AMD is moving forward with a “generic” Retpoline approach to fix insufficient procedures to ward off BHI vulnerability
The initial Spectre and Meltdown flaws discovered in December 2017 outline issues with Intel’s chip designs, which were found by four separate research teams and reported to the leading company around the same time frame. Intel’s plans opened up a flaw where a proof-of-concept code could be introduced into the computer’s kernel, opening up information that should be inaccessible. The flaw in the Intel chips was present as far back as 1993. Spectre and Meltdown simultaneously affected Intel, Arm, and AMD chips when the initial attack findings were located. When the original attacks were mitigating, security measures were put into place for the chip giants. Still, they were discovered to be a quick solution to a problem that would take years to repair. Within the last several weeks, the BHI presented itself, opening up the Spectre exploit once again. Intel and Arm were reported to be the most significant vulnerability effect. However, AMD representatives stated that the initial fixes from several years ago were still initiating in their chipset and that the company could avoid the attack—or what was thought. The VUSec group at Vrije Universiteit Amsterdam outlined the AMD strategy for mitigation of Spectre V2, utilizing the Retpoline strategy. In their findings, the research team notates that AMD’s LFENCE/JMP-founded Retpoline code is considered inadequate. AMD states that the approach the company uses performs better on the company’s hardware than the Retpoline codes that are considered “generic” by the company, which they state “results in a RET on indirect branches.” The default process changes indirect branches to the LFENCE/JMP, allowing AMD’s chipset to ward off any attack from Spectre V2. Performance results by Phoronix show up to a 54% drop in CPU performance as seen below: While AMD’s chips are not directly affected by the Spectre BHB/BHI vulnerabilities, the company was made aware of the approach in handling the exploit, causing higher issues for AMD’s Zen-based processors. Now, the company is initializing the recommended “generic” Retpoline guideline to manage the Spectre V2 exploit efficiently. AMD’s security bulletin outlines their changes and references the team from Intel’s IPAS STORM, consisting of Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki. Their paper, “You Cannot Always Win the Race: Analyzing the LFENCE/JMP Mitigation for Branch Target Injection,” written by Milburn, Sun, and Kawakami, outlines AMD’s flaw in further detail and updating previous papers with new information revealed and submitted to AMD. — AMD While it may seem like Intel would want to tarnish AMD’s reputation and appear on top in the market, that is hardly the case. Intel notes that the team looks at potential security risks. Suppose their product or any other companies’ products have a threat of this magnitude. In that case, it is more beneficial to share and work together to eliminate such significant threats, allowing all to benefit from any risks. Source: AMD, VUSec, Cornell University
