Meltdown and Spectre


(allenl@sifive.com) #1

SiFive Statement on Meltdown and Spectre

The recently disclosed speculation-based timing attacks Meltdown and Spectre have received much attention this week—and rightly so. The vulnerabilities these attacks exploit are not limited to a particular instruction-set architecture, nor are they restricted to a single vendor’s implementations. Many processors that rely upon speculation to improve performance are affected, even some that do not use out-of-order execution.

Fortunately, SiFive’s RISC-V Core IP offerings are not affected by Meltdown and Spectre. Meltdown attacks (CVE-2017-5754) rely upon speculative access to memory that the processor does not have permission to access; our processors do not perform this form of speculation. The Spectre attacks (CVE-2017-5753 and CVE-2017-5715) rely upon speculative memory accesses causing cache state transitions; our processors do not speculatively refill or evict data cache lines.

As the RISC-V Foundation’s statement on these vulnerabilities keenly observes, now is the time for open architecture and open hardware designs to shine. Researchers and implementers are already working to develop both architectural solutions and novel microarchitectures that are hardened against this form of attack. We look forward to contributing to this effort.

Andrew Waterman, Co-Founder and Chief Engineer at SiFive