Commit b0de0aa2 authored by Kevin Brodsky's avatar Kevin Brodsky
Browse files

compartment-demo: clarify note on side-channel attacks

Although a future architecture may be hardened against side-channel
attacks, Morello is not.

Change-Id: I52cea59c219def1069be7c9da46a33baa6aa2acb
parent b2b70c4a
......@@ -375,7 +375,9 @@ Security-related limitations
compartment, thereby informing the kernel in an unforgeable manner.
* SPECTRE-like (side-channel) attacks between compartments are not prevented.
Using ``CID_EL0`` as described above would help mitigate against such attacks.
Morello does not include mitigations against such attacks. A future
architecture may include mitigations that rely on using ``CID_EL0`` as
described above to identify compartment contexts.
* Executable capabilities provided by the CM to compartments can be modified,
and in particular their address can be changed, allowing compartments to jump
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment