Arstechnica has further evaluation of the responses to the Spectre and Meltdown situation.
https://arstechnica.com/gadgets/201...hers-are-doing-about-it/?comments=1&start=160
The article is critical of Intel's early response, although more approving of subsequent documentation and offered details.
The ARM response was given the most kudos.
It's not particularly satisfied with AMD's subsequent PR, and goes further to lay the blame for the early NDA break and lack of a unified response on AMD's developer giving the reason for the desired exemption from the page table isolation changes.
Once it was clear that there was something related to speculative accesses to kernel memory from user space AMD didn't do, the narrative is that it allowed outside research to uncover the problem.
If accurate, I would add a possible additional wrinkle that since this disclosure occurred in relation to changes in the x86 branch, it may have significantly fed into the continued perception that Meltdown in particular is an Intel-only problem.
Intel's muddling of the exploit types and its indication that it's not alone concerning Meltdown doesn't look quite as bad knowing now that it isn't alone in terms of Meltdown.
Potentially, the pressure to break the news early may have also come to give Intel some cover from the disproportionate focus it was receiving on this--and maybe in part because Intel may have been more involved in the overall coordination and research than most.
The disclosure papers for the exploits do give props to Intel for what it did to help everyone regarding both exploits.
Also Qualcomm, which may mean something about future disclosures for them. Interestingly, ARM's recommendation for following the repository changes for ARM64 includes an possibly unrelated and yet still enlightening change regarding a TLB erratum for Falkor, where the assumed atomicity of TLB operations does not hold in this instance--in case there's not enough evidence about how hard this area is.
That being said, I'm not sure if that is indicative of Meltdown since the apparent direction is an assumption that the isolation changes are happening regardless given their general value in enhancing security. (Which again, makes me think AMD can't milk its exemption forever.)
For now, I'm willing to give AMD some benefit of the doubt despite their sparse followup and possible indescretion. Rather than attribute things to malice, one possible scenario is that AMD's organization did not anticipate one employee's loose lips, and a more substantive response wasn't ready for the embargo lift.
https://arstechnica.com/gadgets/201...hers-are-doing-about-it/?comments=1&start=160
The article is critical of Intel's early response, although more approving of subsequent documentation and offered details.
The ARM response was given the most kudos.
It's not particularly satisfied with AMD's subsequent PR, and goes further to lay the blame for the early NDA break and lack of a unified response on AMD's developer giving the reason for the desired exemption from the page table isolation changes.
Once it was clear that there was something related to speculative accesses to kernel memory from user space AMD didn't do, the narrative is that it allowed outside research to uncover the problem.
If accurate, I would add a possible additional wrinkle that since this disclosure occurred in relation to changes in the x86 branch, it may have significantly fed into the continued perception that Meltdown in particular is an Intel-only problem.
Intel's muddling of the exploit types and its indication that it's not alone concerning Meltdown doesn't look quite as bad knowing now that it isn't alone in terms of Meltdown.
Potentially, the pressure to break the news early may have also come to give Intel some cover from the disproportionate focus it was receiving on this--and maybe in part because Intel may have been more involved in the overall coordination and research than most.
The disclosure papers for the exploits do give props to Intel for what it did to help everyone regarding both exploits.
Also Qualcomm, which may mean something about future disclosures for them. Interestingly, ARM's recommendation for following the repository changes for ARM64 includes an possibly unrelated and yet still enlightening change regarding a TLB erratum for Falkor, where the assumed atomicity of TLB operations does not hold in this instance--in case there's not enough evidence about how hard this area is.
That being said, I'm not sure if that is indicative of Meltdown since the apparent direction is an assumption that the isolation changes are happening regardless given their general value in enhancing security. (Which again, makes me think AMD can't milk its exemption forever.)
For now, I'm willing to give AMD some benefit of the doubt despite their sparse followup and possible indescretion. Rather than attribute things to malice, one possible scenario is that AMD's organization did not anticipate one employee's loose lips, and a more substantive response wasn't ready for the embargo lift.