[Cryptech Tech] rowhammer on novena

Bernd Paysan bernd at net2o.de
Wed Mar 11 02:24:14 UTC 2015

Previous message (by thread): [Cryptech Tech] rowhammer on novena
Next message (by thread): [Cryptech Tech] rowhammer on novena
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Dienstag, 10. März 2015, 16:59:15 schrieb Randy Bush:
> >> novena:/root/rowhammer# ./make.sh
> >> /tmp/ccXI3QV7.s: Assembler messages:
> >> /tmp/ccXI3QV7.s:390: Error: bad instruction `clflush (r0)'
> >> arm limitation?
> > 
> > From some casual google searching, it seems clflush is an x86
> > instruction?
> 
> yep
> 
> > I'd call that a rowhammer limitation ;)
> 
> or a rowhammer test limitation?
> 
> so how would we exploit the flaw on an arm?

Depending on where the "PoC" (point of consistency) in your ARM system is, 
DCCMVAC is the roughly corresponding instruction.  It doesn't necessarily 
clean the cache line through the entire cache; that depends if DMA can read 
from the outer cache or not.

In any case, Rowhammer demonstrates that there is more leakage current than 
the self-discharge of the bit capacitor; there is also leakage from the next 
row into that capacitor.

The solution is to reduce the refresh interval so that Rowhammer isn't able to 
flip bits.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*

Previous message (by thread): [Cryptech Tech] rowhammer on novena
Next message (by thread): [Cryptech Tech] rowhammer on novena
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list