PoC code implementing variant 3a of the Meltdown attack for AArch64. This allows reading all (potentially excluding registers whose read has side effects - not verified) system registers from user mode, including those which should only be accessible from the EL1 (kernel), EL2 (hypervisor) and EL3 (secure monitor) modes.
See the ARM whitepaper and the Meltdown vulnerability .
Confirmed to be working on Cortex-A57 and Cortex-A72.
Infoleaks of potentially sensitive data from the OS, hypervisor or secure monitor. No cryptographic keys or user data are expected to be exposed in most cases. So far, I've identified 3 potentially interesting uses for this:
Only showing AArch64 implementations.
Please open a pull request if you've tested on any other implementations.
The access timing is done using a second thread which increments a counter, which means that at least 2 cores need to be online and (close to) idle. DVFS might have to be disabled. In a big.LITTLE system, pin this process to the big cores. Cortex-A57 and Cortex-A72 are the only AArch64-capable cores designed by ARM which are vulnerable (to this variant of Meltdown). Note that bit-level errors are possible, although they should be rare.
The registers marked dynamic denote the registers which do not appear to have a constant value during the sampling process. In the sample below, these are the Generic Timer registers (CNT*) and the Interrupt Status Register (ISR_EL1).