Raspberry Pi Ain’t Afraid Of No Spectre And Will Not Meltdown

While there’s broad agreement that Meltdown and Spectre attacks are really bad news at a fundamental level, there is disagreement on its immediate practical impact in the real world. Despite reassurance that no attacks have been detected in the wild and there’s time to roll out the full spectrum of mitigation, some want to find protection right now. If you’re interested in an usable and easy to set up modern desktop that’s free of Meltdown or Spectre threats, a Raspberry Pi can provide the immunity you seek.

[Eben Upton] explained the side channel attacks using fragments of Python for illustration, which was an enlightening read independent of the Raspberry Pi pitch. While these ARM cores perform speculative instruction fetches, they don’t speculatively execute them or modify the cache. Under the current circumstances, that makes all the difference in the world.

A clever security researcher may yet find a way to exploit speculative fetches in the future, and claiming that Raspberry Pi has superior security would be a stretch. The platform has its own set of security problems, but today Meltdown/Spectre is not among them. And that just might be enough to sway some decisions.

If you need to stay in the x86 world, look over what it’d take to to rewind back to an Intel 486.

Thanks to [D00med] for sharing the link in a comment to our overview article.

43 thoughts on “Raspberry Pi Ain’t Afraid Of No Spectre And Will Not Meltdown

  1. I don’t think a 486 is enough to be safe. Something about anything after X286 having RND seeds made from an algorithm so crackable. No problem as any true spy only uses Email to send his cipher anyway.

    1. There is the biggest breakthrough for the worlds strongest encryption known to man from such a large company of the finest minds… You’ll never be able to read below to find out whom though:

      It has got to have been the best encryption in the world using an un-guessable random number generated by the throw of a dice… From some either a disgruntled or completely “Genius guy(meme)” employee from a corp called $ONY.

      #Satire #trolinSony #Insert-XKCD-below

  2. Yes, eBen’s explanation of how Meltdown and Spectre work (linked in the article above) is a must read, and you likely won’t find a better one that is within mortal comprehension.

    1. It’s a good explanation of Meltdown/Spectre… but it’s weird, because he doesn’t explain at all why the Pi isn’t affected, other than saying it isn’t – there’s no explanation of how the A53 is different. It’s not because it’s an in-order processor – it’s still got branch prediction, and therefore it has some speculative behavior. It’s immune because it only does instruction fetch speculatively and doesn’t actually execute – and you need the execution to be able to abuse indirect array access.

  3. I wonder if Spectre/Meltdown will be the push required to help ARM make the leap from mobile to desktop computing. There’s precious few options for ARM laptop/desktops, and it seems about time that changes.

    1. The sheer momentum of x86, due to often used proprietary Software only compiled for that, is the real hurdle.
      You’d have to get that remade for Arm, and corporate environments aren’t keen of dabbling with something that isn’t utterly broken.

        1. Beancounters often prefer slight predictable increase in expenses versus completely redoing it all over without a 100% solid expenses report.
          Because they can reliably project the budget with the former.
          Not saying that isn’t stupid in the long run, but Beancounters only think one fiscal year ahead and not further, and CEO’s and stockholders listen to Beancounters first and foremost.

      1. ^this^
        I love using Open Office, but there is no official version for Android (by that I mean ARM).
        So, until Android and its ARM base have Windoze compatible “apps” (seamless) x86 will continue to dominate the workplace desktop (IMHO).

        1. I don’t follow what you’re saying. Libreoffice *is* available on ARM platforms. For example, you can install it just fine on a Raspberry Pi. Here is the appropriate package for Debian Stable: https://packages.debian.org/stretch/armel/libreoffice/download

          (Debian last offered OpenOffice in the official repositories for Debian 6, two stable releases ago. LibreOffice has superseded OpenOffice.)

          Are you saying that Android ports of popular software are necessary for non-Intel hardware to become popular, and that other ARM-compatible operating systems should not be high-priority targets?

      1. What do you define as being “above A7” or even “all cortex”?
        Going by the ARM web site, I can see 4 cores with numbers greater than ‘7’ in the Cortex-A range that are not affected (for a start the A53, as used in the Pi, is one) and there’s also quite a lot of other Cortex cores that are not part of the ‘A’ set.

          1. @Sheldon The above basically means that ARM holdings limited, still needs to push new “spectre” free designs as a matter of priority.

            It is a little bit ironic that the older bargain basement priced CPU’s which were lacking the performance enhancements (that enable spectre to function) will in the short term anyhow fetch a premium, and the higher performance insecure CPU’s (spectre enhanced) will suffer a severe price drop.

          2. Yeah, but the exact same thing could be said for Intel/AMD. ARM’s best processors are vulnerable to Spectre, just like Intel and AMD.

            The fact that ARM also sells processors that aren’t vulnerable to Spectre isn’t even that interesting, because so does Intel (Bonnel/Saltwell Atoms).

          3. Has anyone actually read data with spectre? Can it even be done in real hardware?

            I can’t see ARM on the desktop until there are quad core 64 bit ARMs at 4GHz with multi-threading, etc.

    2. The problem for having an ARM desktop is they’ll be limited to what support the chip(-set) provider is willing to supply:
      Intel and sometimes AMD does contribute towards getting the linux kernel to boot on the X86 arch (OK Intel only supports linux enough to satisfy the server market, otherwise ONLY M$ Windows would run on x86 these days and thus IMHO would be a firmware and not an OS).

      The other problem is there is no Industrial Standard Interface (ISA),
      What would this ISA look like?
      Well I propose a GPIO header on all desktop ARM boards to support:
      4x pins for Voltage Ref (Absolute max 14.8v i.e. 12vcc, devices can regulate if needed)
      NMI (For critical devices)
      3x IRQ (as a root requester or for 3x devices, depending on the board sizes)
      1x Bus Reference clock (33Mhz, user re-definable for slower/faster hardware also for LPC)
      16 bi-directional GPIO lanes that get serviced by dedicated hardware in the SoC (LPC LAD)
      LPC-BUS (No LCLK or LAD or ID or SERIRQ, for legacy and simple devices, we’re makers… we all need this!)
      i2c for bus expanders (Used for Slot and LPC ID and IRQ/SERIRQ remapping)
      4x GND return

      That is a total of:
      36 pins,
      The PI hats are 40 pin, so not too far fetched.

    3. So… the problem here is that speculative fetch and advanced branch prediction was being done for a *reason*. For performance. Stalls suck, really bad.

      Hence the reason why it’s a bit hilarious talking about a 486 or a Raspberry Pi being immune from this. Of course they are. They’re not within a mile of the top-end Intel/AMD CPUs in terms of performance. They’re outclassed by their ARM brethren that are vulnerable. The Pi-3’s CPU is 2.3 DMIPS/MHz.The server-class version, the A57, introduced at the same time, has nearly twice as high IPC (4.1-4.5 DMIPS/MHz). And the more recent ones (the A72/A73) are of course vulnerable.

      You can’t swap in the non-vulnerable ARMs for desktops. They’re not fast enough. Not remotely.

    4. Given that high performance ARM are vulnerable to Spectre and some to Meltdown I wonder too…

      This isn’t an x86 problem and downgrading to low performance low power processors aren’t an alternative to most.

          1. I heard the 350A fast-blow fuses come with a fatally bad Management Engine design:

            Apparently the internet is wrong… one does not simply add an image to comments. :(

          2. I heard the 350A fast-blow fuses come with a fatally bad Management Engine design:
            Third attempt… otherwise I’m gonna presume HaD doesn’t support images as comments… Oh well.

  4. I have been using a RaspberryPi 3 for about a year now as my “main” computer, using the Raspbian distribution of Python to teach myself the language. I was quite impressed with it’s performance, especially in terms of computing power and utility per dollar and per watt. I recently bought a new SD card for it and was treated to an unexpected performance boost (starting applications is noticeably quicker).

    LibreOffice has come a long way since I first saw free office apps maybe 5 years ago, and it is far more compatible and comparable to the expensive Windows versions than before.

    I have yet to get LTSPICE running on it, but that is my next project, after completing a Python project for a friend.

    If I can get a decent version of SPICE running on it, I would be happy to say goodbye to Windows and x86s forever.

    My most compute intesive tasks in the past involved running 15 simultaneous SPICE simulations on a 2 Xeon CPU, 16 core Windows server. I frequently ran hundreds (even thousands) of SPICE simulations overnight. But if I can get a commercial grade SPICE simulator running on the Raspberry, I will happily build a Pi cluster.

    If you think a RaspberryPi might be fun to play with, pick one up – they are cheap! If you haven’t played with one of these little SBCs before, I think you will be pleasantly surprised at how capable and useful they are. And I haven’t even started in on the Mathmatica that comes free with Rasbian!

    1. I got a 2X speed up on disk IO by using a USB to SATA converter and an old SSD I had spare. Makes the RPi very usable. Boots from the SSD. Not bad considering it’s limited by the USB2.0 speed.

      1. I don’t have an old SSD lying around, but I hadn’t thought of using a USB-SATA converter with this before reading your post. I think I might just pull the hard drives out of some old Windows clunkers and get some more use out of them. Thanks for the idea!

        I think my next hardware project though will be beefing up the heatsinks. I’ve written one program that could make good use of multiple cores, but it soon overheats. My plan is to install heatsinks large enough to avoid using a fan. One of my favorite features of the RaspberryPi is how quiet it is.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s