My accuracy is 0.5, is there any running error in my test?

[linlanfeng]

I run the following steps on my i5-6200u laptop (Ubuntu 16.04, the kernel is 4.15.0-45-generic):

1. write performance to the files: /sys/devices/system/cpu/cpufreq/policy1/scaling_governor and /sys/devices/system/cpu/cpufreq/policy3/scaling_governor

2. writing 1 to /sys/devices/system/cpu/intel_pstate/no_turbo

3. sudo modprobe msr

4. Set CORE0 and CORE1 in the Makefile to cores 1 and 3

5. sudo ./process.py

However, the output accuracies are always 0.40-0.59. I also try to run "for ((i=1;i<=300;i++));do sudo ./process.py $i;done" in order to test different thresholds, and the output are still the same.

Is there any advice?

[atrib]

Hi @linlanfeng,

First, I assume that you are changing NEXPTS = 300 in the line for(i = 0; i < NEXPTS; i++). If your accuracy remains low, it is symptomatic that the attack isn't really working.

For debugging:

1. With NEXPTS=8, can you run the plot_hist.m after running ./orchestrator. This will plot histograms of attacker timings w.r.t. victim secret. Do these plots visibly differ? This plot should help you diagnose cases where the threshold is incorrect.
2. Check for branch target injection. The output file victim_pmc0.csv will hold the values of the ARITH.DIVIDER_ACTIVE counter. A non-zero value indicates successfull BTI. What is the rate of successful BTI?

A typical issue: Have you disabled the microcode loader on boot by passing the dis_ucode_ldr parameter to the kernel boot arguments?

[linlanfeng]

That's it! We did not disable the microcode loader. We use the command "sudo apt remove inel-microcode" to disable the latest microcode and it works now. Thanks!