Introduction
The Data Operand Independent Timing Instruction Set Architecture (DOIT ISA) document describes a new feature which in conjunction with our guidance on Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations can be used for “constant time” execution for code specifically written to the guidelines. This mode allows constant time code to inform the processor that data operand independent timing is needed.
On certain processors, MXCSR may also need to be configured to avoid data-dependent behavior for the instructions listed in Data Operand Independent Timing Instructions That May Exhibit MXCSR Configuration Dependent Timing Behavior. This article describes that behavior and configuration.
MXCSR Configuration Dependent Timing (MCDT)
On certain processors as listed in MCDT Enumeration, some data-independent timing vector instructions may have subtle data-dependent timing due to MXCSR configuration. Specifically, specific data values may delay instruction retirement by, at most, one cycle. This is a small enough delay that it may not be observable in common practice, but this small delay is still data-dependent timing. This data operand-dependent timing may impact software following Intel’s Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations.
Hardware
Future processors are not expected to exhibit data operand dependent timing due to MXCSR configuration. This will be enumerated by CPUID.(EAX=7H,ECX=2):EDX[5]=1. Many current processors which are also not affected are listed in the Processors That Do Not Exhibit MCDT Behavior section.
Software Mitigations
Some environments may conclude that this side channel is minor and does not need mitigation.
For systems that do not enumerate CPUID.(EAX=7H,ECX=2):EDX[5]=1, software that does need mitigation can mitigate the data-dependent timing by loading MXCSR with the value of 0x1FBF before using data operand independent timing instructions impacted by the MXCSR configuration. Software must use pre- and post-serialized LDMXCSR instructions before using impacted data operand independent timing instructions.
Prolog:
STMXCSR save_val
LDMXCSR value_0x1fbf
LFENCE
// Constant-time code using affected instructions
Epilog:
LFENCE
LDMXCSR save_val
For applications that do not otherwise depend on a specific value of MXCSR, the value of 0x1FBF can be established during the initialization of the application and mitigate the data dependent timing with minimal overhead.
Instructions That May Exhibit MCDT Behavior
This list is based on Intel's investigation and is current as of the date of publication. Intel will update this list if additional instructions with these characteristics are discovered.
- PMADDUBSW
- PMULUDQ
- VPMULHRSW
- PMADDWD
- VPLZCNTD
- VPMULHUW
- PMULDQ
- VPLZCNTQ
- VPMULHW
- PMULHRSW
- VPMADD52HUQ
- VPMULLD
- PMULHUW
- VPMADD52LUQ
- VPMULLQ
- PMULHW
- VPMADDUBSW
- VPMULLW
- PMULLD
- VPMADDWD
- VPMULUDQ
- PMULLW
- VPMULDQ
Intel® Software Guard Extensions (Intel® SGX)
Although instructions inside enclave mode will act as if data operand independent timing mode is set, they may still exhibit MCDT behavior.
If the intended operation of an Intel SGX enclave, for the lifetime of the enclave, is achievable with MXCSR=0x1FBF, then any loads of MXCSR (via LDMXCSR, XRSTOR, etc.) should be of 0x1FBF. There should also be an LFENCE between any load of MXCSR (even of 0x1FBF) and subsequent use of any affected instruction.
If the enclave is compatible with MXCSR=0x1FBF and uses any of the affected instructions, then the beginning of each enclave ECALL should change MXCSR to 0x1FBF and then execute an LFENCE instruction. The Intel SGX SDK will be changed to do this.
The Intel-provided SGX architectural enclaves (AEs) fall into this compatible with MXCSR=0x1FBF category.
If the intended operation of an Intel SGX enclave is not achievable with MXCSR=0x1FBF, then the general sequence in the Software Mitigations section should be used instead.
Enumeration and Architectural MSRs
MCDT Enumeration
CPUID.(EAX=7H,ECX=2):EDX[5] enumerates MCDT_NO. Processors that enumerate this bit as 1 do not exhibit MCDT behavior and do not need to be mitigated. Note that Intel Atom and pre-Skylake Intel Core processors may not enumerate MCDT_NO but nevertheless do not exhibit MCDT behavior. Refer to the Processors That May Exhibit MCDT Behavior section and the Processors That Do Not Exhibit MCDT Behavior section for more infomation about these processors.
MCDT Enumeration Guidance for Cryptographic Software
CPUID leaf 7 subleaf 2 EDX bit 5 enumerates MCDT_NO. Processors that enumerate this bit as 1 do not exhibit MXCSR Configuration Dependent Timing behavior and do not need to mitigate it. Intel Atom and Intel Core processors based on microarchitectures prior to Skylake may not exhibit MCDT behavior despite not enumerating MCDT_NO. Refer to the Processors That Do Not Exhibit MCDT Behavior section for more information.
Cryptography developers who wish to apply MCDT mitigations should use the following steps to determine if MCDT mitigation should be applied:
The cryptography software should determine if MCDT_NO is enumerated as 1. If it is, then no mitigation needs to be applied.
If MCDT_NO is enumerated as 0, the cryptography software should determine if it is running in a virtualized environment by checking the value of CPUID leaf 1 ECX bit 31.
If CPUID leaf 1 ECX bit 31 is 0, then a hypervisor is not present, and the cryptography software should use CPUID family/model/stepping to determine if it is running on a processor documented as not exhibiting MCDT behavior.
If CPUID leaf 1 ECX bit 31 is 1, then a hypervisor is present and the cryptography software may be running on a processor that does not exhibit MCDT behavior, regardless of the family/ model/stepping that is enumerated due to virtualization of CPUID.
VMM Guidance for Non-Migratable and Migratable VMs
For non-migratable VMs, VMM software should enumerate MCDT_NO as 1 to a guest only if the host physical machine either enumerates MCDT_NO as 1 or a CPUID family/model/stepping that matches a processor documented to not exhibit MCDT behavior in the section Processors That Do Not Exhibit MCDT Behavior section.
For migratable VMs, VMM software should enumerate MCDT_NO as 1 only if every host physical machine that the VM may potentially migrate to either enumerates MCDT_NO as 1 or a CPUID family/model/stepping that matches a processor documented to not exhibit MCDT behavior in the Processors That Do Not Exhibit MCDT Behavior section.
Processors That May Exhibit MCDT Behavior
All Intel Core processors based on microarchitecture code named Skylake and later exhibit this behavior for at least one instruction from the list in the Example Instructions That May Exhibit MCDT Behavior section.
| Processor | Stepping (All unless otherwise noted) | Code Name (s) / Microarchitecture (s) | Product Family |
|---|---|---|---|
| 06_4EH | 3 | 1. Skylake Y 2. Skylake U 3. Skylake U23e |
6th Generation Intel® Core™ Processor Family |
| 06_55H | 3, 4 | 1. Skylake Server 2. Skylake D, Bakerville 3. Skylake W 4. Skylake X |
1. Intel® Xeon® Scalable processor family 2. Intel® Xeon® D processor family 3. Intel® Xeon® W processor family 4. Intel® Core™ X-series Processors |
| 06_55H | 6.7 | 1. Cascade Lake Server 2. Cascade Lake W 3. Cascade Lake X |
1. 2nd Generation Intel® Xeon® Scalable processor family 2. Intel® Xeon® W processor family 3. Intel® Core™ X-series Processor |
| 06_55H | <=B | Cooper Lake | 3rd Generation Intel® Xeon® Scalable processor family |
| 06_5EH | 3 | 1. Skylake Xeon E3 2. Skylake H 3. Skylake S |
1. Intel® Xeon® E processor family |
| 06_6AH | 4,5,6 | Ice Lake Xeon-SP | 3rd Gen Intel® Xeon® Scalable processor family |
| 06_6CH | 1 | Ice Lake D | Intel® Xeon® D Processor |
| 06_7EH | 5 | Ice Lake U,Y | 10th Generation Intel® Core™ Processor Family |
| 06_8AH | 1 | Lakefield B-step | Intel® Core™ Processors with Intel® Hybrid Technology |
| 06_8CH | 1,2 | Tiger Lake U Tiger Lake U Refresh Tiger Lake H35 |
11th Generation Intel® Core™ Processor Family |
| 06_8DH | 1 | Tiger Lake H | 11th Generation Intel® Core™ Processor Family Intel® Xeon® Processor Family |
| 06_8EH | 9 | 1. Amber Lake-Y 2. Kaby Lake U 3. Kaby Lake U23e 4. Kaby Lake Y |
1. 8th Generation Intel® Core™ Processor Family 2,3,4. 7th Generation Intel® Core™ Processor Family |
| 06_8EH | A | Coffee Lake U43e Kaby Lake Refresh U |
8th Generation Intel® Core™ Processor Family |
| 06_8EH | B,C | 1. Whiskey Lake U 2,3,4. Comet Lake U42 5. Amber Lake Y |
1. 8th Generation Intel® Core™ Processors 2. 10th Generation Intel® Core™ Processor Family 3. Intel® Pentium® Gold Processor Series 4. Intel® Celeron® Processor 5000 Series 5. 10th Generation Intel® Core™ Processor Family |
| 06_97H | 2, 5 | Alder Lake S | 12th Generation Intel® Core™ Processor Family |
| 06_9AH | 3 | 1. Alder Lake H 2. Alder Lake P |
1. 12th Generation Intel® Core™ Processor Family 2. 12th Generation Intel® Core™ Processor Family |
| 06_9AH | 4 | Alder Lake U | 12th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Family Intel® Celeron® Processor Family |
| 06_9EH | 9 | 1. Kaby Lake S 2. Kaby Lake H 3. Kaby Lake G 4. Kaby Lake X 5. Kaby Lake Xeon E3 |
1. 7th Generation Intel® Core™ Processor Family 2. 7th Generation Intel® Core™ Processor Family 3. 8th Generation Intel® Core™ Processor Family Intel® Pentium® Processor Family 4. Intel® Core™ X-series Processors 5. Intel® Xeon® E processor family |
| 06_9EH | A, B, C, D | 1. Coffee Lake H 2. Coffee Lake Xeon E 3. Coffee Lake S Xeon E 4. Coffee Lake S x/KBP 5. Coffee Lake S |
1. 8th Generation Intel® Core™ Processor Family 2. Intel® Xeon® E processor family 3. Intel® Xeon® E processor family 4. 8th Generation Intel® Core™ Processor Family 5. 8th Generation Intel® Core™ Processor Family |
| 06_A5H | 2, 3, 5 | 1. Comet Lake H 2. Comet Lake-S |
1, 2. 10th Generation Intel® Core™ Processor Family 1, 2. Intel® Xeon® W processor family |
| 06_A6H | <=1 | Comet Lake U62 | 10th Generation Intel® Core™ Processor Family Intel® Xeon® W processor family |
| 06_A7H | 1 | Rocket Lake | 11th Generation Intel® Core™ Processor Family Intel® Xeon® E-2300 processor family |
| 06_A8H | 1 | Rocket Lake | Intel® Xeon® W-1300 Processor Family |
- Note that a limited number of future processors which are not on the above list of affected processors, may also exhibit MCDT behavior. They will not enumerate MCDT_NO.
- Processors that may exhibit MCDT behavior include those based on microarchitectures code named Skylake server, Cascade Lake, Cooper Lake, Ice Lake server, Skylake, Kaby Lake, Coffee Lake, Whiskey Lake, Comet Lake, Ice Lake client, Lakefield, Tiger Lake, Rocket Lake, and Alder Lake.
- Processors that do not exhibit MCDT behavior include Intel Atom processors and Intel Core processors based on microarchitectures before Skylake.
Processors That Do Not Exhibit MCDT Behavior
Intel Core processors based on microarchitectures before Ice Lake and Intel Atom family processors based on microarchitectures before Gracemont do not exhibit MXCSR Dependent Timing behavior.
| Processor | Stepping (All unless otherwise noted) | Code Name (s) / Microarchitecture(s) | Product Family |
|---|---|---|---|
| 06_3FH | 2 | Haswell Server EP, EP4S | Intel® Xeon® E processor family |
| 06_3FH | 4 | Elkhart Lake (Tremont) | Intel® Xeon® E processor family |
| 06_4CH | Cherryview (Airmont) | Intel® Atom® Processor X Series | |
| 06_4FH | Broadwell Server E, EP, EP4S, EX | Intel® Xeon® E processor family | |
| 06_56H | 3 | Broadwell DE V2,V3 | Intel® Xeon® D processor family |
| 06_56H | 4 | Broadwell DE Y0 | Intel® Xeon® D processor family |
| 06_56H | 5 | Broadwell DE A1, Hewitt Lake (Broadwell DE) | Intel® Xeon® D processor family |
| 06_5AH | Anniedale (Airmont) | Intel® Atom® Processors | |
| 06_5CH | 9 | 1. Apollo Lake (Goldmont - no SGX) 2. Apollo Lake 3. Apollo Lake |
1. Intel® Pentium® Processor J Series Intel® Pentium® Processor N Series 2. Intel® Celeron® Processor J Series, Intel® Celeron® Processor N Series 3. Intel® Atom® Processor A Series |
| 06_5CH | A | Apollo Lake | Intel® Atom® Processor E3900 Series |
| 06_5FH | 1 | Denverton (Goldmont) | Intel® Atom® C processor family |
| 06_65H | XMM7272 (Airmont) | Intel® Atom® Processors | |
| 06_6EH | Cougar Mountain (Airmont) |
Intel® Puma™ 7 Family |
|
| 06_75H | Butter (Airmont) | Intel® Atom® Processors | |
| 06_7AH | 1 | Gemini Lake |
Intel® Pentium® Processor Silver Series |
| 06_7AH | 8 | Gemini Lake |
Intel® Celeron® Processor J Series |
| 06_86H | 4 | Snowridge (Tremont) | Intel® Atom® Processors |
| 06_86H | 5 (B step) | Snowridge (Tremont) | Intel® Xeon® D processor family |
| 06_86H | 7 (C step) | Snowridge (Tremont) | Intel® Xeon® D processor family |
| 06_8AH | 1 | Lakefield B-step (Tremont) | Intel® Core™ Processors with Intel® Hybrid Technology |
| 06_8AH | 1 | Lakefield B-step (Sunnycove) | Intel® Core™ Processors with Intel® Hybrid Technology |
| 06_96H | 1 | Elkhart Lake (Tremont) | Intel® Atom® Processors |
| 06_9CH | 0 | Jasper Lake (Tremont) | Intel® Atom® Processors |