0

I am examining ARM-Cortex A8 flow prediction abilities, in order to done this i implemented below code:

char SecretDispatcher[256 * 512];
int counter = 0;

//evicting SecretDispatcher from cache
...

while(counter < (512 * 9 + 1))
{
    //evict counter from cache
    ...

    if(counter < (512 * 9))
    {
        asm volatile ("LDR %0, [%1]\n\t"
        : "=r" (value)
        : "r" (SecretDispatcher + index)
      );
    }
}

//measuring access time to SecretDispatcher[9*512], i expect that this memory cell exist in cache but it dosen't

in above code, i will execute if statement with true condition 8-time for training branch predictor of CPU, and in 9th i expect that cpu access to SecretDispatcher[9 * 512] speculatively however the condition is not true. this is just simple spectre-v1 PoC attack and i implemented this attack successfully on intel X86 processor with same logic and i expect that this work also in Cortex-A8 as arm clarified that this processor is vulnerable against this attack.

there is anything that i missing?? there is anything that i should do to enable program flow prediction on ARM-Cortex A8??

alireza sadeghpour
  • 649
  • 6
  • 20
  • 1
    The Cortex-A8 features the branch predictor, but it's an in-order architecture without the speculative execution feature. I cannot imagine how spectre-v1 can exploit anything on this chip. – Jake 'Alquimista' LEE Aug 02 '19 at 06:58
  • So why arm said that Cortex-A8 is vulnerable against Spectre v1 in https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability ?? – alireza sadeghpour Aug 02 '19 at 10:15

0 Answers0