Intel introduced Data Operand Independent Timing Mode (DOITM) in Ice Lake, a similar feature to ARMv8's DIT. Additional background.
Unfortunately it's currently privileged, and it seems attempts to allow unprivileged thread-specific settings in Linux did not work out and would require hardware changes. However, it shows that other CPUs are adding these capabilities and we should probably plan for a more general abstraction, similar to cpuid-bool => cpufeatures.
(Annoyingly Intel simultaneously says you should always use DOITM for cryptography, made it privileged, and they said leaving it on all the time has horrible performance impacts. I think they will eventually need to figure out a solution that's unprivileged, similar to DIT and as it were CPUID)
I also think we should start wiring this up in our higher-level crates, particular for things like public-key cryptography which perform complicated long-running operations that are frequently the source of sidechannels. At least, whenever #1472 is addressed.
Intel introduced Data Operand Independent Timing Mode (DOITM) in Ice Lake, a similar feature to ARMv8's DIT. Additional background.
Unfortunately it's currently privileged, and it seems attempts to allow unprivileged thread-specific settings in Linux did not work out and would require hardware changes. However, it shows that other CPUs are adding these capabilities and we should probably plan for a more general abstraction, similar to
cpuid-bool=>cpufeatures.(Annoyingly Intel simultaneously says you should always use DOITM for cryptography, made it privileged, and they said leaving it on all the time has horrible performance impacts. I think they will eventually need to figure out a solution that's unprivileged, similar to DIT and as it were CPUID)
I also think we should start wiring this up in our higher-level crates, particular for things like public-key cryptography which perform complicated long-running operations that are frequently the source of sidechannels. At least, whenever #1472 is addressed.