New side-channel attack against apple CPUs

D

dada_dave

Elite Member
Posts
2,174
Reaction score
2,171
Hector Martin confirms that there is indeed a chicken bit to turn the DMP off and ensure correct behavior for the M2. He doesn’t have an M1 right now but it should be there too.

Hector Martin (@marcan@treehouse.systems)

Found the DMP disable chicken bit. it's `HID11_EL1<30>` (at least on M2). So yeah, as I predicted, GoFetch is entirely patchable. I'll write up a patch for Linux to hook it up as a CPU security bug workaround. (`HID4_EL1<4>` also works, but we have a name for that and it looks like a big...
social.treehouse.systems social.treehouse.systems

So it is at least patchable. Another tidbit of note:

One interesting finding is that the DMP is already disabled in EL2 (and presumably EL1), it only works in EL0. So it looks like the CPU designers already had some idea that it is a security liability, and chose to hard-disable it in kernel mode. This means kernel-mode crypto on Linux is already intrinsically safe.
Click to expand...
 
Last edited:

Similar threads

Cmaier
Apple launching quantum-resistant iMessage encryption algorithm
Replies
9
Views
317
Nycturne
Nycturne
D
Apple Cancels Micro-LED Project?
Replies
8
Views
318
Jimmyjames
Jimmyjames
Cmaier
Apple readying to update iPhones without taking them out of the box
Replies
10
Views
595
Clix Pix
Clix Pix
Jimmyjames
The ‘R1’ and it’s ram-ifications.
Replies
6
Views
502
Jimmyjames
Jimmyjames
Cmaier
40th Anniversary of Macintosh
2
Replies
23
Views
840
KingOfPain
KingOfPain
Top Bottom
1 2