|
|
Subscribe / Log in / New account

Spectre mitigation overhead

Spectre mitigation overhead

Posted Sep 24, 2025 23:02 UTC (Wed) by wahern (subscriber, #37304)
In reply to: Spectre mitigation overhead by notriddle
Parent article: CHERI with a Linux on top

> Are CHERI capabilities able to provide SPECTRE-resistant isolation between mutually distrustful privilege domains within a single address space?

Intrinsically, AFAIU, no. But hardware CHERI support, by requiring both bounds and (to varying extents) provenance information to accompany addresses, potentially makes it easier and more natural to avoid side-channels. And maybe more importantly, CHERI provides an opportunity to nail down ISA guarantees before widespread deployment. See Safe Speculation for CHERI, https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/202...

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds