Has anyone tested whether Morello is less vulnerable for microarchitectural attacks than the original core on which Morello is based?
According to UCAM-CL-TR-916, CHERI might mitigate some of these attacks.
Speculative execution attack resistance is explicitly out of scope for Morello, per https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-982.pdf, with no effort made to use CHERI to harden against such attacks. Any such resistance is entirely coincidental from how it happened to be implemented.
OK. Still it would be nice to see how much resistance has been added coincidentally. This could make the CHERI / Morello story even better.
Thanks for the answer.
There will almost certainly be some interplay with microarchitectural issues that affect performance and are due to Morello being a first-generation implementation done on a compressed timeline by retrofitting CHERI to an existing microarchitecture without wanting to disrupt its design. I would suggest you read https://ctsrd-cheri.github.io/morello-early-performance-results/ if you wish to learn about more of these, as the branch prediction and data dependence aspects are likely to affect the behaviour of speculation-based attacks. This also makes any resistance analysis of Morello even less meaningful for a real commercial product, as it is unlikely that the same limitations would exist in such a second-generation (or later) product and would instead have quite different speculative behaviour, so it's hard to see how one could extrapolate from it.