Who cares about Spectre and Meltdown in a game console or set top box? These are information disclosure vulnerabilities. What info are you going to "disclose" about the game I'm playing on a console? Especially if the game console is airgapped because I'm playing a single-player game from a cartridge or optical disk.

Do you think that they wrote the thing expressly for game console applications or perhaps they had a research idea and later found an application? Are we not talking about the same Inferno from Bell Labs?

Anyway I think I was describing a broader topic than Inferno. Eg. There was the singularity project at Microsoft that people spoke similarly about. Maybe Midori too? The latter may have moved away from the jit idea, there is some writing online about it that I have not read.

>Who cares about Spectre and Meltdown in a game console or set top box?

The business model of consoles is subsidized hardware, with the bulk of revenue coming from game licensing fees (per copy). These vulnerabilities would reduce the security of the consoles which would directly put that business model at risk (unlicensed games + piracy).

>Especially if the game console is airgapped because I'm playing a single-player game from a cartridge or optical disk.

Between 10% and 30% (depending on who you ask) exclusively play only online games. The number of mixed is harder to discern but significant. About 50 million people use xbox live, microsoft's paid online gaming service. Last year, over 80% of game sales were digital. The business and consumer landscape simply would not accept airgapping.

These consoles are often used for other entertainment and health applications. Many of them have cameras attached to them (I know, I know). They are tied into peoples' cloud accounts. They are used for web browsing. They are used to watch porn. People deserve privacy, I think we can all agree.

You, personally, may not be affected, but these are concerns that cannot be ignored, both by users and business.

"Security" in the context of a game console manufacturer means its users are unable to execute unlicensed code on it. So if Spectre or Meltdown are a concern, the system has already been compromised. It's not another layer on the onion, the onion is already gone. Security on a console is like a safe that contains the key to your Bitcoin wallet and the combination to the safe.

Usually there's SOC that manages IO, and the ROM contains a key/publisher cert. To run code on the main CPU, the SOC has to bless it. No code other than what's on the SOC's EEPROM can run on the EEPROM. And flashing the EEPROM requires the manufacturer's key; you load a potential image into the SOC's RAM, it verifies the image, it flashes the image.

Getting unlicensed code to run on modern consoles is generally more difficult than jailbreaking an iPhone. And even if you get your code to run by tapping the bus or whatever, there's no data in main memory that's worth stealing, nothing that could help you get a persistent break or anything. The valuable data lives in the SOC.

Preventing Spectre/Meltdown is less important than the extra 2-4% performance.

Today's consoles have web browsers. So if it runs javascript, spectre and meltdown are a concern.

> Getting unlicensed code to run on modern consoles is generally more difficult than jailbreaking an iPhone.

I think they're of similar difficulty.