Return to Level1Techs.com

[LIST] of CPU's most likely immune to Spectre

cpu
hardware

#1

If you’re reading this you’re probably already aware of the debacle that’s unfolded.
So I wont be doing any introductions here.

Instead this is intended to be a list of Processors I have identified (to within a reasonable degree) to be guaranteed immune to Meltdown and particularly the Spectre exploit.

An awesome writeup written by Eben Upton can be read here. It’s a great introduction to fundamental CPU architecture concepts.

(UPDATED):

The Spectre & Meltdown vulnerability relies on a CPU making use of speculative execution specifically tied with branch prediction, together with Out of order execution architecture processors. Spectre should not work against in-order execution processors without branch prediction or other speculative features. But there are some in-order execution processors with branch prediction and speculative issuing that are immune. (See Cortex-A53) And some that are not. (See Cortex-A8)

Before we had out of order and speculative execution architectures however, we had in-order execution. Processors that would faithfully execute one instruction after another, often wasting a lot of cycles because some instructions take longer than others.

I wont explain these architectural differences here, the linked Wiki pages and materials are best referenced as a good starting point.

It is these faithful old fashioned in-order execution CPU’s which due to their rigorous sequential execution are immune to Spectre. Now you may be thinking, wait these can only be really old CPU’s! And you’d be wrong! They however certainly aren’t the fastest CPU’s, but if you need something to be tinfoil hat secure, this is where you’d look.

Old sand :smiley:

New Sand

Things I’m not 100% sure of:

(But has a better chance than anything not on this list)

  • SPARC T Series (T3 and up)

Things I was wrong about:

Stuff that’s got interesting features to disrupt/disable Spectre

  • AMD Zen with SME/SEV (Secure Memory Encryption/Secure Encrypted Virtualization)
    • This would garble any retrieved memory in Virtualization scenarios.
      See this old thread of mine for all of the resources.

The POWER and PowerPC General Discussion / News Thread
Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)
#2

Please feel free to add more details/contributions or shout at me if you think I’ve missed something or got something wrong.

:cat:


#3

Very cool, thank you. :+1:

Gues I’m gonna get my pi3 running then.
Not logging into my bank account on anything else for a couple days.


#4

I have two phones one is a A7 the other is a A53.
Thanks cat you know exactly what to say to comfort me.

Also this feels very strange as if years of unethical business practices have finnally caught up to intel.


#5

Yeah, I think I’m going to go ahead and pick up that banana pi, since the pi3 isn’t quite enough for me to use for regular computing. (plus, gentoo on arm is going to be a fun project)


#6

If theres a test I can run on machines I can throw a bunch of shit to the list


#7

There is.

for windows

https://support.microsoft.com/en-hk/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

looking into a Linux script for it now


#8

Well I know I’m not going to install windows on powerpc :T


#9

What about this guy?
It combines PI and Arduino tech to run linux, android, or windows


#10

Referring to the following:

  1. ARM Security matrix: https://developer.arm.com/support/security-update
  2. Intel Information disclosure: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

I hope that answers your question. :smiley:


#11

Sorry, but you’re wrong about “old” stuff. PowerPC uses speculative execution since the first CPU, the PowerPC 601 (the year was 1991!), thus it is affected by Spectre. Meltdown is Intel-only as far as we know anyhow.

Proof? From the TenFourFox developer (blog post): “Power ISA is fundamentally vulnerable going back even to the days of the original PowerPC 601, as is virtually all current architectures, and there are no simple fixes.”

The same is true for IBM POWER and OpenPOWER.


The POWER and PowerPC General Discussion / News Thread
#12

First of all welcome to the forums and thank you for your information.
I will have a look. :smiley:

But one thing that is wrong.

See ARM Cortex-A75.

Ok so I found some more info on PPC603 that states it performing speculative exection past unresolved branches.

http://ieeexplore.ieee.org/document/363093/

Power 6 however I included because it did things very differently from its prior and subsequent similarly named brethren.

As far as I could tell from specifications it only performed limited speculation. - But I was wrong. It is vulnerable. As TenFourFox testing has shown.

http://www.cs.wm.edu/~kemper/cs654/slides/power6.pdf

Or refer to

Systems Architecture | 6th Edition
ISBN-13: 9781133171324

For a Power 6 overview.


#13

On further inspection.
I meant to include the PowerPC 603q.
This CPU was a ground up recreation of PPC 603 by Quantum Effect Devices.

It lacked the speculative execution functionality and used an in-order execution pipeline.

http://www.cpushack.com/CIC/announce/1996/QEDPowerPCq.html

So, yeah it’s so obscure it’s irrelevant. Hence I’ve removed it from the list. :smiley:


#14

Output of my 1225V3

~/Desktop$ time ./spectre
Reading 23 bytes:
Reading at malicious_x = 0xffffffffffdfedf8... Success: 0x48=’H’ score=51 (second best: 0x00 score=23)
Reading at malicious_x = 0xffffffffffdfedf9... Success: 0x65=’e’ score=2 
Reading at malicious_x = 0xffffffffffdfedfa... Success: 0x6C=’l’ score=47 (second best: 0x00 score=21)
Reading at malicious_x = 0xffffffffffdfedfb... Success: 0x6C=’l’ score=37 (second best: 0x00 score=16)
Reading at malicious_x = 0xffffffffffdfedfc... Success: 0x6F=’o’ score=2 
Reading at malicious_x = 0xffffffffffdfedfd... Success: 0x20=’ ’ score=2 
Reading at malicious_x = 0xffffffffffdfedfe... Success: 0x4C=’L’ score=89 (second best: 0x00 score=42)
Reading at malicious_x = 0xffffffffffdfedff... Success: 0x65=’e’ score=35 (second best: 0x00 score=15)
Reading at malicious_x = 0xffffffffffdfee00... Success: 0x76=’v’ score=271 (second best: 0x00 score=133)
Reading at malicious_x = 0xffffffffffdfee01... Success: 0x65=’e’ score=241 (second best: 0x00 score=118)
Reading at malicious_x = 0xffffffffffdfee02... Success: 0x6C=’l’ score=177 (second best: 0x00 score=86)
Reading at malicious_x = 0xffffffffffdfee03... Success: 0x31=’1’ score=51 (second best: 0x00 score=23)
Reading at malicious_x = 0xffffffffffdfee04... Success: 0x54=’T’ score=67 (second best: 0x00 score=31)
Reading at malicious_x = 0xffffffffffdfee05... Success: 0x65=’e’ score=207 (second best: 0x00 score=101)
Reading at malicious_x = 0xffffffffffdfee06... Success: 0x63=’c’ score=31 (second best: 0x00 score=13)
Reading at malicious_x = 0xffffffffffdfee07... Success: 0x68=’h’ score=103 (second best: 0x00 score=49)
Reading at malicious_x = 0xffffffffffdfee08... Success: 0x73=’s’ score=41 (second best: 0x00 score=18)
Reading at malicious_x = 0xffffffffffdfee09... Success: 0x00=’?’ score=2 
Reading at malicious_x = 0xffffffffffdfee0a... Success: 0x25=’%’ score=2 
Reading at malicious_x = 0xffffffffffdfee0b... Success: 0x70=’p’ score=23 (second best: 0x00 score=9)
Reading at malicious_x = 0xffffffffffdfee0c... Success: 0x00=’?’ score=2 
Reading at malicious_x = 0xffffffffffdfee0d... Success: 0x25=’%’ score=37 (second best: 0x00 score=16)
Reading at malicious_x = 0xffffffffffdfee0e... Success: 0x64=’d’ score=37 (second best: 0x00 score=16)

real	0m0.067s
user	0m0.065s
sys	0m0.000s

#15

For your home network this is going to means nothing.

the whole debacle is because intel specially has focused so much on data centers lately, which is where the performance is going to hurt.
The fact you got a raspberry pi making a harddrive share, or you got a r-pi lighting up some led strip somewhere in your living room, means nothing.
It is a Fked up situation that someone finally broke through Intels ivory shell, but as all companies no ones perfect, but most of the whole problems is focused on data centers where Intel has “alot of explainin todo”, where as your home network is next to untouched, even if you’re gaming.


#16

I know its an edge case but what about x86 consoles / spectre?

Hence why I asked if someone could test one of the desktop variant jaguar cpus


#17

Yes, you’re right, I missed the ARM A75 design… Apple has confirmed that all current iOS devices are affected by Spectre AND Meltdown except for the Apple Watch, and those iOS devices all use ARM designs.

The POWER4+ design is definitely affected by Spectre as is the PPC970 aka G5 due to speculative execution and the type of branch prediction they’ve implemented. I didn’t know that the Power6 made things so differently. Anyhow, IBM also confirmed that POWER7+, POWER8 and POWER9 systems are indeed vulnerable.


#18

I wonder how Itanium is not affected at all. What does IA-64 different compared to the other modern architectures? AFAIK Itanium is also a RISC design. Is it because predictive branches have to be known when compiling the code beforehand, hence it isn’t relying on speculation in the same manner as the other designs?

Also I wonder how AMD Zen Memory Encryption could be used to harden a system against this type of vulnerability and if it would have a negative performance impact. But I think this is something the future will show… I fear it won’t work because SME/SEV is made for virtualization, not for native running systems, hence it would cause other issues, meaning incompatibilities, meaning instabilities and performance loss… Nightmare…


#19

A quick search on my end resulted in this document about Itanium 2

The Itanium 2 processor designers took advantage of explicit parallelism to design an in-order, six-instruction-issue, parallel-execution pipeline.

These structures include the instruction buffer, which decouples the front end, where instruction fetch and branch prediction occur, from the back end, where instructions are dispersed and executed.

So, in-order execution but with branch prediction; I’m forgetting if out-of-order is needed for Spectre/Meltdown or not, but the branch prediction sounds like its normal, the “explicit parallelism” is what needs to be compiled for and takes the place of out-of-order execution.


#20

So, in theory, Intel could try to expand on the Itanium 2 architecture to create a modern Spectre/Meltdown proof CPU?
I really wonder how these issues are going to effect the mainstream CPU market. Probably will effect server CPU’s first I imagine, but maybe other CPU companies might take advantage of this and somehow make it into home PC’s again, like Texas Instruments maybe?