Why the Raspberry Pi's immune to the Meltdown and Spectre bugs

While the Meltdown and Spectre CPU flaws have caused widespread security issues for expensive, high-end computers using Intel, ARM and AMD chips, there's one processor that remains blissfully unaffected - the humble Raspberry Pi.

The $35 microcomputer (as well as all of its variants) is not vulnerable to the recently discovered bugsbecause the CPU it uses does not utilise out-of-order processing, the Raspberry Pi Foundation revealed last Friday.

Meltdown and Spectre allow attackers to read data from locations in a chip system kernel's address space and current address space respectively, exploiting flaws in the way CPUs employ caching and speculative execution.

"Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly," Raspberry Pi founder Eben Upton explained in a blog post, "while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve."

"Meltdown and Spectre are examples of what happens when we reason about security in the context of that abstraction, and then encounter minor discrepancies between the abstraction and reality. The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort."

So while your top-of-the-range work device might be vulnerable to hackers, your garage Pi project remains happily safe from the threat.

Researchers have noted that while newer and more powerful machines are rendered vulnerable by this bug, older 'obsolete' machines remain secure. As an experiment, engineer and NUS School of Computing graduate Yeo Kheng Meng managed to get a modern Linux distro running on a 25-year-old IBM PC from 1993 - an x86 machine that isn't vulnerable to Meltdown or Spectre due to the fact that it doesn't support out-of-order processing.

Adam Shepherd

Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.

Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.

You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.