Intel Publishes Spectre & Meltdown Hardware Plans: Fixed Gear Later This Yearby Ryan Smith on March 15, 2018 10:00 AM EST
Since the public revelation of the Meltdown and Spectre CPU vulnerabilities early this year, Intel has spent virtually the entire time in a reactionary mode, starting from the moment the vulnerabilities were revealed ahead of schedule. Since then the company has been making progress, albeit not without some significant steps backwards such as faulty microcode updates. However in recent weeks the company finally seems to be turning a corner on their most pressing issues, and this morning is releasing a more forward-looking update to their security issues.
Jumping straight to what AnandTech readers will consider the biggest news, Intel is finally talking a bit about future hardware. Intel is announcing that they have developed hardware fixes for both the Meltdown and Spectre v2 vulnerabilities, which in turn will be implemented into future processors. Both the next version of Intel’s Xeon server/HEDT platform – Cascade Lake – as well as new 8th gen Core processors set to ship in the second half of this year will include the mitigations.
For those not up to date with their Intel codenames, Cascade Lake is the 14nm refresh of Intel’s current Skylake-E/X family. Little official information is available about Cascade Lake, but importantly for datacenter vendors, this lays out a clear timetable for when they can expect to have access to Meltdown and Spectre-hardened silicon for use in new virtual machine servers. Given that virtual machine hosts were among those at the greatest risk here – and more impacted by the performance regressions of the software Meltdown mitigations – this is understandably most crucial market for Intel to address.
Meanwhile for updating Intel’s consumer chips, this is a bit more nebulous. While Intel hasn’t shared the complete text of their announcement with us ahead of press time, their specific wording is that the changes will be included in 8th gen Core processors “expected to ship in the second half of 2018.” Intel hasn’t said what processor family these are (e.g. Cannon Lake?), or for that matter whether these are even going to be traditional consumer chips or just the Core HEDT releases of Cascade Lake. So there is a lot of uncertainty here over just what this will entail. In the interim we have reached out to Intel about how consumers will be able to identify post-mitigation chips, and while we’re still waiting on a more complete response, Intel has told us that they want to be transparent about the matter.
As for the hardware changes themselves, it’s important to note that Intel’s changes only mitigate Meltdown (what Intel calls “variant 3”) and Spectre variant 2. In both cases the company has mitigated the vulnerabilities through a new partitioning system that improves both process and privilege-level separation, going with a “protective walls” analogy.
|Intel's Meltdown & Spectre Hardware Mitigations Plans (2018)|
|Spectre variant 1 (bounds check bypass)||Software|
|Spectre variant 2 (branch target injection)||Hardware|
Unfortunately these hardware changes won’t mitigate Spectre variant 1. And admittedly, I haven’t been expecting Intel (or anyone else) to figure that one out in 2018. The best mitigations for Spectre v1 will remain developer-focused software techniques that avoid putting sensitive data at risk.
The catch is that the more worrying risk with Spectre has always been the v1 variant, as the attack works against rather fundamental principles of speculative out-of-order execution. Which has been why the initial research on the vulnerability class noted that researchers weren’t sure they completely understood the full depth of the issue at the time. And indeed, it seems like the industry as a whole is still trying to fully understand the matter. The one silver lining here is that Spectre v1 can only be used against same-level processes and not admin-level processes. Which is to say that it can still be used for plenty of naughtiness with user data in other user-level applications, but can’t reach into more secure processes.
Moving on, for Intel’s current processors the company has updated their guidance for releasing the mitigation microcode updates. As of last week, the company has released production microcode updates for all of their products released in the last 5 years. In fact on the Core architecture side it goes even farther than that; Intel has now released microcode updates for all 2nd gen Core (Sandy Bridge) and newer processors, including their Xeon and HEDT variants. There are some outstanding questions here on how these updates will be delivered, as it seems unlikely that manufacturers will release BIOS updates for motherboards going back quite that far, but judging from how Intel and Microsoft have cooperated thus far, I’d expect to see these microcode updates also released to Windows Update in some fashion.
Finally, Intel will also be going even further back with their microcode updates. Their latest schedule calls for processors as old as the Core 2 lineup to get updates, including the 1st gen Core processors (Nehalem/Gulftown/Westmere/Lynnfield/Clarksfield/Bloomfield/Arrandale/Clarkdale), and the 45nm Core 2 processors (Penryn/Yorkfield/Wolfdale/Hapertown). This would cover most Intel processors going back to late 2007 or so. It’s worth noting that the 65nm Core 2 processors (Conroe, etc) are not on this list, but then the later Core 2 processors weren’t on the list either at one point.
|Intel's Core Architecture Meltdown & Spectre v2 Mitigations|
|Penryn||45nm Core 2||Microcode Planning|
|Sandy Bridge||2nd||Microcode Released|
|Ivy Bridge||3rd||Microcode Released|
|Kaby Lake||7th||Microcode Released|
|Coffee Lake||8th||Microcode Released|
|H2'2018 Core (Cannon Lake?)||8th||Hardware Immune|
|Cascade Lake||X||Hardware Immune|
Update: Intel has also released a video to go with their announcement, in case you like your information in a visual form.
Post Your CommentPlease log in or sign up to comment.
View All Comments
Drazick - Thursday, March 15, 2018 - linkWhat we really need is a report of the performance hit of each solution.
Anandtech, could you make such a report?
Drazick - Thursday, March 15, 2018 - linkThe idea is only things which hurt performance substantially should be solved in Hardware while the rest are OK to be solved in Software.
iter - Thursday, March 15, 2018 - linkThe reason the problem exists in the first place was that intel took shortcuts for the sake of improving performance. Which means that both mitigation and hardware fixing will involve loss of that advantage. Mitigation in hardware will definitely take less of a hit, but will unavoidably remove the advantage that created the issue.
edzieba - Thursday, March 15, 2018 - link"The reason the problem exists in the first place was that intel took shortcuts for the sake of improving performance."
If by 'took shortcuts' you mean 'the same shortcuts taken by everyone implementing Speculative Execution' (including AMD, ARM, IBM, etc). Spectre is a fundamentally new class of attack that everyone implementing SE is vulnerable to.
lmcd - Thursday, March 15, 2018 - linkWould assume he's referring to the meltdown patches, which were Intel-specific (and supposedly the ARM A75 or something).
Ryan Smith - Thursday, March 15, 2018 - linkFor reference, the official tally right now is Intel Core, Arm Cortex A75, Apple 64bit ARM cores, and IBM POWER.
Samus - Thursday, March 15, 2018 - linkAMD's approach to speculative execution had integrity checks.
Drazick - Thursday, March 15, 2018 - linkHere is a plan:
1. Check performance without mitigation.
2. Check performance with software based mitigation.
3. Spot mitigations which hurt performance significantly.
4. Fix those of (3) in Hardware.
5. Fix those not in (3) in software.
Alexvrb - Friday, March 16, 2018 - linkThat's basically what they're doing, but if you believe their marketing they make it sound like all SE attacks are completely solved at a hardware level with zero performance hit, which seems pretty unlikely. Even hardware based mitigation could hinder performance slightly and be vulnerable to future SE exploits. The performance aspect won't really matter because it will be far more than offset by IPC increases alone.
Anyway the biggest impact of the patches is on pre-Broadwell architectures.
Ryan Smith - Thursday, March 15, 2018 - link"Anandtech, could you make such a report?"
It's in the cards. We've just been waiting on microcode updates that have finally been delivered.=)