Friday, January 26th 2018

Intel Processors to Have "In-silicon" Fixes to Meltdown and Spectre This Year

Intel, which benefited from the post-Q4 public-disclosure of Meltdown and Spectre vulnerabilities in its latest results, is hoping to mitigate its fallout on Q1-2018. The company, along with several other CPU designers, such as AMD and ARM, are firefighting the two devastating security vulnerabilities through OS kernel patches and CPU micro-code updates; which come at a slight expense of performance. In a bid to unnerve investors, company CEO Brian Krzanich announced that Intel is working on "in-silicon" fixes to Meltdown and Spectre.

An "in-silicon" fix would entail a major CPU micro-architecture design that's inherently immune to the two vulnerabilities and yet offers the benefits of modern branch-prediction and speculative execution. Krzanich says processors with in-silicon fixes to the two vulnerabilities will be released to market by the end of 2018.
Source: Tom's Hardware
Add your own comment

47 Comments on Intel Processors to Have "In-silicon" Fixes to Meltdown and Spectre This Year

#1
Upgrayedd
Would really like to see something great come of this. Just hope they don't bork it like they did with the recent software updates.
Posted on Reply
#2
R-T-B
"Upgrayedd said:
Would really like to see something great come of this. Just hope they don't bork it like they did with the recent software updates.
The meltdown patch (where most of the performance was supposedly lost) was fine, at least as far as bugs are concerned. Their spectre microcode was pretty borked however, that is for certain.
Posted on Reply
#3
R0H1T
Would love to see how this pans out, a major fix in hardware could take anywhere between a year or two to implement - from the time it was first disclosed. If their hardware fixes actually work, not like the current (software) hackjob, then this could open them up for even more lawsuits. Since the first KASLR PoC was demonstrated back in 2016, it's possible that Intel sat on meltdown for even longer than what some of us are led to believe.
Posted on Reply
#4
Zyll Goliath
How convenient.....now when we reach the peak of the Ghz Speed suddenly spectre&meltdown shows up to slow us down....but hey our "Saviors"prepared for us special "in-silicon" fix on their NEW-LATEST&GREATEST architecture FOR ONLY:...............$

Posted on Reply
#5
londiste
Would really love to have a direct quote or statement from Intel about this. I suspect Krzanich had much more careful wording on this than what Tom's is using. I would not count on Intel having CPUs that are fixed as such for Meltdown and Spectre. Hoping, but not counting on that.
Posted on Reply
#6
john_
And so they created (AMT, ME, Spectre, Meltdown vulnerabilities) the necessity to so many people happy with their Sandy, Ivy, Hasswell, Broadwell, Skylake, Kaby lake, Coffe Lake, to upgrade first thing next Christmas to the new Secure Lake processors.
Posted on Reply
#7
kastriot
So all of this it's conspiracy theory about making more money from suckers like us :)
Posted on Reply
#8
john_
"kastriot said:
So all of this it's conspiracy theory about making more money from suckers like us :)
You can't say it is not. I mean, for years Intel processors where super secure and in a period of 6-8 months they found half a dozen pretty serious security problems? Where they sleeping all those years and woke up last summer? Didn't had the necessary stuff before to check? Didn't had the tools to check?
Posted on Reply
#9
Zyll Goliath
"kastriot said:
So all of this it's conspiracy theory about making more money from suckers like us :)
Well if it is It's certainly not the first or the last one that happened on this "Rock"........:D
Posted on Reply
#10
R-T-B
"john_ said:
You can't say it is not.
I think the Google Project Zero researchers can pretty dang easily.

This is hurting Intel's image more than helping it in the enterprise space (where the most money is made) as well. Many of those customers might be taking a look at otherwise dead in the water EPYC.

As a conspiracy theory, it's pretty awful.
Posted on Reply
#11
StrayKAT
I honestly think Intel simply screwed up. No conspiracy. I mean, good will is worth as much as hard cash too. It's one thing to screw peon consumers, but not huge vendors and partners.
Posted on Reply
#12
londiste
"john_ said:
You can't say it is not. I mean, for years Intel processors where super secure and in a period of 6-8 months they found half a dozen pretty serious security problems? Where they sleeping all those years and woke up last summer? Didn't had the necessary stuff before to check? Didn't had the tools to check?
Actually, researchers have not been sleeping and security issues come up every once in a while. Not as serious as the current ones but still.
The research on current issues started far longer ago than 6-8 months.
They did not have necessary stuff before to check, mainly know-how (in case of Meltdown and Spectre, necessary details on microarchitectural behaviour of Intel's branch predictor and speculative execution).
They did not always have tools (as an example, one of the methods used in research Flush+Reload is from 2013).

Intel has more know-how but they also have a different perspective on things and I do not mean it in the way they are not interested in plugging up every security problem they find. No doubt they do exactly that for a lot of them. There is a significant amount of people poking at CPUs (among other things) trying to find a hole, a malfunction, a vulnerability. Different approach, often lacking specific knowledge of how things work, poking at a black box, can yield intererting results and ideas that you would not get when looking at a known piece of technology.
Posted on Reply
#13
Legacy-ZA
"Zyll Goliath said:
How convenient.....now when we reach the peak of the Ghz Speed suddenly spectre&meltdown shows up to slow us down....but hey our "Saviors"prepared for us special "in-silicon" fix on their NEW &LATEST architecture FOR ONLY:...............$


I couldn't agree more; if the chip makers were truly sincere, they would do recalls and replace their flawed CPU's, I don't care if it will cost them billions, they are the ones that screwed up and should pay for it. Of course this won't be doable for all their CPU lineups, as some of them are no longer manufactured and have been discontinued, If I am not mistaken, that means only the 4000 series and up would be eligible.
Posted on Reply
#14
R-T-B
"Legacy-ZA said:
I couldn't agree more; if the chip makers were truly sincere, they would do recalls and replace their flawed CPU's, I don't care if it will cost them billions, they are the ones that screwed up and should pay for it. Of course this won't be doable for all their CPU lineups, as some of them are no longer manufactured and have been discontinued, If I am not mistaken, that means only the 4000 series and up would be eligible.
That would require a fundemental redesign of the affected cpus.

Also, the 6000 series is being phased out of manufacturing. Hoping for the 4000 series which is long out of warranty by all standards is just silly.
Posted on Reply
#15
bug
"londiste said:
Would really love to have a direct quote or statement from Intel about this. I suspect Krzanich had much more careful wording on this than what Tom's is using. I would not count on Intel having CPUs that are fixed as such for Meltdown and Spectre. Hoping, but not counting on that.
They were preparing Ice Lake for this year anyway. Since that was in the works, I would have been really surprised if it didn't take care of these vulnerabilities from their roots. The next AMD CPU will follow suit. Maybe not the Ryzen refresh, but certainly Ryzen 2.
Posted on Reply
#16
john_
"R-T-B said:
I think the Google Project Zero researchers can pretty dang easily.

This is hurting Intel's image more than helping it in the enterprise space (where the most money is made) as well. Many of those customers might be taking a look at otherwise dead in the water EPYC.

As a conspiracy theory, it's pretty awful.
I wouldn't say it will cost them more than what they will gain in the end. AMD is not exactly at the same level of Intel. It can't cover all the demand for server CPUs, EPYC are pretty good chips, but not better than Intel. ARM is also not exactly exploding in the server market. People building servers aren't going to throw Intel chips and software that are used to for years and turn to AMD and ARM so easily. I would love to see something like that, but it wouldn't happen. No IT guy will play his job in the roulette of going EPYC and having to face any bad news about EPYC in the future. With Intel things are easier to explain "Boss, I used the best processors from the best company that everyone is using".

Intel holds 99% of the server market. Even if it was losing 9% because of EPYC and Meltdown, the 90% that would stay with them, will be forced to update sooner rather than latter. So Intel will gain much more money from that 90%, compared to what would make from a 99% that doesn't feel the need to rush any update. Also Intel does have the stuff and money to create a new line of processors that are truly the most secured in the market. So a NEW Intel image will be created super fast in the end of this year, an image that will look even better compared to that OLD Intel image that was hit by Spectre and especially Meltdown. Meaning MORE sales.
Posted on Reply
#17
iO
This is just a minor band-aid to mitigate the performance impact of their crappy software fix.
A real, actual fix for both Meltdown and especially Spectre cant realistically be expected before 2021.
Posted on Reply
#18
Legacy-ZA
"R-T-B said:
That would require a fundemental redesign of the affected cpus.

Also, the 6000 series is being phased out of manufacturing. Hoping for the 4000 series which is long out of warranty by all standards is just silly.
If they are no longer manufactured then they should recall them and get them off the shelves.
Posted on Reply
#19
bug
"iO said:
This is just a minor band-aid to mitigate the performance impact of their crappy software fix.
A real, actual fix for both Meltdown and especially Spectre cant realistically be expected before 2021.
Because?
Posted on Reply
#20
R-T-B
"Legacy-ZA said:
If they are no longer manufactured then they should recall them and get them off the shelves.
When they can do a software fix? Why?

Meltdown has been fixed fine. It hurts performance but it works. Spectre effects all modern speculative CPUs. Are you seriously suggesting we recall all present high-performance CPUs?

"bug said:
Because?
Cause that's when the world ends. No CPU = no problem... yay!
Posted on Reply
#21
iO
"bug said:
Because?
Former Intel employee on twitter:
[MEDIA=twitter]949370010652196864[/MEDIA]

It takes months and years of development, revisions, steppings, validations etc to make sure new hardware works as expected while not introducing new bugs or compatibility issues with existing code.

No way they are that fast putting something in sillicon while they cant get their "rather simple" micro code fix to work properly...
Posted on Reply
#22
bug
"iO said:
Former Intel employee on twitter:
[MEDIA=twitter]949370010652196864[/MEDIA]

It takes months and years of development, revisions, steppings, validations etc to make sure new hardware works as expected while not introducing new bugs or compatibility issues with existing code.

No way they are that fast putting something in sillicon while they cant get their "rather simple" micro code fix to work properly...
Believe what you want, but they already had like 9 months to bake this into Ice Lake. Which in turn is 9-12 months from release.
Posted on Reply
#23
mastrdrver
"bug said:
Believe what you want, but they already had like 9 months to bake this into Ice Lake. Which in turn is 9-12 months from release.
Believe what you want, but Intel has a history of being shitty when it comes to doing what they should do. Just look at the recent problem with the Linux patch for evidence.
Posted on Reply
#25
iO
"bug said:
Believe what you want, but they already had like 9 months to bake this into Ice Lake. Which in turn is 9-12 months from release.
Not really. Researchers found some side channel attacks and reported it in June which lead to the KAISER patch. That patch made so much waves in the linux dev community that they looked further into it and discovered Meltdown. That was in September.

Fixing it requires massive and fundamental changes which maybe has Sapphire Rapids but definitely not a Lake based arch.
Posted on Reply
Add your own comment