Meltdown, Spectre and the Future of Secure Hardware

Todd Weaver

Founder and CEO
PGP Fingerprint: B8CA ACEA D949 30F1 23C4 642C 23CF 2E3D 2545 14F7

Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

Meltdown and Spectre are not just hardware exploits, they are the processor and microprocessor exploits. Meltdown is an exploit against the CPU which has a patch in progress, while Spectre is an exploit against the design of microprocessors which has a “possibility to patch upon each exploit as it is identified” in a never ending game of cat-and-mouse.

Protecting from Meltdown and Spectre with PureOS

  • Purism’s PureOS, a Free Software Foundation endorsed distribution, is releasing a patch to stop the Meltdown attack, with thanks to the quick and effective actions of the upstream Linux kernel development team.
  • Like the patch for Meltdown, PureOS will continue to release patches against any Spectre exploits as they are found and fixed, which highlights the importance of keeping up-to-date on software updates.

Countermeasures in Purism Librem hardware

Purism continues to advance security in hardware through a combination of techniques, including the inclusion of TPM in Librem laptops, where we are progressing towards a turn-key TPM+Heads solution. This will allow us to provide Librem users with a strong defensive stance making future exploits less scary.

While these countermeasures are not direct solutions for Meltdown and Spectre, they help work towards a larger scope of measurement and indication of “known good” states. In this case, this would mean only running a Linux kernel version which has good patches applied for Meltdown and Spectre exploits. Flagging or stopping any modifications that could be exploits adds another layer of security to protect users’ devices and sensitive information.

The Future of Secure Hardware

Intel, AMD, and ARM seem to suffer from the same issues that proprietary software suffers from: a lack of transparency that results in an unethical design which shifts us further away from an ethical society. RISC-V is something we are closely following in the hopes that it can create a future where processor hardware can be as ethical as Free Software—meaning that the user is in control of their own hardware and software, not the developer.

Purism, as a Social Purposes Corporation, will continue to advance along the best paths possible to offer high-end hardware that is as secure as possible, in alignment with our strict philosophy of ethical computing.