transientfail
transientfail copied to clipboard
Add LVI attacks
We should incorporate https://lviattack.eu/ into the tree. Either as an addition to the MD subtree or a separate branch? Given the symmetry with existing MD-type attacks, Id argue for extending the MD subtree instead of creating a new branch. Proposed plan RFC:
- [ ] rename Meltdown-type to Meltdown/LVI-type to reflect that MD is not anymore only about "melting down" protection domains by leaking
- [ ] update each MD leaf with a "leakage" and "injection" subsection briefly describing the impact of the leakage/injection angles, if applicable
- [ ] add NULL as an extra leaf for the last-level u-arch buffer split. At least for MD-US-NULL, we can also mention EchoLoad in the "leakage"-oriented subsection, as it abuses NULL forwarding to break ASLR which leaks side-channel info.
- [ ] add a new MD-PPN node to describe Foreshadow-EPCM SGX leakage attacks and LVI-PPN-L1D attacks; for completeness we should prob also add MD-RSVD
Ideas, feedback?