The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre and, in the wake of those bugs, stressed the importance of open-source development and a modern ISA in preventing vulnerabilities.
In consumer computing, we usually only hear about two instruction set architectures (ISA): x86 and ARM. Classified as a complex instruction set, x86 dominates the desktop and server space. Since the rise of smartphones, however, reduced-instruction-set (RISC) ARM processors have dominated the mobile computing market. Beyond x86, there aren’t many complex instruction sets still in use, but there are still many relevant RISC designs despite ARM’s seeming ubiquity.
The lesser known RISC-V ISA is among those being developed to take on ARM. It was created in the University of California, Berkeley and is unique because it’s open-source. The ISA is actively being worked on and is now overseen by the RISC-V Foundation, which includes companies such as AMD, Nvidia, Micron, Qualcomm, and Microsoft. An ISA alone doesn’t define a CPU design, though. RISC-V being open-source means that anyone is free to build their own CPU to implement the ISA, or their own compiler to build software that can run on RISC-V CPUs.
Until recently, RISC-V hadn’t seen much adoption in industry, but, in the past two years, Nvidia and Western Digital both announced that they would be adopting RISC-V CPUs. In light of the recent Meltdown/Spectre issue, the RISC-V foundation has released a statement on the vulnerabilities’ impact on RISC-V development.
As the organization points out, because Meltdown/Spectre are the result of hardware optimizations in specific CPUs, the vulnerabilities technically have nothing to do with ISAs. There are x86 CPUs that entirely lack speculative execution, after all. However, the RISC-V Foundation still notes that current RISC-V CPUs are not at risk. The most popular RISC-V CPU design, the open-source RISC-V Rocket, does not do speculative execution on memory access.
The RISC-V foundation stresses that the open-source nature of the RISC-V is its greatest advantage in preventing hardware vulnerabilities. There is already discussion happening in the RISC-V development community on how to construct the ISA to explicitly prevent speculative execution vulnerabilities in CPUs that implement it. According to the organization, RISC-V’s open-source development will lead to a more secure design.
The RISC-V community has an historic opportunity to “do security right” from the get-go with the benefit of up-to-date knowledge. In particular, the open RISC-V ISA makes it possible for many different groups to experiment with alternative mitigation techniques and share results.
RISC-V’s BSD license means it can be freely used to build open or proprietary derivatives. Even if the ISA fails to safeguard against a particular vulnerability, the existence of many CPU designs should lower its impact. With so many affected by Meltdown alone, a future where the world’s computing is split between more ISAs is surely less RISC-y. (We won't apologize for that glorious pun, even if we'll see more RISC-V, not less.)