The code morphing software itself is almost certainly a new source of new side channel spectre like attacks. Like being able to tell if something is already in the translation cache via timing.
It would be much easier for a vendor to turn off speculative compilation in that case though, i.e. for HPC you want all the performance, but a cloud vendor could still protect vulnerable interfaces.
Well, again, if the x86 code morphing software is available and open source, and if someone understands this software and can modify it -- then that's infinitely infinitely better (from a security perspective) -- than having to run x86 code directly on a regular AMD/Intel x86 processor...
In the latter case -- you have absolutely no control whatsoever over how the processor interprets and dispatches its x86 instructions...
Oh totally. I'm more sure than not that something like an open source code morphing software could be made more secure against side channel attacks with greater flexibility than is afforded micro code updates.
I'm mainly saying that it's a problem space that both has actively shipping implemetnations (Nvidia Denver), has new levels of cache which affect performance based on previous codeflows, and hasn't been fully explored publicly AFAIK. There's probs some dragons in there in at least the pre spectre versions of that software.
If you're talking about Rosetta, it's not as clear that you'd see any successful attacks. It only runs at one CPU privilege level. And even in the browser sandbox escape versions Rosetta heavily uses AOT when it can, so your JS is probably not sharing a translation cache with much if any of the code you'd be attacking.
This is in contrast to Transmeta where the whole system more or less ran out of the one translation cache.
