Re: How does knowing where imply knowing what?
"[...]the 256 pages are NOT in kernel memory, they are just plain accessible memory in the attacker's process.[...]"
Nice summary, assuming it's correct. Thank you.
Assuming I've correctly understood the various pictures, your description seems to be consistent with ARM's statement today that DEVICE data (which is deliberately and architecturally non-cacheable) isn't vulnerable to this particular unintended disclosure.
By the sound of things, Intel no longer have enough smart knowledgeable people in positions of authority to make this distinction (or its importance) properly understood.
Lots of other business-class chip architects (e.g. DEC, IBM, Sun, etc) have understood the distinction in the past, and it seems the AMD64 people still do. But then x86 and its allegedly impossible follow-on (Intel's apparently defective copy of AMD64) has never really had an architecture as such, and x86 in the post-DOS era has only been sold widely into business-class because of its apparent cheapness.
Well done PHBs and bean counters. Don't say you weren't warned.
anybody care to speculate what if any impact this has on Intel's SGX (Intel's alleged competitor to ARM's TrustZone, see e.g.
[edited for typos]