undefined | Better HN

0 pointsknorker5y ago0 comments

That doesn't help if the memory is corrupted before the verification code is applied. (the code will simply put a signature on incorrect data)

Or after it's been checked. (time-of-check vs time-of-use)

0 comments

MaxBarraclough5y ago

Right, exactly. TCP protects us from data-corruption in network streams, and ECC protects us from data-corruption in RAM. I doubt any sort of software solution could practically compete against hardware ECC, even if it could be done it would presumably be disastrous for performance.

knorkerOP5y ago

The best integrity checking is "end to end". The problem with non-ECC is that there are no "ends" that are trustworthy.

I guess in theory some software could produce signed data in CPU cache, and "commit" it to RAM as a verified block.

But the overhead would be enormous. Would you slow down your CPU by half in order to not pay 12.5% more for RAM?

Hmm, I wonder what SGX and similar do about this.

j / k navigate · click thread line to collapse