Page 1 of 1

Pi may be safe from Meltdown and Spectre

Posted: Fri Jan 05, 2018 2:22 pm
by rpu_bus
Pi Zero is a ARM1176. Eben Upton has done a good write-up on the issue.

https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

Also I guess the the Cortex-A7, and A53 (Pi2 and Pi3) do not do out-of-order speculative execution. ARM is saying that the Cortex-A8, -A9, -A15, -A17, -A57, -A72, and -A75 are impacted.

https://developer.arm.com/support/security-update

So most of the Ti Sitara processors have vulnerabilities

http://www.ti.com/processors/sitara/overview.html

The Asus Tinker Board has an -A17 which is vulnerable

https://en.wikipedia.org/wiki/Asus_Tinker_Board

The Pine64 ROCK64 4K60P has an -A53 like the Pi3.

I wonder if ARM can update there microcode to disable out-of-order speculative execution features (I think that is the plan for x86 from Intel and AMD). Script kiddies will have fun with this, so backup now. Firefox seems to have quickly turned off a lot of stuff that is a door for these features.

Apple stuff is not listed so that is good... right?

https://support.apple.com/en-us/HT208394

That smells bad, I guess Apple's cores are for Apple alone so ARM will not say much about them.

My Windows 10 computer got an update, but I know more will be on the way. Ubuntu computers should see them soon.

Re: Pi may be safe from Meltdown and Spectre

Posted: Wed Jan 10, 2018 10:35 pm
by rpu_bus
I update my Ubuntu 17.10 laptop and a old box at my test bench and they seem fine, I had some oddness with the the 16.04 I use for some long term testing (well it has been off more than on after figuring out the solar charge controller was a bad idea). A second round of updates for 16.04 became available in a few hours and now it seems fine also.

From a Linux developer Blog

http://kroah.com/log/blog/2018/01/06/meltdown-status/

The problem has been around for something like twenty years and now that I have seen it, it looks obvious. How can things be like that, one second it looks invincible and the next it is an illusion. Is it because I learn to fish by watching others fish, and then end up fishing without any understanding of what I am doing or what the act of fishing is doing (I'm not saying fishing is bad. wait... are my?).

My projects are more about micro controllers. I started with Arduino which uses C++ but I started to shift to C after a year or so. The reason was basically that I did not like how C++ was using heap memory (it was a long road to arrive at that dislike). For some time I was angry at Arduino because I had put on those rose color glasses and stepped into the world thinking it was full of wonderful and good ideas. That was not what I found, but I did find a community that was often helpful, and that makes up for much of what I consider to be structural problems with advocating C++ for bare metal use with micro controllers.

I would like to see the Arduino IDE move away from C++ for these things, or at least make both C and C++ an option.

I have looked at MicroPython and CircuitPython and think it is going to be a much better starting point for learning. They are built on the bare metal microcontrollers with C, so that has the added bonus of less exposure to bad ideas for the learner.