I know that you're not, in general, a security engineer. However, you have mentioned in the past how you've taken a specific interest in side-channel attacks of this nature. From what I gather, you and other knowledgeable folks have said that Apple's performance cores would see little to no benefit from SMT, and perhaps even a performance hit, under some circumstances. I believe that you've also said that, again under special circumstances, the efficiency cores could theoretically benefit from some form of SMT, but that's not entirely certain. Please correct me if I am wrong and am misremembering what has been said on this subject. Even if the E-cores could benefit in some way, or even the P-cores in some future implementation, I haven't seen anyone knowledgeable suggesting that Apple's engineers should put effort or resources into SMT, both in terms of manpower and die space, which would be better served elsewhere.
Again, correct me if I am wrong about anything I stated above. Regardless, how much impact have these side-channel vulnerabilities had in the real world? Benchmarking has shown that x86 CPUs can take a substantial performance impact from these patches, mainly in the form of a BIOS microcode or Windows update, after applied to affected systems. Sometimes, the impact is as great as perhaps an entire CPU class or more, such as the difference between an i9 and an i5. I know I wouldn't be pleased if a UEFI update, assuming the motherboard manufacturer actually supplies one, gimped a two-year old CPU designed to compete at the high-end and then suddenly became the equivalent of today's budget i3 chip.
I get that many of the performance tricks done by CPU engineers are going to potentially have vulnerabilities, Intel seems to have applied more cheats than anyone else, including AMD, but nobody is immune. Dumping UEFI, moving users to iBoot, and avoiding SMT mine fields are part of Apple Silicon's current and future benefits. Apple doing their best to avoid unfixable vulnerabilities, such as those within the T2, are another. (You pointed out that the much ballyhooed Nuvia chips that Qualcomm is working on is being spearheaded by "trade secrets guy", who oversaw the T2 and hence the permanent flaw found within its design.)
Once again, if I am getting the details wrong, then feel free to correct me. I think the security benefits of moving the Mac platform over from the Swiss cheese platform that x86 has become, to Apple's own proprietary implementations are obvious. The benefits of controlling the microcontrollers running device I/O, all the way up to the operating system and primary applications, is clear.
What I am personally unclear about is how much of an impact these side-channel attacks have had in the real world. Sure, nation states and specialized mercenary groups that sell to the highest bidder are going to take an interest in this. However, they don't target the average user who has a questionable collection of Blu-ray rips with an "FBI warning" label at the beginning, important tax documents that show they shave a little off from the tax man by giving to a shady local charity, thusly not rendering unto Caesar, or not exposing their embarrassing fetish videos involving green jell-o and an extensive spatula collection.
In other words, specialized SMT vulnerabilities may be useful for espionage or blackmailing government officials, or for use by said governments against organized crime, human rights activists in authoritarian jurisdictions, or ways to make money by auctioning off an exploit to the highest bidder. What I am wondering about, and genuinely curious in regards to, is how these side-channel attacks actually impact the average user. Like most people, I'm an entirely uninteresting target. Scammers and malcontents are likely interested in taking advantage of me for financial gain, not because of industry trade secrets, political activism, or having enemies in high places. Concerning regular people as targets, bad guys want access to bank accounts, credit cards stored on Amazon, or scamming people with a fake Ebay listing, replete with poor spelling and all.
In that regard, it seems much simpler to get the average user to install a new "emergency" update to Adobe Flash, a one-click jail-break for Android, or an app that gives the user easy access to Sexy Singles in Your Area™. In other words, why bother with side-channel attacks when simple social engineering will do?
Or is it somewhere in-between that I am missing? If anyone has thoughts or insights on the matter, then I'd like to hear them. From what I gather, it just seems that many, if not most of these SMT attacks are more academic, rather than useful to criminals. Perhaps I am incorrect, but if side-channel attacks are of significant utility, then it's more likely to appeal to a North Korean agent funded by Western tourism to hack their homeland defense department's computers powered by massively multicore Xeons, rather than Aunt Mabel falling prey to some slob living in his mother's basement who targets vulnerable people using poorly worded e-mail attachments. Or perhaps there is a middle-ground that I am overlooking?
Again, from what I can tell, there appears to be many reasons that Apple would have no motivation to bother implementing SMT within Apple Silicon, and even the most powerful of Macs may not benefit from it. That being said, are side-channel security issues as big a factor as news headlines make them out to be?
[ATTACH=full]16795[/ATTACH]
