I’m not at all convinced that Rowhammer and its legions of derivative attacks have been properly solved in general. A quick search of this forum has only reinforced that hypothesis.
It would be nice if we had a way (most likely in the firmware configuration) to underclock the DRAM by so-many percent (or even “a little” vs “not at all”) because Intel’s latest mobile CPUs don’t seem to support ECC (and haven’t for a long time).
The tradeoff between error rate and DRAM speed isn’t straightforward and surely varies by brand, SKU, and die lot, but better this than nothing. At best, errors decay exponentially with frequency, and in reality, probably as an inverse power law, which is pretty good news either way. It’s not about eliminating the possibility. It’s about making it so rare that an attacker can no longer induce bit flips under the time constraints of continuous attack. Fortunately, for that matter, multiprocessing doesn’t help much because such attacks are by definition memory-bound, so there’s no reason to restrict core counts.
Yes, some DRAM vendors have built mitigations into their hardware, but mitigations aren’t rigorous, by definition. Relying on physics instead of engineering would seem more robust.
Ironically, this slow-clock strategy might even increase performance per dollar because future models could use the cheapest garbage DRAM available, then underclock it a bit and end up with a secure solution that’s still admirably performant – as opposed to paying top dollar for mystical “Rowhammer mitigated” memory that runs at top frequency. (I don’t know Purism’s current vendor selection strategy in this regard, but I think it’s worth considering the tradeoffs here.)
Clearly the success of this strategy depends in part on the granularity with which one might downgrade the DRAM. Hopefully we could go from, say, 3.2 to 3.1 GHz, as opposed to 1.6 GHz.
I must emphasize that I’m not in favor of memory tests at boot time. They would accomplish little by way of detecting the vast array of possible runtime failures under thermal stress. They do, however, succeed in wasting an awful lot of time, which is why they had mostly died out many years ago.