On Thu, 18 Oct 2018, Pavel Machek wrote:
Definitely should be refined.
Meltdowns approach AFAIK does not work because reads outside the enclave
will always have a predefined value (-1) but only if the page is present,
which was later exploited in the Foreshadow attack.
What about L1tf and https://github.com/lsds/spectre-attack-sgx ?
L1TF is the vuln and Foreshadow is the attack taking advantage of the
vuln. I didn't mean to patch the documention in my response or give
extensive list of the vulns if you expected that.
For kernel documentation it does make sense to give a threat model
but not enumerate every possible vuln.
/Jarkko
