Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <F78521DA-08DC-424E-BBE1-231BC900CEE0@gmail.com>
Date: Tue, 19 May 2026 00:39:59 +0300
From: Ahmed Hassan <ahmaaaaadbntaaaaa@...il.com>
To: linux-kernel@...r.kernel.org
CC: linux-security-module@...r.kernel.org, linux-hardening@...r.kernel.org,
 kernel-hardening@...ts.openwall.com, linux-crypto@...r.kernel.org,
 linux-mm@...ck.org, linux-api@...r.kernel.org,
 linux-kselftest@...r.kernel.org
Subject: [RFC] TID v2.0: kernel module for cache-line zeroization against Flush+Reload (CLFLUSHOPT + LFENCE + REP STOSQ)

Hi kernel developers,

I am sharing TID (The Instant Destroyer) v2.0, a Linux kernel module
written in C that addresses a specific gap in existing security
libraries: none of them (libsodium, OpenSSL, glibc memzero_explicit)
flush CPU cache lines after memory zeroization.


== Problem ==

Standard zeroization functions (explicit_bzero, sodium_memzero,
OPENSSL_cleanse) prevent the compiler from eliding the wipe, but do
not evict CPU cache lines (L1/L2/L3). This leaves residual key
material measurable via Flush+Reload (Yarom & Falkner, 2014) after
data use ends.


== Approach: PROTECT+ZERO Protocol ==

TID combines three instructions in a single kernel module:

Phase 1 - PROTECT (before data use):
  LFENCE     <- close speculative execution window
  MFENCE     <- ensure all prior writes are complete

Phase 2 - ZERO (after data use):
  LFENCE     <- close speculation window
  REP STOSQ  <- compiler-resistant wipe
  CLFLUSHOPT <- evict all cache lines (L1/L2/L3)
  MFENCE     <- ensure eviction is complete
  LFENCE     <- close the far-side window

This follows directly the Intel Spectre Mitigation Guide (2018) and
AMD Speculative Execution Software Techniques (2018).


== Benchmark Results (AMD EPYC 9B14, Linux 6.14.11) ==

Without TID : attacker measures ~78 cycles  (Cache HIT)
With TID v2 : attacker measures ~286 cycles (Cache MISS)
Ratio       : 3.7x latency increase -- attack defeated

Physical lower bound confirmed:
  LFENCE (~40ns) + REP STOSQ (~50ns) + CLFLUSHOPT (~150ns)
  + MFENCE (~40ns) + LFENCE (~40ns) = ~320ns
  (measured: 290-372ns)


== What Distinguishes TID ==

No major security library implements CLFLUSHOPT post-wipe eviction.
TID is the only known kernel-module-level implementation of the
PROTECT+ZERO protocol.


== Known Limitations ==

- A 372ns window during data use remains (physical lower bound);
  v3.0 target via Intel CAT integration
- Requires same-machine attacker model (shared memory)
- Does not protect against cold-boot attacks
- Not a replacement for disk encryption


== Project Details ==

License  : AGPL-3.0
Hardware : AMD EPYC 9B14 (Zen 4), x86_64
Kernel   : Linux 6.14.11
DOI      : https://doi.org/10.5281/zenodo.17585929
GitHub   : https://github.com/ahmaaaaadbntaaaaa-byte/The-Instant-Destroyer

Comments and technical criticism are welcome.

Regards,
Ahmad Qasim Mohammad Hassan
Independent Hardware Security Researcher
ORCID: 0009-0001-4360-0802
Ahmed Hassan 
Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.