Data memory-dependent prefetcher
A data memory-dependent prefetcher (DMP) is a
As of 2022, data prefetching was already a common feature in CPUs,[3] but most prefetchers do not inspect the data within the cache for pointers, instead working by monitoring memory access patterns. Data memory-dependent prefetchers take this one step further.
The DMP in Apple's M1 computer architecture was demonstrated to be capable of being used as a memory side-channel in an attack published in early 2024. At that time its authors did not know of any practical way to exploit it.[4] The DMP was subsequently discovered to be even more opportunistic than previously thought, and has now been demonstrated to be able to be used to effectively attack a variety of cryptographic algorithms in work called GoFetch by its authors.[5][6]
Intel Core processors also have DMP functionality (Intel use the term "Data Dependent Prefetcher") but Intel states that they have features to prevent their DMPs being used for side-channel attacks.[7] The authors of GoFetch state that they were unable to make their exploit work on Intel processors.[6]
References
- ^ "Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest". www.prefetchers.info. 2022-05-02. Retrieved 2024-03-30.
- ISBN 978-1-6654-1316-9.
- arXiv:2009.00715 [cs.AR].
- ^ Goodin, Dan (2024-03-21). "Unpatchable vulnerability in Apple chip leaks secret encryption keys". Ars Technica. Retrieved 2024-03-21.
- ^ "Apple Silicon chip flaw can leak encryption keys, say researchers". AppleInsider. 2024-03-21. Retrieved 2024-03-22.
- ^ a b "GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers". gofetch.fail. Retrieved 2024-03-22.
- ^ "Data Dependent Prefetcher". Intel. Retrieved 2024-03-21.