On 01/12/2018 12:45 PM, 'awokd' via qubes-users wrote: > On Fri, January 12, 2018 8:59 am, Ph.T wrote: >> . my initial motivation for ARM was that >> intel seemed more prone to #spectre than ARM; >> https://developer.arm.com/support/security-update >> "majority of Arm processors are not impacted >> by any variation of this side-channel speculation mechanism." > > AMD is less prone than Intel too. :)
The vast majority of ARM processors that are not impacted by spectre is the one that doesn't do speculative execution, afaik. So that's basically all the “embedded” ones you wouldn't want on a desktop computer because they are too slow. Then hopefully I'm not thinking of some processors that would be both unaffected by spectre and performant... :) >> and is ARM saddled with ME or SMM? ...not sure. > > It has https://www.arm.com/products/security-on-arm/trustzone, but I don't > know if owner controlled implementations are available or not. I don't know TrustZone, but TrustZone-M (on Cortex-M's, embedded world processors) you can choose what code runs in the TrustZone-M (which is quite the point) [1]. A quick google search also makes me think with TrustZone-A too (the “performance” branch of ARM), eg. on RPi, you can run custom code in it [2], though I haven't read the full paper. That said, for security reasons it is necessary to lock down the secure OS in order to prevent offline modification, as it would pave the way towards evil maid attacks. [3] seems to give ways to do that. And so manufacturers could, if they wanted to, decide to just sell the chips with locked-down secure OSes, not giving any way for the user to change them. [1] https://link.springer.com/chapter/10.1007/978-3-319-66332-6_12?no-access=true [2] https://arxiv.org/pdf/1605.07763.pdf [3] https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/ARM%20Security%20Technology.pdf -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e2595cd9-1d69-0430-5a02-d1b2c01c6cf7%40gaspard.io. For more options, visit https://groups.google.com/d/optout.
