sk4nz/octopus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add docker man

Browse Source
This commit is contained in:
Samuel Aubertin
2022-04-12 11:43:25 +02:00
parent 781faf53e5
commit 202bc29099
1 changed files with 34 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
README.md
View File

@@ -14,12 +14,23 @@ It measures and uploads the success rate of the Spectre attacks on your CPU usin
And compilation/linking flags such as:
- Optimisation levels (```-O```)
- Static/dynamic linking
- [Masking](https://github.com/torvalds/linux/blob/cb6416592bc2a8b731dabcec0d63cda270764fc6/arch/x86/include/asm/barrier.h#L27) and [lfence](https://www.intel.com/content/www/us/en/developer/articles/troubleshooting/using-intel-compilers-to-mitigate-speculative-execution-side-channel-issues.html) mitigations against Spectre V1
- [RETPOLINE](https://support.google.com/faqs/answer/7625886) mitigation against Spectre V2
- Optimisation levels (```-O```).
- Static/dynamic linking.
- [Masking](https://github.com/torvalds/linux/blob/cb6416592bc2a8b731dabcec0d63cda270764fc6/arch/x86/include/asm/barrier.h#L27) and [lfence](https://www.intel.com/content/www/us/en/developer/articles/troubleshooting/using-intel-compilers-to-mitigate-speculative-execution-side-channel-issues.html) mitigations against Spectre V1.
- [RETPOLINE](https://support.google.com/faqs/answer/7625886) mitigation against Spectre V2.
It is known to work on the following _GNU/Linux_ distributions : _Alpine_, _RHEL8_, _Fedora35_. and _OpenBSD_.
## Supported platforms
- x86_64 with SSE
## Supported distributions
- _Alpine 3.15_
- _RHEL 8_
- _Fedora 35_
- _OpenBSD 7.0_
A _Dockerfile_ is provided but be wary: the compiled binaries inside the docker image are heavily dependent on the CPU platform/version and _not_ portable. You **have** to build the image on the actual CPU you want to test, otherwise you may stumble upon ```core dumped: illegal instruction``` errors.
## Results
@@ -30,17 +41,27 @@ Results are stored as JSON objects in an unique file for each run, following thi
- Compiler: ```clang``` and ```gcc```
- Linker: ```lld```
- For upload: ```openssh``` and ```uuid```
- The C library static symbols: ```glibc-static```
- The C library static symbols, on Fedora: ```glibc-static```
## Execution
## Running the experiment
Will build, execute and upload the results.
```make``` will build, execute and upload the experiment results.
```make```
### PoC only
```make poc``` will compile and execute v1 and v2 executable once using clang and no optimisations.
### Within docker
```make docker``` will build, execute and upload the experiment results within Docker.
```make dockerbuild``` will only build the experiment images named _octopus_.
```make dockerpoc``` will run the PoC within Docker.
### Build only
```make build```
```make build``` will only build the experiment binaries.
To build using multiple processes:
@@ -62,7 +83,9 @@ Here is an exhaustive list of the data sent:
## References
Both implementations are heavily inspired by:
- [Spectre Attacks: Exploiting Speculative Execution](https://spectreattack.com/spectre.pdf)
Both implementations were inspired by:
- [ErikAugust gist](https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6)
- [genua GmbH PoC](https://github.com/genua/meltdown)