But, even if it is... keep in mind that when running x86 instructions, you still have the x86 translation software proxy layer... that means that could could grab any given offending / problem-causing x86 instruction -- when you encountered it, and recode the VLIW output from it to output a different set of native VLIW instructions -- that you knew were safe...
In other words, with a Transmeta Crusoe -- if the x86 translation layer is open source and you possess it (and can code / understand things) -- then you'll have some options there.
Which is unlike a regular x86 CPU -- where the way it decodes and executes instructions -- cannot be changed in any way by the user...
Transmeta Crusoe is unlikely to be vulnerable, but it's Intel contemporaries aren't either. So you'd need to be looking at some hypothetical "today" version.
An open system with such a design would indeed be fascinating (the original wasn't open, and Transmeta was big on their patents on this stuff). More flexibility than microcode patches too.
Elbrus 2000 is a mass-produced VLIW microprocessor with binary translation of x86. There is a set of different models having different number of cores and DSP blocks.
The code morphing software itself is almost certainly a new source of new side channel spectre like attacks. Like being able to tell if something is already in the translation cache via timing.
It would be much easier for a vendor to turn off speculative compilation in that case though, i.e. for HPC you want all the performance, but a cloud vendor could still protect vulnerable interfaces.
Well, again, if the x86 code morphing software is available and open source, and if someone understands this software and can modify it -- then that's infinitely infinitely better (from a security perspective) -- than having to run x86 code directly on a regular AMD/Intel x86 processor...
In the latter case -- you have absolutely no control whatsoever over how the processor interprets and dispatches its x86 instructions...
Oh totally. I'm more sure than not that something like an open source code morphing software could be made more secure against side channel attacks with greater flexibility than is afforded micro code updates.
I'm mainly saying that it's a problem space that both has actively shipping implemetnations (Nvidia Denver), has new levels of cache which affect performance based on previous codeflows, and hasn't been fully explored publicly AFAIK. There's probs some dragons in there in at least the pre spectre versions of that software.
If you're talking about Rosetta, it's not as clear that you'd see any successful attacks. It only runs at one CPU privilege level. And even in the browser sandbox escape versions Rosetta heavily uses AOT when it can, so your JS is probably not sharing a translation cache with much if any of the code you'd be attacking.
This is in contrast to Transmeta where the whole system more or less ran out of the one translation cache.
See if Transmeta Crusoe is vulnerable to Spectre?
But, even if it is... keep in mind that when running x86 instructions, you still have the x86 translation software proxy layer... that means that could could grab any given offending / problem-causing x86 instruction -- when you encountered it, and recode the VLIW output from it to output a different set of native VLIW instructions -- that you knew were safe...
In other words, with a Transmeta Crusoe -- if the x86 translation layer is open source and you possess it (and can code / understand things) -- then you'll have some options there.
Which is unlike a regular x86 CPU -- where the way it decodes and executes instructions -- cannot be changed in any way by the user...