Joined: 30 Jan 2015 Posts: 676 Location: Texas, USA
Posted: Fri Jan 05, 2018 2:23 Post subject: Any words on Meltdown and Spectre flaw fixes for arm cores
Folks, Serious ARM cpu vulnerability: Spectre and Meltdown flaws?
It looks like Meltdown impacts ARM cores as well:
Cortex-A15, Cortex-A57 and Cortex-A72 cores suffer from a variant of Meltdown: protected system registers can be accessed, rather than kernel memory, by user processes. Arm has a detailed white paper and product table, here, describing all its vulnerable cores, the risks, and mitigations.
Spectre flaw:
Arm, Cortex-R7, Cortex-R8, Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72, Cortex-A73, and Cortex-A75 cores are affected by Spectre.
Further reads:
http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ _________________ ASUS GT-BE98 PRO Main: Fiber 5gbps up/down
ASUS AXE16000: AI Mesh node
2 X ASUS RT-AX89X: AI Mesh nodes
QNAP QSW-1208-8C 12-Port 10GbE Switch
XS712T ProSafe 12-Port 10GbE Switch
3 X R9000 DD-WRT Mesh
Joined: 16 Nov 2015 Posts: 6435 Location: UK, London, just across the river..
Posted: Fri Jan 05, 2018 11:21 Post subject:
they also mentioned that the patch/fix is very likely to decrease CPU performance... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55779 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 30 Jan 2015 Posts: 676 Location: Texas, USA
Posted: Fri Jan 05, 2018 17:26 Post subject:
Yes, it is expected to slow down from 5% to 25%. not sure how this would impact dd-wrt routers which are already having QOS issues. _________________ ASUS GT-BE98 PRO Main: Fiber 5gbps up/down
ASUS AXE16000: AI Mesh node
2 X ASUS RT-AX89X: AI Mesh nodes
QNAP QSW-1208-8C 12-Port 10GbE Switch
XS712T ProSafe 12-Port 10GbE Switch
3 X R9000 DD-WRT Mesh
Well for routers this flaw is in most cases irrelevant, this is no multiuser os. in which some client software or another user exploits the system in order to steal your passwords from memory. Thus actually we could skip this patch. But it most likely comes in by regular kernel updates.
Regarding performance, I doubt this will have any influence on routing performance, it might have influence in openvpn performance, as this depends on userspace<->kernelspace data exchange.
Posted: Sat Jan 06, 2018 4:53 Post subject: Arm Security Update
There is an update, Kong is right too as they are kernel patches, but i'm not sure what Arm Trusted Firmware patches are and if we can apply them or not.
These vulnerabilities are irrelevant on consumer routers because they are Elevation of Privilege vulnerabilities.
I.e., they first require as a prerequisite that malicious code be executed on your router's system, which is not something that should be happening in the first place (and if it is, you are already screwed--EoP merely increases the potential damage if such a thing happens). _________________ Buffalo WZR-1750DHP: 34311
TRENDnet TEW-673GRU: 34311
TRENDnet TEW-811DRU: 33986