Side Channel Attack Hits Arm CPUs

Image showing an ARM V8-A CPU on a circuitboard.

(Image credit: Raysonho / Wikimedia)

Update 6/11/2020 03:05 PT

We reached out to Eben Upton, Chief Executive of Raspberry Pi Trading for comment.

"We're aware of this issue, which at present appears to represent a very low risk to users. We're working to understand which cores are affected, and what the tradeoffs of applying mitigations are."

Original Article

Arm, the well known global semiconductor company who design the chips that power our daily lives, has issued guidance to software developers after a vulnerability in their ARMv8-A (Cortex-A) CPU was discovered. The vulnerability was identified following research from the Google SafeSide project, which explores attacks such as this.

Straight-line Speculation (SLS) is a speculative execution which exploits CPUs that access data in advance to increase performance, and then discard any unused computational branches. Side channel attacks such as this could enable malicious attackers to steal data from the CPU. In a answer from the Arm Developer FAQ page “Note that at present we deem the security risk to be low as this would be difficult to exploit in practice, and a practical exploit has yet to be demonstrated. However, the possibility cannot be dismissed which is why Arm is acting now.”

There are many devices featuring this processor which are affected by this bug, such as mobile devices, laptops and single board computers including the Raspberry Pi 4. Tom’s Hardware has reached out to the Raspberry Pi Foundation for comment, and will update this post when we have more information.

Patches to block this exploit have been issued by Arm engineers to various operating systems and open source software projects. Additional patches have been made for popular code compilers GCC and LLVM, which should not impact CPU performance.

Arm have released a whitepaper which provides greater detail on the cause and mitigation of the issue.

See more CPUs News

Les Pounder is an associate editor at Tom's Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program "Picademy".

Latest

A die photo of the original Pentium processor with its blocks labeled. The image is made of red and brown blocks, with one tiny segment zoomed and enhanced into.

30-year-old Pentium FDIV bug tracked down in the silicon — Ken Shirriff takes the microscope to Intel's first-ever recall

See more latest ►

13 Comments Comment from the forums

Gomez Addams

The first sentence of the article :

"Arm, the well known manufacturer of chips that power our daily lives, ..."

This is incorrect. They do not manufacture anything. They license intellectual property and provide design services and tools.
Reply
jimmysmitty

Color me shocked that there is an exploit for a CPU. Its almost as if all of them have exploits and will eventually be found as time passes.
Reply
cfbcfb

jimmysmitty said:
Color me shocked that there is an exploit for a CPU. Its almost as if all of them have exploits and will eventually be found as time passes.

Folks like Intel as a punching bag, but issues with AMD and ARM chips are about as common and severe as those affecting intel. AMD was just found to have a bug going back to 2011 that affects everything they've made since.

This may not be popular, but this is in many ways a part of the much vaunted "competition" that brings us faster, cheaper things more quickly. Testing has to be cut short, software compatibility is often delayed past the hardware introduction, etc.
Reply
InvalidError

jimmysmitty said:
Color me shocked that there is an exploit for a CPU. Its almost as if all of them have exploits and will eventually be found as time passes.
Given infinite time and infinite resources, exploit vectors can be found in even in security-hardened stuff. Doesn't make them practical in the real world, though you may still want to keep possibilities in mind because even if there is only a one in a billion chance of a given exploit succeeding, there are places where a once per billion failure is all you need to get screwed such as top-level authentication certificates and root keys.
Reply
nofanneeded

CPUs that access data in advance

and yet all CPU makers insist on using this even after they know already it is dangerous to design CPUs this way ...

we dont need that extra performance we get from this when it is not secured ... Abandon this method CPU makers !!!
Reply
abryant

Gomez Addams said:
The first sentence of the article :

"Arm, the well known manufacturer of chips that power our daily lives, ..."

This is incorrect. They do not manufacture anything. They license intellectual property and provide design services and tools.
This has been fixed. Thanks.
Reply
InvalidError

nofanneeded said:
and yet all CPU makers insist on using this even after they know already it is dangerous to design CPUs this way ...
we dont need that extra performance we get from this when it is not secured ... Abandon this method CPU makers !!!
Without speculative out-of-order execution, modern CPUs would have massively slower single-threaded performance from threads stalling on every single conditional branch and the inability to prefetch data based on where speculative execution is going so dependencies don't cause stalls. Modern x86 CPUs look 192-320 instructions ahead to fill execution units and with typical code having one conditional branch every 15-20 instructions, that's 10-20 branches ahead. The performance penalty would be massive, quite possibly in excess of 90%.
Reply
nofanneeded

InvalidError said:
Without speculative out-of-order execution, modern CPUs would have massively slower single-threaded performance from threads stalling on every single conditional branch and the inability to prefetch data based on where speculative execution is going so dependencies don't cause stalls. Modern x86 CPUs look 192-320 instructions ahead to fill execution units and with typical code having one conditional branch every 15-20 instructions, that's 10-20 branches ahead. The performance penalty would be massive, quite possibly in excess of 90%.

what 90% ? this is wrong , it is 90% of the time you need to fetch the data not the total speed of CPU. it would be 20% hit in total speed at worst speculations.

older cpu's the time of core 2 Generation did not use this method and they were not slow at that time.
Reply
InvalidError

nofanneeded said:
older cpu's the time of core 2 Generation did not use this method and they were not slow at that time.
You have no idea how wrong you are. Speculative execution has been in x86 CPUs since the Pentium Pro back in 1998.
Reply
jimmysmitty

InvalidError said:
Given infinite time and infinite resources, exploit vectors can be found in even in security-hardened stuff. Doesn't make them practical in the real world, though you may still want to keep possibilities in mind because even if there is only a one in a billion chance of a given exploit succeeding, there are places where a once per billion failure is all you need to get screwed such as top-level authentication certificates and root keys.

True. There are plenty exposed that are not applicable. For example some require physical access. If you are at the point where someone is physically accessing your servers or systems you have much bigger problems.
Reply

Show more comments

Stay On the Cutting Edge: Get the Tom's Hardware Newsletter

Most Popular