> On Jan 7, 2018, at 7:01 PM, 'Roberts Maria' via BeagleBoard > <[email protected]> wrote: > > > -------------------------------------------- > On Sun, 1/7/18, Jason Kridner <[email protected]> wrote: > > Subject: Re: [beagleboard] Does Spectre and Meltdown affect Beaglebone Black? > To: [email protected] > Date: Sunday, January 7, 2018, 11:50 PM > > On Sun, Jan > 7, 2018 at 1:59 PM Robert Nelson <[email protected]> > wrote: > On Sun, > Jan 7, 2018 at 12:52 PM, 'Luther Goh Lu Feng' via > BeagleBoard > > <[email protected]> > wrote: > >> I am under the impression that BBB is affected as it > runs AM335x 1GHz ARMĀ® Cortex-A8. What are the > mitigations/recommendations to address this, if any? > > > > Well, according to "ARM": > > > > https://developer.arm.com/support/security-update > > > > No : indicates not affected by the particular variant. > > Yes : indicates affected by the particular variant but has > a > > mitigation (unless otherwise stated). > > > > Cortex-A8 > > > > Variant 1:Yes (under review) > > Variant 2: Yes > > Variant 3: No > > Variant 3a: No > > This leaves a lot of questions for > me. TI is working on a more formal response that better > summarizes our/their position. There are a number of > mitigations, but I think more analysis should be performed > to determine the confidence-level they provide. GKH has some > thoughtful blog material, but also stops short of being > conclusive. I've heard some question if VFP or NEON > provide additional attack vectors. > Fundamentally, I think those of us > making embedded systems need to be conscientious of what > untrusted code we allow to run on our systems and that there > are likely more interesting attack vectors, depending on how > we secure our systems. > For example, do you disable ssh and > evaluate the security of other network-based servers on the > system? I just mean that Meltdown and Spectre attacks assume > some ability to run userspace code on your system and you > should probably already be preventing that. IoT > worms/trojans and/or web server overflow bugs are more > likely to be a security issue in an embedded > system. > In yet more > other words, security requirements should be considered at a > system-design level and a one-size-fits all solution of > chasing down the latest issues facing desktop systems > isn't likely to address your security > needs. > Hope this > didn't come across as deflective or rude, as I do think > a good analysis of the BeagleBone/BeagleBoard risks related > to Meltdown/Spectre are necessary. I just don't think > the analysis or the mitigations are ready to declare at this > time.
One useful mitigation: http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552243.html > In addition to > Robert's link, you can read > http://www.kroah.com/log/blog/2018/01/06/meltdown-status/ as > well. The ARM recommended mitigations > look a bit complex at this point, but are worth examining if > you have concerns about the information that can be > recovered using these attack methods and your system is > exposed to them. > > > > Regards, > > > > -- > > Robert Nelson > > https://rcn-ee.com/ > > > > -- > > For more options, visit http://beagleboard.org/discuss > > --- > > You received this message because you are subscribed to the > Google Groups "BeagleBoard" group. > > To unsubscribe from this group and stop receiving emails > from it, send an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/beagleboard/CAOCHtYjY%3DG3nEF7eCYi8tmSdRPdxCRbvaRhfOfDt4n-ak%2BqveA%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout. > > > > -- > > https://beagleboard.org/about > > > > -- > > For more options, visit http://beagleboard.org/discuss > > --- > > You received this message because you are subscribed to the > Google Groups "BeagleBoard" group. > > To unsubscribe from this group and stop receiving emails > from it, send an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/beagleboard/CA%2BT6QP%3DixDcmWjOviCTkOPWfq%3D2iUFYsTZ0Jp7YnZ6GeJpLbOA%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout. > n aceste conditii la 17 august 1867 incepea guvernarea celui de-al doilea > 3t liberal'care are la baza intelegerea de la Concordia . Prim-ministru este > nnat stefan Golescu care activase in guvernele revolutionare de Ia 1848 si > lase un guvern al tarii Romanesti in 1861. > > -- > For more options, visit http://beagleboard.org/discuss > --- > You received this message because you are subscribed to the Google Groups > "BeagleBoard" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/beagleboard/1731300903.2172029.1515369697061%40mail.yahoo.com. > For more options, visit https://groups.google.com/d/optout. -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/9C7DF368-78BC-44B7-B0EF-956C3F746C38%40gmail.com. For more options, visit https://groups.google.com/d/optout.
