Secure Microcontrollers Safe from Spectre and Meltdown Flaws
January 16, 2018
|By: Yann Loisel, and Stephane Di Vito,
Security Architect and Software Director, Security Expert, Maxim Integrated
You've likely heard about Meltdown and Spectre by now, and have probably been installing patches for your electronic devices. If you design embedded devices and rely on secure microcontrollers to protect digital assets and intellectual property (IP), should you be concerned about these major security flaws?
Not if you are using Maxim DeepCover® secure microcontrollers. Our secure microcontrollers based on Arm® Cortex®-M and ARM926™ processors are unaffected by these hardware-based security vulnerabilities. Also safe from Meltdown and Spectre are our USIP PRO secure microcontrollers based on MIPS processors. Outside of our DeepCover portfolio, our MAXQ family of RISC microcontrollers are unaffected, too. For a look at how these chips have remained safe from these architectural flaws, let's more closely examine both vulnerabilities.
The Meltdown and Spectre vulnerabilities potentially expose critical information stored deep inside computer and embedded systems. Think passwords, proprietary data, and encrypted communications. Both take advantage of the process of speculative execution, which computers use to decide their next course of action when encountering a test condition ("If x situation occurs, then do this; otherwise, do that."). Speculative execution speeds up computer processing time, as the computer speculatively executes the code that it deems most likely to run when confronted with a conditional test. Most of the time, its speculation is correct. To further optimize performance, chips have been designed with the assumption that this speculation process happens without visibility to any outside observers. Unfortunately, attackers have found ways to see what happens within the speculative window and, thus, manipulate the system. For example, according to a Red Hat blog post, an attacker can trigger certain code sequences that would otherwise not be executed to run speculatively.
The Meltdown and Spectre flaws do not affect secure microcontrollers from Maxim.
Meltdown impacts only Intel processors. Here, attackers have identified a way to break through the barrier that stops applications from accessing arbitrary locations in kernel memory (where you'd typically find sensitive data in plain format). Spectre affects Intel as well as AMD and Arm processors (including some Cortex-A and Cortex-R processors), which means that mobile devices and many internet of things (IoT) products are impacted. Given the level of connectivity that exists today, this covers almost every electronic device we use. Spectre tricks applications into accidentally disclosing information that would otherwise be protected. TechCrunch reports that Meltdown can be thwarted via kernel page table isolation (essentially a stronger wall around the kernel), while with Spectre, "The fact is that the practice that leads to this attack being possible is so hard-wired into processors that the researchers couldn’t find any way to totally avoid it."
Chipmakers and operating system developers, meantime, are issuing patches and other updates. Notes TechCrunch, "A more permanent fix will require significant changes across the board—the circuit board, that is. Basic architecture choices that have been baked into our devices for years, even decades, will have to be rethought. It won't be easy, and it won't be fun."
For Arm, only some Cortex-A and Cortex-R processors are affected by Spectre, which means that the Cortex-M and ARM926 processors on which many of Maxim's secure microcontrollers are based are not impacted. The same goes for our MAXQ and USIP products, as they also do not utilize speculative execution. Our secure microcontrollers, built with advanced cryptography and physical security, remain safe choices to protect your designs from side-channel attacks, physical tampering, and reverse engineering.