Arm acknowledges side-channel attack but denies Cortex-M is crocked


[H]F Junkie
Dec 19, 2005
Hmm, interesting

"Rodrigues and Pinot said Tf-m acknowledged the hack, but said its root cause was a memory trace problem so an application was at fault. STMicroelectronics also pointed the finger at Arm and an application. Meanwhile, Arm told the team side-attacks are outside the threat model and its security is aligned to industry standards – a tactic Pinto said Intel also tried to use initially when news of Spectre and Meltdown hit.

"We kind of agree with Tf-m," said Pinto, who also pointed out it would be quite costly for Arm to implement necessary changes.

In its statement, Arm advised that the attack can be mitigated by ensuring that the program's control flow and memory accesses patterns do not depend on secret state.

"This is already a common feature in security critical code like cryptography libraries," said Arm.

"Arm works to improve security and enable the ecosystem to build more secure solutions. One example of this is the 'Data Independent Timing' feature that was introduced in the Armv8.1-M architecture. Although this feature does not mitigate the specific attack referred to in this article, it helps to protect against data dependent timing side-channel attacks," added the silicon slinger.

The boffins revealed that they may be able to twist Arm to change its approach – if they can demonstrate a similar variant of the attack in an application without a secret dependent memory path."