• BreakDecks@lemmy.ml
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    59
    ·
    8 months ago

    No system is perfect, sure, but rolling their own silicon was sorta asking for this problem.

    • hansl@lemmy.world
      link
      fedilink
      English
      arrow-up
      71
      arrow-down
      3
      ·
      8 months ago

      As opposed to what? Samsung, Intel, AMD and NVIDIA and others are also “rolling their own silicon”. If a vulnerability like that was found in intel it would be much more problematic.

      • booly@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        30
        ·
        8 months ago

        This particular class of vulnerabilities, where modern processors try to predict what operations might come next and perform them before they’re actually needed, has been found in basically all modern CPUs/GPUs. Spectre/Meldown, Downfall, Retbleed, etc., are all a class of hardware vulnerabilities that can leak crypographic secrets. Patching them generally slows down performance considerably, because the actual hardware vulnerability can’t be fixed directly.

        It’s not even the first one for the Apple M-series chips. PACMAN was a vulnerability in M1 chips.

        Researchers will almost certainly continue to find these, in all major vendors’ CPUs.

          • booly@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            8 months ago

            It basically varies from chip to chip, and program to program.

            Speculative execution is when a program hits some kind of branch (like an if-then statement) and the CPU just goes ahead and calculates as if it’s true, and progresses down that line until it learns “oh wait it was false, just scrub all that work I did so far down this branch.” So it really depends on what that specific chip was doing in that moment, for that specific program.

            It’s a very real performance boost for normal operations, but for cryptographic operations you want every function to perform in exactly the same amount of time, so that something outside that program can’t see how long it took and infer secret information.

            These timing/side channel attacks generally work like this: imagine you have a program that tests if variable X is a prime number, by testing if every number smaller than X can divide evenly, from 2 on to X. Well, the bigger X is, the longer that particular function will take. So if the function takes a really long time, you’ve got a pretty good idea of what X is. So if you have a separate program that isn’t allowed to read the value of X, but can watch another program operate on X, you might be able to learn bits of information about X.

            Patches for these vulnerabilities changes the software to make those programs/function in fixed time, but then you lose all the efficiency gains of being able to finish faster, when you slow the program down to the weakest link, so to speak.

      • Dashmezzo@lemm.ee
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        11
        ·
        8 months ago

        Also the article states it is found in intels chips too. So not really any better if they had stayed on that pathway either

        • NeatNit@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          19
          ·
          8 months ago

          I’ve just finished reading the article, it does not say this. It says Intel also has a DMP but that only Apple’s version has the vulnerability.

          • TORFdot0@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            8 months ago

            As I understand it, all DMPs of this type are subject to the vulnerability and so intel (and the newest m3) selectively disable it during cryptographic operations

            • trolololol@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              8 months ago

              Nope, dmp can treat value as pointer but doesn’t need to. Intel doesn’t, and because of that it’s not vulnerable. But just in case they also provide a way to disable dmp