Are Coldfire processors vulnerable to the Spectre bug?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Are Coldfire processors vulnerable to the Spectre bug?

892 Views
drkletti
Contributor I

Are Coldfire processors vulnerable to the Spectre (or Meltdown) vulnerability?

0 Kudos
2 Replies

531 Views
ToniZollikofer
NXP TechSupport
NXP TechSupport

At this point in time, NXP does not give general replies, due to analysis ongoing in several areas, and due to the fact that overall security is a system issue and therefor relying also on the used operating system etc.

I am posting the offical statement below here, but want to add a personal comment:

Especially the system aspect is for many ColdFire and Microcontroller based embedded systems the bottom line answer:

The Spectre vulnerability requires to execute code on the system, a code which tries to exploit it. If the OEM building a system, does not allow any code execution of foreign code (like on a desktop operating systems), the question if the processor is theoretically vulnerable to such attacks is void and academic only.

Note that there are reports in the press, that http services which allow the execution of Javascript in the browser are an attack scenario (relies also the timer precision etc.).

This is the first consideration to take and the reason for the second part of the statement below, it´s foremost a system question.

With this personal note,  here is the statement and offer we make at this time for any further detailed answers.

NXP advises customers to write an email to the NXP Product Security Incident Response Team at psirt[@]nxp.com. It is required that you indicate the specific part and operating system that your question refers to in order to be able providing support in the best way.
For end users using NXP processors but not buying semiconductors from NXP directly or through distributors, we have to refer to the original equipment manufacturer (OEM) as any security analysis needs to be done on a system level.

0 Kudos

531 Views
TomE
Specialist II

For most of them, the answer is simply "no". They're not advanced enough to have the features that cause this problem.

Spectre and Meltdown require a CPU that performs Speculative Execution, and have a Protection Model that can be violated. Only the ColdFire V4 has the latter (has an MMU), and only has "Limited Superscalar" and "Branch Prediction" as its most advanced features.

There was a V5 ColdFire, but it was never released as a product. I have no idea what it did and can't find out either:

https://community.nxp.com/message/967908?

Meltdown requires a CPU that goes and fetches memory in parallel with checking to see if that access is permitted, and will fetch the memory location even if it isn't allowed. The CFV4 MMU Documentation says "By the middle of the KC1 cycle, the memory address is available along with its corresponding access control", which implies it doesn't do this.

Spectre requires Branch Prediction and Speculative Execution. It also needs to be running on the target somehow. One way is by running Javascript, but that assumes the ColdFire chip is inside something that is running a Web Browser advanced enough to be running Javascript. That's not very likely.

Tom

0 Kudos