fall. The techniques discovered in Spectre are just the beginning of a whole new wave of attacks based on the timing attacks Spectre use.
Re: (Score:2)
False. Out of order execution alone isn't enough. Spectre was NAMED after "speculation" -- branch prediction. The ARM core in the Raspberry Pi DOES NOT USE THIS.
Read the section for Spectre here:
http://www.pcgamer.com/what-yo... [pcgamer.com]
Meltdown affects ONLY Intel because they allowed a special type of branch prediction for illegal operations, Spectre affects many CPUs that use branch prediction, but is much more difficult to exploit as each exploit would have to target a specific cpu or cpu family -- not a gener
Re: (Score:2)
Not exactly.
Meltdown affect only Intel, because only Intel CPU allow userland process to successfully load a register with supervisor (kernel) data, when the page flags indicate that data should not be readable by userland.
There is absolutely no reason to allow the read to complete. Checking the permission flags is just a couple logical operators and should be done at the same time as TLB lookup. TLB is special kind of cache that hold essential data from the Page Table.
TLB contains the access flags, cache t
Re: (Score:3)
All out-of-order processors perform speculation. You can't fill an out-of-order pipeline usefully without it and the power, area, and complexity overheads of out-of-order designs are huge so no one is crazy enough to build an out-of-order design that throws away most of the benefit by not doing any speculation. A number of in-order processors do as well, because any pipelined processor that doesn't do some speculative execution is going to have pipeline bubbles and lose a good 20% of its maximum throughp
Re: (Score:2, Flamebait)
It's more like "the Pi uses such a gutless CPU that there's no chance it'll be vulnerable to anything affecting high-performance CPUs".
Next up: Woz issues a press release explaining why the Apple II isn't vulnerable.
Re: (Score:2)
Next up: Woz issues a press release explaining why the Apple II isn't vulnerable.
The first few generations of Macs were not vulnerable. No malware could access data from other processes or users, because there were no other processes or users. Probably the same with early Windows versions.
Re: (Score:2)
Re: (Score:2)
I'm going to make a fortune and release Z80-based IoT devices!
Re: (Score:2)
There are already Z80 chips in IoT devices. At this point, they're used as microcontrollers, and Zilog threw hardware TCP/IP stacks on them with internet-connected devices in mind.
Re: (Score:2)
My fridge runs CP/M Wooooo!
Actually that would be kinda neat...
Brb.
Re: (Score:2)
Even nicer if it was MP/M. Or OS8MT [old-computers.com].
Re: (Score:2)
Don't really know if a list is practical. As you Say there are a lot of ARM based CPUs.
However most CPUs if you google the model number you can find a product page that will tell you which cores are in it. Compare the cores to ARMs list here https://developer.arm.com/support/security-update
So your example of the Texas Instruments DM3725 http://www.ti.com/product/DM3725 contains an Arm A-8 core which is affected by variant 1 and 2 of spectre.
In other words (Score:5, Informative)
You wanted a cheap computer, so we picked a cheap CPU that doesn't do fancy-schmancy stuff like trying to guess what you will do next.
In other news, my abacus never has a battery fire.
I don't think it's just because the CPU is cheap (Score:2)
Re: (Score:3)
considering what little CPU percentage is used by the average PC user, there may be an argument for desktops and laptops not needing it either.... Maybe even for data centers where large caches are more important than branch predictions.
I know, I know... Insanity! Branch prediction is like... 75% to 99% correct, so it's not that much of a waste... and pipelines are long... but, Intel just helped put out a patch that wipes cache when switching between user mode and kernel mode and your average user can't
Re: (Score:2)
There's got to be an energy cost associated with that since you're making it do a bunch of operations it doesn't need to do.
True, to an extent, but not entirely. The difference in power consumption between a CPU executing instructions and a CPU in a pipeline stall is fairly small. The difference between a CPU executing instructions and in a sleep state is a lot higher, so you get better power efficiency if you finish fast and go to sleep.
On wide out-of-order pipelines, you're using a lot of energy just to have the scheduler and register rename units powered. This is why the low-end ARM cores get better performance per Wat
Re: (Score:2)
Re: (Score:2)
...because nobody in their right mind does online banking on a RasPi. Those SD cards will go corrupt if you just look at them!
They're fine for the most part (SD-cards in R-Pi's). And Raspbian being basically Debian, is totally solid. The only thing that would concern me with regards to online banking would be that the version of Chromium they ship tends to be a few versions out of date.
Aside from that, it's probably safer than most Windows boxes for online banking and almost certainly safer than using a smart-TV.
Re: (Score:2)
And uninstall your web browser, Since almost every web page contains javascript that gets downloaded and run as "local code". Spectre can work via javascript.
SnapDragon CPUs are affected by spectre as well. Quallcomm just recently verified this.
Re: (Score:2)
>Since almost every web page contains javascript that gets downloaded and run as "local code".
No Script
Excellent tutorial (Score:3)
With all the hype and panic about these vulnerabilities, it was refreshing to read Eben's clear, detailed tutorial on processor architecture and how these exploits work (and why the RPi isn't vulnerable).
Highly recommend reading the article.
You guys... (Score:2)
Re: (Score:2)
3) Does anyone have any idea of how difficult it is to leverage this particular vulnerability to do something useful?
NVD doesn't, yet. They have a big banner that says "undergoing analysis".
https://nvd.nist.gov/vuln/deta... [nist.gov]
Re:You guys... (Score:4, Informative)
Everyone seems to have lost perspective here. 1) In order for you to be "vulnerable", you must be running some kind of malware. If you're running malware, you are already fucked with a sand-paper dildo.
It would be surprising if the average user didn't encounter malicious code, because malicious Javascript is a thing. At least one of these attacks can be made through your browser. How are you enjoying your anal sanding?
Re: (Score:3)
1) In order for you to be "vulnerable", you must be running some kind of malware. If you're running malware, you are already fucked with a sand-paper dildo.
Depends. If I run malware on my Mac and it is 100% limited to the single user that it's running on, then I'm fucked. Because the single user (me) is all I care about. If I run malware on a cloud server that is 100% limited to the single user that it's running on, then _I_ am still fucked, but everyone else on the server is safe. If I ran malware on my iPhone, software isn't supposed to be able to access anything outside that app, so I should be safe even with malware.
So fixing this is not _that_ importan
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Well it could be if it supported more than a gig of RAM and 4K graphics.
i.e. as found in the VideoCore V implementation of the forthcoming rPi 4.
From owner of three Raspberry PI 3 (Score:2)
I installed Apache 2, PHP 7, SSH, SFTP on one RPI3 and MySQL database on another. This system is incredibly stable and quite fast. I think of moving to self-hosting with this setup. It practically does not consume any electricity.
I realize now that it does not requite too much computing power to send HTML files and even
Re: (Score:3)
I run a similar setup (ie my entire primary server set including HTTP, NTP, DNS, etc) on an RPi2.
Does its job very well and uses only 1W most of the time enabling me to keep them off-grid:
http://www.earth.org.uk/note-o... [earth.org.uk]
http://www.earth.org.uk/_off-g... [earth.org.uk]
I see various people pissing all over the RPis here, but they really are remarkable, and bigger is not always better. It depends on the application.
Rgds
Damon
Re: (Score:2)
I installed Apache 2, PHP 7, SSH, SFTP on one RPI3 and MySQL database on another.
I've experimented with all of that. Performance was... well, let's just say it was shit. The lack of memory is the big problem. There just isn't enough. This is why I got a Pine A64+. Which, of course, is arm64 and probably vulnerable :p
I do use an original raspi as a serial redirector, which is about its speed. I might swap that out for an esp8266 though, which can handle that job. I also have a zero w which I plan to mount on my dead cat, but I have many projects ahead of that one.
No instruction pipeline cache == feature (Score:4, Funny)
No instruction pipeline cache == feature.
Yeah all ARM7 cores have that "security feature".
I hear PC-XT's are making a comeback, because most malware won't fit in 640K any more.
So having only 640K is a "security feature".
accessible (Score:3)
Good News! Good News indeed! (Score:2)
This should advance the reputation of FOS Hardware further. Which can't be wrong. ... I'm starting to desperately awaits decent quality cheap FOS Hardware ARM Laptop. That would move things forward in this department.
Yet it still has USB bandwidth issues. (Score:1)
Re: (Score:1)
Then clearly we can conclude that ARM Holdings know very little about their own cores, as opposed to Raspberry Pi founder and CEO Eben Upton. /sarcasm
Re:Oh really? The Cortex-A7 and Cortex-A53.... (Score:5, Informative)
Except that ARM doesn’t list the A7 or A53 as vulnerable.
https://developer.arm.com/supp... [arm.com]
So Eben knows just as much as ARM does.
Re: (Score:1)
Clicked on the wrong moderation, so posting to undo.
Re: (Score:3, Informative)
Care to point out where in Arms white paper it mentions the a7 or a53 cores being affected by Spectre?
https://developer.arm.com/support/security-update
Re: (Score:2)
Re:Irrelevant (Score:5, Insightful)
What you qualify as "toys" are more powerful than the computers we used when I was in college in the mid-1990's.
Re: (Score:3)
If you learn to make a solution on a low performance device then you will become a better coder less prone to make inefficient solutions.
You can always make something that works, but to do something efficient takes skill.
Re: (Score:2)
Last time I checked we don’t live in the 90s anymore and those computers look like mere toys compared to the CPUs of today. Laughably so when even a dinky Intel m3 is many times faster.
Not a "toy" (Score:1)
It's a bona fide low-power computer that is suited for some computing tasks but is not a replacement for a laptop or desktop PC.
There is a difference.
Comparing a PC to a Pi is like comparing a professional-grade bicycle with a $50 kid's bike. Both get the job done and both are built to last for years, but one has a lot more features than the other.
It is NOT comparing a professional-grade bicycle with a toy bicycle that Ken and Barbie dolls can ride around on.
Re: Irrelevant (Score:1)
This. And even running bloated modern software, a Pi 3 or compute stick plugged into a keyboard, mouse and monitor would be sufficient for most of my day to day business and casual computing tasks. If you already have a suitable screen, the device itself plus a cheap keyboard and mouse are quite affordable too.
Cheap used laptops are sufficient for everyday tasks as well, at least after replacing the aging HDD with an SSD. But that brings the price higher than Pi 3+MicroSD+keyboard+mouse.
Our phones are power
Re:Irrelevant (Score:5, Funny)
I don't know the exact number, of course, but I know that a raspberry pi is at MINIMUM a thousand times more powerful than computers that took us to the moon. So like, what fucking ever.
Re: (Score:2)
I can walk 100 times faster than a snail. Doesn’t make me an olympic athelete.
Re: (Score:2)
Re: (Score:2)
In Soviet Russia Olympians makes you.
Re: (Score:2)
It might if the bus is 100s of feet away.
to bad they dump all IO on the usb bus (Score:2)
to bad they dump all IO on the usb 2.0 bus so no gig-e hell not even full 100M much less with any disk io at the same time.
Re: (Score:2)
If you need GigE you get a Pogoplug. They ruined the software so that you have to solder to the motherboard to get a serial port and root the thing, so they are now cheap AF. SATA which supports port multipliers, USB3, USB2, and a SDHC slot, for around ten bucks. And yes, GigE. runs Debian. Makes a great little fileserver. The TDP is under 10W...
Re: (Score:1)
I know that a raspberry pi is at MINIMUM a thousand times more powerful than computers that took us to the moon.
So why hasn't the Pi taken us to Mars? Something is wrong with your logic.
Re: (Score:2)
One word: Lousy programmers.
See? Most* can't even estimate their own workloads. It always takes twice as much as planned.
And then there are 'managers'... who prevent us from using assembly the way it's meant to be used. They want to *shudder* 'understand' what we write and collaborate and a fancy UI and garbage collection (there is a lot of garbage surrounding our little blue planet) and *fill in favorite hype/buzzword* using *popular piece of office software they say they can actually be productive in*. S
Re: (Score:2)
It depends what you use it for. An RP is a great for learning and for dedicated devices..... but we know it's far from being a modern desktop replacement. My "seat of my pants" feeling is that an RP3 is about as fast as a high end Pentium 3 (Circa 2000).
There are a *lot* of dedicated use devices that need much less power then a full fledged PC. The great thing is that PC technology doesn't stand still, and that a RP20 (or whatever the equivalent of an RP3 is in 15 years) will probably be as fast as to
Re: (Score:2)
One of the things that hurts the Pi is that all the I/O is done through USB, and a lot of micro SD cards are not very fast - which isn't usually a big deal until you're using one as your OS drive.
Finally, clock for clock, ARM just isn't as fast as x86. It may be a 1.2GHz quad-core, but looking at MIPs, it's about the same as a mid-range P3, which is a single core. One of the reasons is in the TFA - the Pi doesn't do speculative branching like P3 does. My guess is that for anything single-threaded, you're
Doubly irrelevant (Score:5, Informative)
Raspberry PIs and equivalents are toys.
Raspberry PI isn't a CPU. It is a single-board-computer designed for computer-science education and for rapid prototyping of embedded systems. The CPU in question is the Cortex A53 processor, which according to the manufacturer's datasheet is intended as a:
High efficiency processor for a wide range of applications in mobile, DTV, automotive, networking, storage, aerospace, and more.
This doesn't sound like a toy. It sounds like it is meant to be simple and efficient to integrate into industrial designs. That probably means that power consumption is a higher priority than squeezing the most performance out of the chip, which in turn means less aggressive use of speculative execution to keep as much of the chip working at any given time as possible.
So not being as vulnerable to this particular side channel attack isn't the result of the forethought of the Raspberry Pi's designers, or or Broadcom or ARM Holdings. It's the result of the intended applications of the CPU.
Re: (Score:2)
They are still suitable for various small embedded solutions. Not every computing task requires petaflop performance.
I'm not saying that the Raspberry Pi is the ideal solution, but sometimes the most amazing solutions comes out of implementations made on low performance devices while high performance devices instead allows for bloatware.