some questions

[pig-pig-yang]

Hello, I would like to generate a RISCV executable file for side channel attack, implemented on SonicBoom, do you have a formed POC? I run your version, there will be illegal instruction. I found you add some CHERI architecture Inst?

[francislaus]

Hello @yangshuaixian, If you run make riscv, it will build all RISC-V proof-of-concept attacks for Spectre-{PHT,BTB,RSB,STL} and Meltdown-{US,GP}. The source code can be found in the directory riscv_sources. The attacks work via a cache timing side channel where the success is determined by reading hardware performance monitoring (HPM) counters. In the case of these attacks, we use the L1 D Cache HPM load counter (which is mapped to event 0x30 in all microarchitectures we evaluated). In order to make it work on SonicBoom, you presumably must change the counter event to corresponding number (assuming Boom implements a L1 D Cache counter) as well as the start address for the code (which is 0x80000000 in simulation in our case). There is also a version for each attack in CHERI-RISC-V assembly. These will not run on Boom because it does not implement the CHERI-RISC-V ISA extension. However, all RISC-V attacks will run on Boom - you might probably need to adjust them slightly to Boom's speculation mechanisms. Are you intending to run this in simulation or on FPGA?

[pig-pig-yang]

I used to load Boom on VC707 FPGA board and boot Linux operating system.Then i want to find if side channel attack Boom core. So I need some RISCV POC to verify the characteristics of Boom.

[pig-pig-yang]

Hello, I have bought VCU118 recently, could you tell me that how i can Run CheriBSD and Toooba on VCU118,Whether there is any project can be used for reference. thk.