[monocasa]

With Spectre, malicious processea doesn't need to have code execution cross a SIP boundary in order to break confidentiality of other colocated SIPs. As a malicious SIP, I can just read out the rest of the hardware visible context.

[MrZipf]

How does the hardware visible context get suitably updated if the confidential data in the other SIP isn't touched by execution (speculative or otherwise)? Doesn't something need to be pulling that state into the visible context?

[monocasa]

As far as the hardware is concerned, the confidential information in the other SIP is already visible.

[MrZipf]

This was stupid comment, long day. Totally looking at this the wrong way.