You are currently viewing Significant contribution by Google engineers regarding Spectre

Significant contribution by Google engineers regarding Spectre

Consumers are currently living with multiple CPU hardware security flaws across multiple brands of CPU’s. At the same time CPU’s also have built in “spyware/Management Engines” and Intel already released information about the Intel ME issues.  The Meltdown hardware security flaw can be fixed in software updates. The known ME security flaws can be fixed in updates. The multiple Spectre security flaws cannot be fixed in software updates but some of the Spectre flaws may be fixable in software (at CPU speed costs)

As research into the Spectre hardware CPU design flaw matures we learn more about Spectre. The first important information is that Spectre is not just one security flaw.

Conditional branch speculation and branch target injection are both forms of Spectre.

Solutions to the different forms of Spectre are quite different and have different impacts on CPU speed and function. There has been much discussion and research into software fixes for conditional branch mis-prediction.  Some of the proposed fixes for mis-predicting conditional branches cause dramatic CPU speed loss as each conditional branch requires additional code (from the compiler or program)

The other form of Spectre, injecting into a target branch, has not had that many solutions. Google engineers released a significant software construct for preventing branch-target-injection. The full release is here: https://support.google.com/faqs/answer/7625886 

The retpoline release by Google is architecture specific but should port to other architectures like ARM