I talked with a Xen developer and came to these conclusions:
- Speculative taint tracking provides complete protection against
speculative attacks. This is sufficient to prevent leakage of
cryptographic key material, even in fully dynamic systems.
Furthermore, it is compatible with fast context switches between
protection domains.
- Full time partitioning eliminates all timing channels, but it is
possible only in fully static systems, which severely limits its
applicability.
- Time protection without time partitioning does _not_ fully prevent
Spectre v1 attacks, and still imposes a large penalty on protection
domain switches.
Additionally, I am almost certain that:
- On properly designed hardware, both time protection and speculative
taint tracking can be enabled and disabled by systems software.
- Time protection and speculative taint tracking are not mutually
exclusive. A cloud provider might use time partitioning to partition
different customers from each other, while guest OSs use speculative
taint tracking to protect different processes from each other.
In short, time protection is excellent, but it is not a sufficient
mechanism for general-purpose computing. Speculative taint tracking
is a different mechanism that is applicable to many more workloads,
and which provides complete protection against speculative attacks.
Both mechanisms can be used together depending on system security
policy.
--
Sincerely,
Demi Marie Obenour (she/her/hers)