Culture / Security

Why the Raspberry Pi is Safe from the Meltdown and Spectre Exploits

14 Jan 2018 6:00am, by

Intel CEO Brian Krzanich at CES 2018 (via Intel YouTube channel).png

It’s a rare treat when Raspberry Pi Foundation founder Eben Upton writes a blog post himself. His last missive was nearly a year ago — celebrating the fifth birthday of the Raspberry Pi and announcing the launch of the Raspberry Pi Zero W, a $10 variant which ships with both wireless LAN and Bluetooth.

What brought him back to the keyboard this time was the need to explain the discoveries of the major Meltdown/Spectre vulnerabilities, and why they wouldn’t effect Raspberry Pi boards.

“Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly, while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve,” Upton wrote. “The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort.”

Meltdown Fallout

If Upton enjoyed a relatively worry-free time this week, he might have been alone among leaders in the tech industry.

At the Consumer Electronics Show (CES) in Las Vegas, Intel CEO Brian Krzanich devoted part of his keynote speech Monday to assurances that their top concern was the safety of everyone’s data, adding that “As of now, we have not received any information that these exploits have been used to obtain customer data.” He urged his audience to apply updates as they become available, promising Intel would have 90 percent of their updates out by the end of the week, and the rest by the end of January.

Krzanich also thanked the industry for “coming together” to address the Meltdown vulnerabilities. “The collaboration among so many companies to address this industry-wide issue across several different processor architectures has been truly remarkable,” he said.

Of course, the industry didn’t have much of a choice, and some have been grumbling about how it was handled. Theo de Raadt, the leader of the OpenBSD project, complained that initially there was first “selective disclosure” of the vulnerability to Tier-1 companies, adding that everyone below that level “has just gotten screwed.” And as for kernel developers, “Suddenly the trickiest parts of a kernel need to do backflips to cope with problems deep in the micro-architecture,” he told ITWire. Later in the week, a second update for Ubuntu 16.04 had to be released after the first one had apparently prevented some users from booting up their machines.

Three class action lawsuits have already been filed on behalf of consumers, while four more were filed on behalf of Intel investors. On the Linux Kernel mailing list, Linus Torvalds complained, “I think somebody inside of Intel needs to really take a long hard look at their CPUs, and actually admit that they have issues.”

But there was at least one tech CEO that wasn’t worried about his products.

Why Raspberry Pis Aren’t Vulnerable

EbenUpton by Jim Killock (cropped

To explain why Raspberry Pi isn’t vulnerable to Spectre and Meltdown, Upton offered “a little primer” on concepts in modern processor design. Some processors try to execute more than one chunk of instructions at a time – although they at least execute them in order. But to improve performance, chip designers took things even further.

“Reordering sequential instructions is a powerful way to recover more instruction-level parallelism, but as processors become wider (able to triple- or quadruple-issue instructions) it becomes harder to keep all those pipes busy,” he said. So the next innovation was “speculation” — running instructions that might not even be required, depending on how the execution of the code branches.

Over time processors also became much faster than memory, so chip makers soon were taking new steps to reduce the time it takes to retrieve stored data. “[P]rograms tend to access memory in relatively predictable ways,” Upton writes, “exhibiting both temporal locality (if I access a location, I’m likely to access it again soon) and spatial locality (if I access a location, I’m likely to access a nearby location soon).” Chips began including a small on-chip memory, close to the processor, to store copies of data from recently-used locations.

Caching leaves extra information available for “side-channel attacks” which bypass the security of the main processor. A program performing a so-called “illegal read” of addresses in the kernel can, by timing the response, calculate which ones are present in the cache (meaning they’ve been recently executed).

Online Reactions

Upton’s post attracted over 150 comments, and Eben responded to some of them himself to provide some more context. “You really need be down at the machine-language level to manipulate this…” he added at one point.

And it quickly became apparent that this was a man with strong feelings about microprocessors. In response to a question about the Motorola 68060, an early superscalar CPU, Upton remembered fondly that “I was a 68000 junkie for three years in the early 90s. Beautiful architecture: in a more just world it, or its descendants, would have won out.”

And Upton’s remarks also drew a positive reaction on Hacker News, where one comment said the post was “the best of the explanations I’ve read, and it helped me to finally wrap my mind around the exploits.”

And there was even one commenter who hinted Upton’s post gave them one more reason to love their Raspberry Pi.

“It’s also quite fun to think that the little Pi I have chugging away in a tiny corner doing a variety of background tasks, which was already the most trouble-free machine I own, may also be the safest.”


WebReduce

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.