Status of attacks on chipyard-based boom

[austinharris]

I was able to successfully run the conditional branch mispredict and the indirect branch mispredict attacks with this chipyard version and the MediumBoomConfig:
ef404ef0ba6c471430120f13818cc5027225d877

However the return stack buffer attack did not recover the correct secret.

[jerryz123]

The RAS in BOOM was disabled due to bugs.
We will push a version with a working RAS soon.

[abejgonzalez]

Thanks for re-testing it will all the changes that have happened to the core/SoC ecosystem recently!

[hz1490919302]

Thanks for re-testing it will all the changes that have happened to the core/SoC ecosystem recently!

Now RAS has been fixed in the latest boom, but I still can’t implement spectreRAS with the SmallConfigBoom and the chipyard. Can the current Boom protect against this spectre attack?

[jerryz123]

The spectreRAS implementation in this repository is unfinished, as the README notes. Perhaps someone should finish this. It should be pretty straightforward to modify the x86 code example in the original Spectre Returns paper.

In general, BOOM does not have protection against RAS-based attacks.