This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does E0PD mechanism provide Meltdown mitigation?

ARMv8.5 introduces E0PD mechanism that changes faults timing (as declared in spec). Other side, there is a patch to Linux kernel that disables KPTI if cores support E0PD. From description in spec it's not evident that this mechanism mitigates Meltdown attacks.

Parents
  • Kernel Page Table Isolation (KPTI) is used to mitigate some speculation
    based security issues by ensuring that the kernel is not mapped when
    userspace is running but this approach is expensive and is incompatible
    with SPE.  E0PD, introduced in the ARMv8.5 extensions, provides an
    alternative to this which ensures that accesses from userspace to the
    kernel's half of the memory map to always fault with constant time,
    preventing timing attacks without requiring constant unmapping and
    remapping or preventing legitimate accesses.
Reply
  • Kernel Page Table Isolation (KPTI) is used to mitigate some speculation
    based security issues by ensuring that the kernel is not mapped when
    userspace is running but this approach is expensive and is incompatible
    with SPE.  E0PD, introduced in the ARMv8.5 extensions, provides an
    alternative to this which ensures that accesses from userspace to the
    kernel's half of the memory map to always fault with constant time,
    preventing timing attacks without requiring constant unmapping and
    remapping or preventing legitimate accesses.
Children
No data