From owner-freebsd-security@freebsd.org  Thu Jan  4 20:26:54 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 006B9EB48EF
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu,  4 Jan 2018 20:26:54 +0000 (UTC)
 (envelope-from cranix@hackerspace.pl)
Received: from hackerspace.pl (hackerspace.pl [178.33.49.173])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C2FFC7F8B4
 for <freebsd-security@freebsd.org>; Thu,  4 Jan 2018 20:26:53 +0000 (UTC)
 (envelope-from cranix@hackerspace.pl)
Received: from cranix by hackerspace.pl with local (Exim 4.90)
 (envelope-from <cranix@hackerspace.pl>) id 1eXC6E-0008PK-He
 for freebsd-security@freebsd.org; Thu, 04 Jan 2018 21:26:50 +0100
Date: Thu, 4 Jan 2018 21:26:50 +0100
From: Cranix <cranix@hackerspace.pl>
To: freebsd-security@freebsd.org
Subject: Re: Potential band-aid for Meltdown
Message-ID: <20180104202650.GA32171@hackerspace.pl>
References: <30300a34-d0d9-efbf-c9b3-6375703f65a0@metricspace.net>
 <599c8fe0-3745-2fa8-4bd6-d89f061f29f4@sentex.net>
 <b117d7af-868f-3a7a-a84b-7b9f45bce464@metricspace.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <b117d7af-868f-3a7a-a84b-7b9f45bce464@metricspace.net>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jan 2018 20:26:54 -0000

How about smartcards?
J3A081 costs $10 on javacardsdk.com, both
contact less and wired connections, readers if not
built in into laptop are generally cheap.

There are also a few tools like GlobalPlatformPro
that help when developing things for javacards.
Basicly You have some java and prepared ant, then
You just call ant and have everything working.
I had to quickly set up this enviroment few months ago
and it was painless experience.

Question is about performance but anyway we need secure storage.
Some cortex (propably m) microcontrollers have secure storage of keys,
this is also a thing to consider.

Trusting vendor is other thing but everybody has to anser this question
by himself.
-- 
Cranix