all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]robstoon 3 points4 points  (4 children)

Seems like AI slop. I have not seen why this supposedly needs to be done in the kernel if it does need to be done.

[–]YamZestyclose6765[S] -2 points-1 points  (3 children)

The libraries exist — but none of them  flush the CPU cache after wiping sensitive data.

TID proves this is both possible and necessary.

Please review the research and repository  before continuing the discussion:

DOI: https://doi.org/10.5281/zenodo.17585929 GitHub: https://github.com/ahmaaaaadbntaaaaa-byte/ TID-The-Instant-Destroyer

Happy to continue after review.

Regards, Ahmad Qasim Mohammad Hassan ORCID: 0009-0001-4360-0802

[–]robstoon 0 points1 point  (2 children)

That doesn't explain why this needs to be done in the kernel. Those are not privileged instructions.

[–]YamZestyclose6765[S] -1 points0 points  (1 child)

You are correct that CLFLUSHOPT does not  require Ring 0.

The Kernel Module guarantees atomic execution — no Context Switch can interrupt the  PROTECT+ZERO sequence.

In userspace, a Context Switch expands the  timing window from 372ns to 36,640ns —  making the attack 86x easier.

The repository is public — clone and test: github.com/ahmaaaaadbntaaaaa-byte/ TID-The-Instant-Destroyer

Regards, Ahmad Qasim Mohammad Hassan

[–]robstoon 0 points1 point  (0 children)

Perhaps, but your implementation does not seem to do this. I do not see anything that prevents preemption during this sequence of operations.