3

Now the new Raspberry 4 has moved to ARM A72 cores, it's vulnerable to the spectre issues according to ARM.

Processor   Variant 1 Variant 2 Variant 3 Variant 3a Variant 4
Cortex-A72   Yes        Yes**    No**      Yes**    Yes

But this gives no output:

ls -1A /sys/devices/system/cpu/vulnerabilities
cat /sys/devices/system/cpu/vulnerabilities/*

'/sys/devices/system/cpu/vulnerabilities/*': No such file or directory

I do wonder if hardware or software mitigations are in place?

Janghou
  • 1,446
  • 1
  • 16
  • 20
  • 1
    Have a look through such as https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=243416&p=1484936 – joan Jun 30 '19 at 12:01

1 Answers1

1

The Raspberry Pi 4 is using ARM A72, and those ARM A72 Cores have Speculative Processor Vulnerabilities.

ARM recommends mitigation mechanisms.

The Raspberry Pi 4 has those mitigations enabled in the Raspbian Kernel.

How to check:

sudo modprobe configs
zcat /proc/config.gz | grep SPECTRE

CONFIG_CPU_SPECTRE=y

Therefor it is safe to say that an updated Raspberry Pi 4 is not vulnerable for (any known) Spectre Exploits.

But it is still vulnerable for Spectre issues. Mitigations are mitigations, not fixes.

Janghou
  • 1,446
  • 1
  • 16
  • 20
  • this is incorrect. a fully updated Raspberry Pi 4 is still vulnerable to Variant 3a (rogue system register read) and Variant 4 (speculative store bypass). it is unlikely that the system registers that can be read with Variant 3a would contain any sensitive information, but Variant 4 is a much more serious issue. firmware updates are necessary to mitigate both variants (3a and 4), and those aren't available for the Raspberry Pi 4 yet. – lily wilson Jul 24 '20 at 02:35
  • Are there any known exploits? – Janghou Jul 29 '20 at 19:08
  • https://github.com/google/safeside/blob/main/demos/spectre_v4.cc – lily wilson Aug 10 '20 at 10:11