On 14 Aug 2023, at 08:25, Isaac Beckett
This makes me wonder if it’d make sense to design a new CPU and/or instruction set with the goal of eliminating timing and other side channels. Like, we had the Lisp machines with hardware support for Lisp, and now most CPUs are optimized for C and similar languages, and in turn those languages are optimized for those CPUs (x86, Arm, etc.).
It’s easy to design a processor that’s free of timing channels: just don’t do any caching. It’ll be extremely slow, of course, and that has nothing to do with languages. Processor performance inherently depends on many levels of caching. The more realistic approach is to enhance the HW-SW contract to provide the OS with suitable mechanisms for preventing the effects of caching spilling across security domains. That’s exactly what time protection and the work on the appropriate HW support (i.e. fence.t) is all about. Gernot