> On 3 Oct, 2018, at 8:43 pm, Toke Høiland-Jørgensen <t...@toke.dk> wrote: > > I don't suppose 18.06 enables any of the SPECTRE mitigations (was that > an issue on ARM)?
That depends on the ARM core involved. Most of them in CPE devices (eg. Cortex-A5/7/53) have in-order execution engines, so should be immune - but it's not inconceivable that some of the mitigations are enabled regardless. The WRT1200AC uses the Marvell 88F6820 which has a pair of Cortex-A9 cores. These are mildly out-of-order engines which would be at least theoretically vulnerable to Spectre v1, but that is not a kernel-level exploit. According to https://www.techarp.com/guides/complete-meltdown-spectre-cpu-list/4/#arm the Cortex-A9 is also vulnerable to Spectre v2 which is the branch-predictor poisoning attack, for which kernel-level mitigations may be appropriate. It is however immune to Meltdown. I'm not familiar with precisely what mitigations are now in use on ARM. I am however certain that, on a device running only trustworthy code (ie. not running a Web browser), mitigating Spectre is unnecessary. If an attacker gets into a position to exploit it, he's already compromised the device enough to run a botnet anyway. - Jonathan Morton _______________________________________________ Cerowrt-devel mailing list Cerowrt-devel@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cerowrt-devel