Thursday, March 15th 2018

Hardware-based Protection Coming to Data Center and PC Products Later this Year: Intel CEO

Intel CEO Brian Krzanich penned (or signed) a blog post today where we went on to describe all of the steps his company took after knowing of the disclosed vulnerabilities by Google Project Zero (which gave Intel more than 24H notice). In the blog post, he acknowledges there's still much work to be done, but assures customers of security's importance to Intel. For one, 73 days after the vulnerabilities were made public, Intel is now done with software mitigations: all of Intel's last five years worth of CPUs now have in production patches.

The CEO also vowed that hardware solutions will be deployed on newly produced Intel processors by the end of 2018 - these will hit the company's next iteration of Xeon scalable processors (Cascade Lake) and will be deployed to 8th Gen Coffee Lake processors as soon as the second half of this year. The blog post follows.
In addressing the vulnerabilities reported by Google Project Zero earlier this year, Intel and the technology industry have faced a significant challenge. Thousands of people across the industry have worked tirelessly to make sure we delivered on our collective priority: protecting customers and their data. I am humbled and thankful for the commitment and effort shown by so many people around the globe. And, I am reassured that when the need is great, companies - and even competitors - will work together to address that need.

But there is still work to do. The security landscape is constantly evolving and we know that there will always be new threats. This was the impetus for the Security-First Pledge I penned in January. Intel has a long history of focusing on security, and now, more than ever, we are committed to the principles I outlined in that pledge: customer-first urgency, transparent and timely communications, and ongoing security assurance.

Today, I want to provide several updates that show continued progress to fulfill that pledge. First, we have now released microcode updates for 100 percent of Intel products launched in the past five years that require protection against the side-channel method vulnerabilities discovered by Google. As part of this, I want to recognize and express my appreciation to all of the industry partners who worked closely with us to develop and test these updates, and make sure they were ready for production.

With these updates now available, I encourage everyone to make sure they are always keeping their systems up-to-date. It's one of the easiest ways to stay protected. I also want to take the opportunity to share more details of what we are doing at the hardware level to protect against these vulnerabilities in the future. This was something I committed to during our most recent earnings call.

While Variant 1 will continue to be addressed via software mitigations, we are making changes to our hardware design to further address the other two. We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3. Think of this partitioning as additional "protective walls" between applications and user privilege levels to create an obstacle for bad actors.

These changes will begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake) as well as 8th Generation Intel Core processors expected to ship in the second half of 2018. As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical. Our goal is to offer not only the best performance, but also the best secure performance.

But again, our work is not done. This is not a singular event; it is a long-term commitment. One that we take very seriously. Customer-first urgency, transparent and timely communications, and ongoing security assurance. This is our pledge and it's what you can count on from me, and from all of Intel.
Add your own comment

6 Comments on Hardware-based Protection Coming to Data Center and PC Products Later this Year: Intel CEO

#1
_JP_
"We learned from our mistakes and are not going to do them again. Promise."


....fine, whatever. Time will tell, damage's done.
Posted on Reply
#2
john_
So, is he buying back the shares that he sold, now that he is again confident in his company?

I also like the timing.
"Hey, we have hardware fixes, not like the other guys that had 24 whole hours to react and they failed to do so".
Posted on Reply
#3
lemonadesoda
Want to build customer goodwill? Produce a range of CPU drop-in replacements with all the fixes. One for each chipset/pinout over the last 5 years. You don't need to do a whole range of clock speeds or cores/threads. Just do an upper-average CPU as a drop-in replacement for older PCs. I don't mean dinosaur PCs, I mean 90% of PCs that are still in use. You have the production experience to know what a successful speed/clock bin ratio is in your modern fabs, so you choose the speed that can be manufactured quickly and cheaply. On a modern fab, a lower TDP would be a bonus too. Think green, power savings and therefore cost savings as your consumer goodwill generator. World Peace!

You can even charge them out at cost with a 20% profit margin if you like. Maybe even 33%, giving 13% to charities and good causes. They will still be much cheaper than replacing a whole system for most users, and squeezable into corporate budgets as a security measure. There are millions of computers out there that are not state-of-the-art high end machines, but production machines, workstations, and servers, that could really use a solid, guaranteed fix, not a software patch that could potentially be UNPATCHED ;)
Posted on Reply
#4
craigo
"lemonadesoda said:
Want to build customer goodwill? Produce a range of CPU drop-in replacements with all the fixes. One for each chipset/pinout over the last 5 years. You don't need to do a whole range of clock speeds or cores/threads. Just do an upper-average CPU as a drop-in replacement for older PCs. I don't mean dinosaur PCs, I mean 90% of PCs that are still in use. You have the production experience to know what a successful speed/clock bin ratio is in your modern fabs, so you choose the speed that can be manufactured quickly and cheaply. On a modern fab, a lower TDP would be a bonus too. Think green, power savings and therefore cost savings as your consumer goodwill generator. World Peace!

You can even charge them out at cost with a 20% profit margin if you like. Maybe even 33%, giving 13% to charities and good causes. They will still be much cheaper than replacing a whole system for most users, and squeezable into corporate budgets as a security measure. There are millions of computers out there that are not state-of-the-art high end machines, but production machines, workstations, and servers, that could really use a solid, guaranteed fix, not a software patch that could potentially be UNPATCHED ;)
Posted on Reply
#5
Assimilator
"lemonadesoda said:
Want to build customer goodwill? Produce a range of CPU drop-in replacements with all the fixes. One for each chipset/pinout over the last 5 years. You don't need to do a whole range of clock speeds or cores/threads. Just do an upper-average CPU as a drop-in replacement for older PCs. I don't mean dinosaur PCs, I mean 90% of PCs that are still in use. You have the production experience to know what a successful speed/clock bin ratio is in your modern fabs, so you choose the speed that can be manufactured quickly and cheaply. On a modern fab, a lower TDP would be a bonus too. Think green, power savings and therefore cost savings as your consumer goodwill generator. World Peace!

You can even charge them out at cost with a 20% profit margin if you like. Maybe even 33%, giving 13% to charities and good causes. They will still be much cheaper than replacing a whole system for most users, and squeezable into corporate budgets as a security measure. There are millions of computers out there that are not state-of-the-art high end machines, but production machines, workstations, and servers, that could really use a solid, guaranteed fix, not a software patch that could potentially be UNPATCHED ;)
Keep dreaming, buddy.
Posted on Reply
#6
dont whant to set it"'
I for one considering they'r ,in a three way versus of product prices , virtual endless R&D& experience, trend of positive stock share prices, the naive me thought such features where built in , ohh much to my anguish for my naivety when reading such news.

le: what a bunch of rookies.
2nd le: spelling
Posted on Reply