If you’re reading this you’re probably already aware of the debacle that’s unfolded.
So I wont be doing any introductions here.
Instead this is intended to be a list of Processors I have identified (to within a reasonable degree) to be guaranteed immune to Meltdown and particularly the Spectre exploit.
An awesome writeup written by Eben Upton can be read here. It’s a great introduction to fundamental CPU architecture concepts.
(UPDATED):
The Spectre & Meltdown vulnerability relies on a CPU making use of speculative execution specifically tied with branch prediction, together with Out of order execution architecture processors. Spectre should not work against in-order execution processors without branch prediction or other speculative features. But there are some in-order execution processors with branch prediction and speculative issuing that are immune. (See Cortex-A53) And some that are not. (See Cortex-A8)
Before we had out of order and speculative execution architectures however, we had in-order execution. Processors that would faithfully execute one instruction after another, often wasting a lot of cycles because some instructions take longer than others.
I wont explain these architectural differences here, the linked Wiki pages and materials are best referenced as a good starting point.
It is these faithful old fashioned in-order execution CPU’s which due to their rigorous sequential execution are immune to Spectre. Now you may be thinking, wait these can only be really old CPU’s! And you’d be wrong! They however certainly aren’t the fastest CPU’s, but if you need something to be tinfoil hat secure, this is where you’d look.
Yeah, I think I’m going to go ahead and pick up that banana pi, since the pi3 isn’t quite enough for me to use for regular computing. (plus, gentoo on arm is going to be a fun project)
Sorry, but you’re wrong about “old” stuff. PowerPC uses speculative execution since the first CPU, the PowerPC 601 (the year was 1991!), thus it is affected by Spectre. Meltdown is Intel-only as far as we know anyhow.
Proof? From the TenFourFox developer (blog post): “Power ISA is fundamentally vulnerable going back even to the days of the original PowerPC 601, as is virtually all current architectures, and there are no simple fixes.”
Power 6 however I included because it did things very differently from its prior and subsequent similarly named brethren.
As far as I could tell from specifications it only performed limited speculation. - But I was wrong. It is vulnerable. As TenFourFox testing has shown.
For your home network this is going to means nothing.
the whole debacle is because intel specially has focused so much on data centers lately, which is where the performance is going to hurt.
The fact you got a raspberry pi making a harddrive share, or you got a r-pi lighting up some led strip somewhere in your living room, means nothing.
It is a Fked up situation that someone finally broke through Intels ivory shell, but as all companies no ones perfect, but most of the whole problems is focused on data centers where Intel has “alot of explainin todo”, where as your home network is next to untouched, even if you’re gaming.
Yes, you’re right, I missed the ARM A75 design… Apple has confirmed that all current iOS devices are affected by Spectre AND Meltdown except for the Apple Watch, and those iOS devices all use ARM designs.
The POWER4+ design is definitely affected by Spectre as is the PPC970 aka G5 due to speculative execution and the type of branch prediction they’ve implemented. I didn’t know that the Power6 made things so differently. Anyhow, IBM also confirmed that POWER7+, POWER8 and POWER9 systems are indeed vulnerable.
I wonder how Itanium is not affected at all. What does IA-64 different compared to the other modern architectures? AFAIK Itanium is also a RISC design. Is it because predictive branches have to be known when compiling the code beforehand, hence it isn’t relying on speculation in the same manner as the other designs?
Also I wonder how AMD Zen Memory Encryption could be used to harden a system against this type of vulnerability and if it would have a negative performance impact. But I think this is something the future will show… I fear it won’t work because SME/SEV is made for virtualization, not for native running systems, hence it would cause other issues, meaning incompatibilities, meaning instabilities and performance loss… Nightmare…
The Itanium 2 processor designers took advantage of explicit parallelism to design an in-order, six-instruction-issue, parallel-execution pipeline.
These structures include the instruction buffer, which decouples the front end, where instruction fetch and branch prediction occur, from the back end, where instructions are dispersed and executed.
So, in-order execution but with branch prediction; I’m forgetting if out-of-order is needed for Spectre/Meltdown or not, but the branch prediction sounds like its normal, the “explicit parallelism” is what needs to be compiled for and takes the place of out-of-order execution.
So, in theory, Intel could try to expand on the Itanium 2 architecture to create a modern Spectre/Meltdown proof CPU?
I really wonder how these issues are going to effect the mainstream CPU market. Probably will effect server CPU’s first I imagine, but maybe other CPU companies might take advantage of this and somehow make it into home PC’s again, like Texas Instruments maybe?