>"One of the most interesting members of the RISC-style x86 group was the Transmeta Crusoe processor, which translated x86 instructions into an internal VLIW form, rather than internal superscalar, and used software to do the translation at runtime, much like a Java virtual machine. This approach allowed the processor itself to be a simple VLIW, without the complex x86 decoding and register-renaming hardware of decoupled x86 designs, and without any superscalar dispatch or OOO logic either."
PDS: Why do I bet that the Transmeta Crusoe didn't suffer from Spectre -- or any other other x86 cache-based or microcode-based security vulnerabilities that are so prevalent today?
Observation: Intentional hardware backdoors -- would have been difficult to place in Transmeta VLIW processors -- at least in the software-based x86 translation portions of it... Now, are there intentional hardware backdoors in its lower-level VLIW instructions?
I don't know and can't speculate on that...
Nor do I know if the Transmeta Crusoes contained secret deeply embedded "security" cores/processors -- or not...
But secret deeply embedded "security" cores/processors and backdoored VLIW instructions aside -- it would sure be hard as heck for the usual "powers-that-be" -- to be able to create secret/undocumented x86 instructions with side effects/covert communication to lower/secret levels -- and run that code from the Transmeta Crusoe's x86 software interpreter/translator -- especially if the code for the x86 software interpreter/translator -- is open source and throughly reviewed...
In other words, from a pro-security perspective -- there's a lot to be said about architecturally simpler CPU's -- regardless of how slow they might be compared to some of today's super-complex (and, ahem, less secure...) CPU's...
AFAIK Transmeta's core was doing a lot of speculative execution stuff, so if it evolved until today I wouldn't bet on it also gaining issues like Spectre.
But, even if it is... keep in mind that when running x86 instructions, you still have the x86 translation software proxy layer... that means that could could grab any given offending / problem-causing x86 instruction -- when you encountered it, and recode the VLIW output from it to output a different set of native VLIW instructions -- that you knew were safe...
In other words, with a Transmeta Crusoe -- if the x86 translation layer is open source and you possess it (and can code / understand things) -- then you'll have some options there.
Which is unlike a regular x86 CPU -- where the way it decodes and executes instructions -- cannot be changed in any way by the user...
Transmeta Crusoe is unlikely to be vulnerable, but it's Intel contemporaries aren't either. So you'd need to be looking at some hypothetical "today" version.
An open system with such a design would indeed be fascinating (the original wasn't open, and Transmeta was big on their patents on this stuff). More flexibility than microcode patches too.
Elbrus 2000 is a mass-produced VLIW microprocessor with binary translation of x86. There is a set of different models having different number of cores and DSP blocks.
The code morphing software itself is almost certainly a new source of new side channel spectre like attacks. Like being able to tell if something is already in the translation cache via timing.
It would be much easier for a vendor to turn off speculative compilation in that case though, i.e. for HPC you want all the performance, but a cloud vendor could still protect vulnerable interfaces.
Well, again, if the x86 code morphing software is available and open source, and if someone understands this software and can modify it -- then that's infinitely infinitely better (from a security perspective) -- than having to run x86 code directly on a regular AMD/Intel x86 processor...
In the latter case -- you have absolutely no control whatsoever over how the processor interprets and dispatches its x86 instructions...
Oh totally. I'm more sure than not that something like an open source code morphing software could be made more secure against side channel attacks with greater flexibility than is afforded micro code updates.
I'm mainly saying that it's a problem space that both has actively shipping implemetnations (Nvidia Denver), has new levels of cache which affect performance based on previous codeflows, and hasn't been fully explored publicly AFAIK. There's probs some dragons in there in at least the pre spectre versions of that software.
If you're talking about Rosetta, it's not as clear that you'd see any successful attacks. It only runs at one CPU privilege level. And even in the browser sandbox escape versions Rosetta heavily uses AOT when it can, so your JS is probably not sharing a translation cache with much if any of the code you'd be attacking.
This is in contrast to Transmeta where the whole system more or less ran out of the one translation cache.
Some consider E2K (Elbrus 2000) as successor to Transmeta Crusoe and it is not effected to Spectre issue. It does binary translation of x86 code as well and quite fast (20% preformance loss).
PDS: Why do I bet that the Transmeta Crusoe didn't suffer from Spectre -- or any other other x86 cache-based or microcode-based security vulnerabilities that are so prevalent today?
Observation: Intentional hardware backdoors -- would have been difficult to place in Transmeta VLIW processors -- at least in the software-based x86 translation portions of it... Now, are there intentional hardware backdoors in its lower-level VLIW instructions?
I don't know and can't speculate on that...
Nor do I know if the Transmeta Crusoes contained secret deeply embedded "security" cores/processors -- or not...
But secret deeply embedded "security" cores/processors and backdoored VLIW instructions aside -- it would sure be hard as heck for the usual "powers-that-be" -- to be able to create secret/undocumented x86 instructions with side effects/covert communication to lower/secret levels -- and run that code from the Transmeta Crusoe's x86 software interpreter/translator -- especially if the code for the x86 software interpreter/translator -- is open source and throughly reviewed...
In other words, from a pro-security perspective -- there's a lot to be said about architecturally simpler CPU's -- regardless of how slow they might be compared to some of today's super-complex (and, ahem, less secure...) CPU's...