Best explanation about meltdown and spectre ever : raspberry pi.org

[William Gaatjes]

I just read it and it is true, the raspberry pi 1,2 and 3 are not vulnerable for these kinds of attacks.

https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel’s address space (which should normally be inaccessible to user programs).

Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities, because of the particular ARM cores that we use.

Meltdown is (un)fortunately only on Intel cpu's. It could have been worse and also be a problem for AMD and ARM.

 

[Jimzz]

Yea the Pi uses an a53 CPU which is a in order design so that should not be affected.

 

[William Gaatjes]

It sure is.

http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0500e/ch06s02s02.html

The only speculation it does is speculative instruction fetch.

6.2.2. Instruction cache speculative memory accesses
Because there can be several unresolved branches in the pipeline, instruction fetches are speculative, meaning there is no guarantee that they are executed. A branch or exceptional instruction in the code stream can cause a pipeline flush, discarding the currently fetched instructions. Because of the aggressive prefetching behavior, you must not place read-sensitive devices in the same page as code. Pages with Device memory type attributes are treated as Non-Cacheable Normal Memory. You must mark pages that contain read-sensitive devices with the translation table descriptor XN (Execute Never) attribute bit. To avoid speculative fetches to read-sensitive devices when address translation is disabled, these devices and code that are fetched must be separated in the physical memory map. See the ARM® Architecture Reference Manual ARMv8, for ARMv8-A architecture profile for more information.

It does have branch prediction but not to a degree that it is vulnerable to spectre according to arm.

Predicted and non-predicted instructions
This section shows the instructions that the processor predicts. Unless otherwise specified, the list applies to A64, A32 and T32 instructions. As a general rule, the flow prediction hardware predicts all branch instructions regardless of the addressing mode, including:

• Conditional branches.
  
  
• Unconditional branches.
  
  
• Indirect branches associated with procedure call and return instructions.
  
  
• Branches that switch between A32 and T32 states.
  

However, some branch instructions are not predicted:

• Data-processing instructions using the PC as a destination register.
  
  
• The BXJ instruction.
  
  
• Exception return instructions.