1. 5
  1. 3

    This clearly demonstrates that kernel compromises are out of scope for this. It means that the threat model is probably only code that can mount side-channel attacks on the kernel to leak data but can’t mount side-channel attacks on userspace code to leak data. I guess you can compose this with a model (such as that encouraged by libsodium) where secrets are mapped no-access except when actually in use, limiting the window during which side channels can be exploited. I’m still struggling a bit to understand the threat model in which this is in the to twenty easiest attacks though.