I have written about how Amazon’s Graviton4 CPU is starting to out-perform x86 offerings from Intel and AMD. Now there is yet another front that should worry Intel and AMD: security.

Like many custom chip designs coming from Apple, Google, and Amazon, Graviton4 is an ARM-based architecture. While AMD, Intel, and some other chip designers have struggled with the various forms of Spectre and Meltdown attacks, new designs are defending against them at their hearts.

ARM8.5-A and subsequent security extensions have been slowly, but steadily being introduced to combat the vulnerabilities found in classic chip designs. These features include things like Branch Target Identification to avoid branch prediction and speculative execution attacks. Memory addresses can be accessed only if they have been marked as valid for that execution prediction. Pointer Authentication adds a cryptographic signature to authenticate memory pointers and prevents data alteration. All data sent across high-speed hardware interfaces such as Graviton memory and AWS Nitro cards is encrypted to prevent man-in-the-middle attacks. All of this is enabled by default for customers that use Amazon Linux 2023.

“Many people told me it was impossible to build a chip that could compete with the x86 CPUs and didn’t use the x86 architecture,” Ali Saidi, senior principal engineer at AWS, said in an interview published by Amazon’s A to Z blog. “But 25 years ago, x86 wasn’t the dominant architecture. The innovation and economies of scale of the PC drove success in other areas like servers. Since it happened before, I knew it could happen again.”