This repository contains several experiments and proof-of-concepts for the AMD Prefetch Attacks through Power and Time paper. For more technical information, please refer to the paper:
- AMD Prefetch Attacks through Power and Time by Moritz Lipp, Daniel Gruss, Michael Schwarz
The individual proof-of-concept implementations are self-contained and come with a Makefile and an individual description that explains how to build, run and interpret the proof-of-concept.
In order to run the proof-of-concepts, the following prerequisites need to be fulfilled:
- Linux installation
- Build tools (gcc, make)
- AMD energy driver (optional)
- PTEditor
- AMD CPU
Throughout our experiments, we successfully evaluated our implementations on the following CPUs. However, most of the implementation should work on CPUs with the same microarchitecture.
| CPU | Microcode | Microarchitecture |
|---|---|---|
| AMD Ryzen 5 2500 U | 0x810100b |
Zen |
| AMD Ryzen Threadripper 1920X | 0x8001137 |
Zen |
| AMD Ryzen 5 3600 | 0x8701021 |
Zen 2 |
| AMD Ryzen 7 3700X | 0x8701021 |
Zen 2 |
| AMD A10-7870K | 0x6003106 |
Steamroller |
| AMD EPYC 7402P | 0x830104d |
Zen |
| AMD EPYC 7571 | 0x800126c |
Zen |
The follow tables give an overview of all artifacts provided in this repository. Each folder contains an additional description explaining how to build, run and interpret the artifact.
| Name | Description |
|---|---|
| Page Table Level | |
| TLB State | |
| Stalling | |
| Retirement |
| Name | Description |
|---|---|
| KASLR Break | Kernel Address Space Derandomization using Energy Consumption or the Execution Time of the prefetch instruction |
| Leaking Kernel Memory with Spectre | Combination of TLB-Evict+Prefetch and a Spectre Gadget to leak kernel memory |