M1 architecture bug - Front Page

armwt · Mar 21, 2024

FYI - Dan has an article up on the front page describing a newly-revealed bug on Apple Silicon CPU's which can leak crypto keys. At 1st glance, looks similar to Intel's Specter and Meltdown bugs, but a little less obvious. Likely not a major issue for individual, personal use, but I anticipate I'm going to get asked about this a lot over the next few weeks, working in FinTech and anyone in similar environments should start thinking of their response to something like this.

Unpatchable vulnerability in Apple chip leaks secret encryption keys

Fixing newly discovered side channel will likely take a major toll on performance.

arstechnica.com

mklein · Mar 21, 2024

Thanks. It's always helpful to post a link in here to a relevant front page article.

Megalodon · Mar 21, 2024

The hardware prefetcher tries to dereference encryption keys (E: or rather, intermediate values that depend on the key). That's a bad one.

chris_f · Mar 21, 2024

armwt said:
FYI - Dan has an article up on the front page describing a newly-revealed bug on Apple Silicon CPU's which can leak crypto keys. At 1st glance, looks similar to Intel's Specter and Meltdown bugs, but a little less obvious. Likely not a major issue for individual, personal use, but I anticipate I'm going to get asked about this a lot over the next few weeks, working in FinTech and anyone in similar environments should start thinking of their response to something like this.

Unpatchable vulnerability in Apple chip leaks secret encryption keys

Fixing newly discovered side channel will likely take a major toll on performance.

arstechnica.com

This isn't just limited to M1. The thread subject narrows it a bit too much.

FoO · Mar 21, 2024

chris_f said:
This isn't just limited to M1. The thread subject narrows it a bit too much.

Yeah, it includes M2 but doesn't provide any certainty about M3 - I assume because it's not known for certain, but likely to have very similar architecture - which is disappointing because I'm trying to get an M3 purchased soon. Guess I'm waiting a bit longer.

:: pats his trusty Late 2013 15" MBP as parts and dust fall out of it::

Megalodon · Mar 21, 2024

armwt said:
FYI - Dan has an article up on the front page describing a newly-revealed bug on Apple Silicon CPU's which can leak crypto keys. At 1st glance, looks similar to Intel's Specter and Meltdown bugs, but a little less obvious. Likely not a major issue for individual, personal use, but I anticipate I'm going to get asked about this a lot over the next few weeks, working in FinTech and anyone in similar environments should start thinking of their response to something like this.

Reading about this I don't think it's that closely related to spectre or meltdown, in that those are both speculative execution, and this is speculative memory load. Apart from fitting under the broad category of side channels it's quite distinct.

The specific type of bug makes it trickier in some ways, easier in others. The OS doesn't have to patch everyone the same way and doesn't have to slow down all workloads, which is an upside. But by the same token any application including its own crypto libraries cannot be patched by the OS, so you are reliant on each application getting its act together, which means a lot of legwork to confirm everything is fixed if you're in a compliance type scenario or just want to make sure you are personally protected.

Megalodon · Mar 21, 2024

FoO said:
Yeah, it includes M2 but doesn't provide any certainty about M3 - I assume because it's not known for certain, but likely to have very similar architecture - which is disappointing because I'm trying to get an M3 purchased soon. Guess I'm waiting a bit longer.

The article suggests newer ARM features allow the application to set a data independent timing mode, and that M3 implements that mode. Whether Apple's implementation is fully compliant or whether the performance impact is worse than just doing other software workarounds is unclear.

Companion_Noob · Mar 22, 2024

For now, I think it can be safely assumed that all Apple Silicon is affected, unless we hear otherwise.

wco81 · Mar 23, 2024

Wonder how much of a hit on performance it will require and whether it can be fixed in time for the M4 or whether we‘d need to wait for the M5.

Would the architectural changes cause a hit in performance even with newer AS? Either they don’t deliver the performance jump over current AS they Otherwise would have had or maybe they may even turn out slower because the prefetcher implementation is a major part of the AS architecture performance?

Megalodon · Mar 23, 2024

wco81 said:
Wonder how much of a hit on performance it will require and whether it can be fixed in time for the M4 or whether we‘d need to wait for the M5.

Would the architectural changes cause a hit in performance even with newer AS? Either they don’t deliver the performance jump over current AS they Otherwise would have had or maybe they may even turn out slower because the prefetcher implementation is a major part of the AS architecture performance?

Unclear, but: fixing it in hardware almost always reduces the performance impact relative to fixing it in software, and they can add other improvements concurrently to compensate.

The Limey · Mar 24, 2024

Have I missed anywhere whether is also present on the A series of chips? If so, that’s perhaps more of a worry - I know that I generally feel fairly safe downloading apps from the App Store, knowing they are locked in the app sandbox. This presumably breaks that assumption?

Megalodon · Mar 24, 2024

The Limey said:
Have I missed anywhere whether is also present on the A series of chips?

Very likely yes.

The Limey said:
If so, that’s perhaps more of a worry - I know that I generally feel fairly safe downloading apps from the App Store, knowing they are locked in the app sandbox. This presumably breaks that assumption?

I think you're probably over-indexing on the resilience of the sandbox.

wco81 · Jun 16, 2024

Any word on whether this issue has been addressed in the M4?

Or do we have to wait to see after the M4 Pro/Max/Ultra on Macs are released?

M1 architecture bug - Front Page

Ars Legatus Legionis

Ars Tribunus Militum

Ars Legatus Legionis

Ars Scholae Palatinae

Ars Legatus Legionis

Ars Legatus Legionis

Ars Legatus Legionis

Ars Scholae Palatinae

Ars Legatus Legionis

Ars Legatus Legionis

Ars Tribunus Militum

Ars Legatus Legionis

Ars Legatus Legionis