By Dr. Raik Brinkmann – 06-06-19
Secure enclaves and root of trust are not enough. Hardware vulnerabilities affect the security of automotive, medical, and IoT systems.
In January 2018, computer security researchers disclosed two critical processor vulnerabilities that malicious programs could exploit to leak secure data: Meltdown and Spectre.
The engineering community and the public at large are accustomed to software vulnerabilities requiring frequent app updates or installation of operating system patches. These were different — hardware was the culprit, and hardware is not cheap to update.
The only practical approach is to release new software that, at the cost of making the system slower and less energy efficient, masks vulnerable hardware functions or avoids their use. Meltdown and Spectre sparked a series of investigations into hardware security.