it all sucks

https://groups.google.com/g/cap-talk/c/b5-Y8SDpGac

> For larger applications there doesn't tend to be much useful retained L1 I-cache or D-cache from one process to the next on the same CPU. The notable exception is the microkernel itself. If IPC is synchronous, it seems as if you can sometimes skip the D-cache flush if a long enough string has been transferred, because it has effectively been flushed by the copy operation and the state now in the D-cache is receiver state. I'm not clear how helpful that is in practical terms.

Northup says that most of the hardware people are throwing up their hands at the cost of cache flush and declaring that dedicated secret stores are the answer and us punk-ass software pukes will just have to do more work to protect our secrets. Unfortunately, there are enough applications where that works to make it seem like a viable approach, and it becomes a big game of marketing "chicken" for competitive performance benchmarks. At least for now, the incentives do not favor the more secure approach.