On Hacker News
To study how chips work, MIT researchers built their own operating system
Read the full article on news.mit.edu ↗178
points
23
comments
2
notable voices
The 5-second version
- MIT researchers developed Fractal, a bare-metal kernel designed specifically for studying processor internals with minimal noise and precise control over privilege levels.
- Fractal introduces 'outer kernel threads' that execute with kernel privileges inside user process memory, enabling multi-privilege concurrency experiments.
- Using Fractal on Apple's M1 revealed that CSV2 protection blocks execute-stage speculation across privilege boundaries but still allows observable cache fetches.
- Fractal provided the first evidence that Phantom speculation—a class of misprediction where ordinary instructions trigger branch-like behavior—affects Apple Silicon.
- An earlier finding about M1's conditional branch predictor having partial privilege isolation was overturned; Fractal showed no isolation exists on either core type, with prior results likely caused by macOS thread migration.
Top voices
Verbatim comments from the thread's most notable / highest-karma participants.
I assume the idea is that finding tools and assembling other projects together into a build environment is comparatively easy but papering over entire components being missing is much harderRead on HN ↗
At the risk of sounding extremely dumb, I have a question for you: if the hardware is susceptible to something that you can't actually reproduce with the software everyone runs on it, who should care, and why? Is it even really fair to call it a vulnerability at that point? Is the idea that this is supposed to help identify a different mechanism of exploiting the vulnerabilities with the shipped OS too? To give an analogy, it almost feels like removing the protection circuitry from a Li-Ion bat…Read on HN ↗
bell-cot13k karma
> When security researchers want to understand what a modern processor is really doing with the kind of detail that determines whether attacks like Spectre and Meltdown are possible, they usually run their experiments on top of an operating system that was never built for the job. They open up macOS or Linux, patch the kernel by hand, and hope the modifications hold. The approach is unstable, hard to reproduce, and on Apple’s platforms, slated for deprecation. > A team at MIT’s Computer Scienc…Read on HN ↗
The paper's reference to https://github.com/blacktop/darwin-xnu-build does not support the statement made by the paper. It's not redaction or obfuscation that makes building XNU difficult. It's having the right toolchain; modifying makefiles and code to accommodate a slightly different toolchain; and needing a load of extra stuff that isn't pre-supplied with XNU. A lot of the patches and issues there are about compiler differences, language standard differences, and plain missing stuff. This…Read on HN ↗