diff --git a/README.md b/README.md index ea3122b..258f406 100644 --- a/README.md +++ b/README.md @@ -14,12 +14,23 @@ It measures and uploads the success rate of the Spectre attacks on your CPU usin And compilation/linking flags such as: -- Optimisation levels (```-O```) -- Static/dynamic linking -- [Masking](https://github.com/torvalds/linux/blob/cb6416592bc2a8b731dabcec0d63cda270764fc6/arch/x86/include/asm/barrier.h#L27) and [lfence](https://www.intel.com/content/www/us/en/developer/articles/troubleshooting/using-intel-compilers-to-mitigate-speculative-execution-side-channel-issues.html) mitigations against Spectre V1 -- [RETPOLINE](https://support.google.com/faqs/answer/7625886) mitigation against Spectre V2 +- Optimisation levels (```-O```). +- Static/dynamic linking. +- [Masking](https://github.com/torvalds/linux/blob/cb6416592bc2a8b731dabcec0d63cda270764fc6/arch/x86/include/asm/barrier.h#L27) and [lfence](https://www.intel.com/content/www/us/en/developer/articles/troubleshooting/using-intel-compilers-to-mitigate-speculative-execution-side-channel-issues.html) mitigations against Spectre V1. +- [RETPOLINE](https://support.google.com/faqs/answer/7625886) mitigation against Spectre V2. -It is known to work on the following _GNU/Linux_ distributions : _Alpine_, _RHEL8_, _Fedora35_. and _OpenBSD_. +## Supported platforms + +- x86_64 with SSE + +## Supported distributions + +- _Alpine 3.15_ +- _RHEL 8_ +- _Fedora 35_ +- _OpenBSD 7.0_ + +A _Dockerfile_ is provided but be wary: the compiled binaries inside the docker image are heavily dependent on the CPU platform/version and _not_ portable. You **have** to build the image on the actual CPU you want to test, otherwise you may stumble upon ```core dumped: illegal instruction``` errors. ## Results @@ -30,17 +41,27 @@ Results are stored as JSON objects in an unique file for each run, following thi - Compiler: ```clang``` and ```gcc``` - Linker: ```lld``` - For upload: ```openssh``` and ```uuid``` -- The C library static symbols: ```glibc-static``` +- The C library static symbols, on Fedora: ```glibc-static``` -## Execution +## Running the experiment -Will build, execute and upload the results. +```make``` will build, execute and upload the experiment results. -```make``` +### PoC only + +```make poc``` will compile and execute v1 and v2 executable once using clang and no optimisations. + +### Within docker + +```make docker``` will build, execute and upload the experiment results within Docker. + +```make dockerbuild``` will only build the experiment images named _octopus_. + +```make dockerpoc``` will run the PoC within Docker. ### Build only -```make build``` +```make build``` will only build the experiment binaries. To build using multiple processes: @@ -62,7 +83,9 @@ Here is an exhaustive list of the data sent: ## References -Both implementations are heavily inspired by: +- [Spectre Attacks: Exploiting Speculative Execution](https://spectreattack.com/spectre.pdf) + +Both implementations were inspired by: - [ErikAugust gist](https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6) - [genua GmbH PoC](https://github.com/genua/meltdown)