Intel Processors to Have "In-silicon" Fixes to Meltdown and Spectre This Year

[btarunr]

Intel, which benefited from the post-Q4 public-disclosure of Meltdown and Spectre vulnerabilities in its latest results, is hoping to mitigate its fallout on Q1-2018. The company, along with several other CPU designers, such as AMD and ARM, are firefighting the two devastating security vulnerabilities through OS kernel patches and CPU micro-code updates; which come at a slight expense of performance. In a bid to unnerve investors, company CEO Brian Krzanich announced that Intel is working on "in-silicon" fixes to Meltdown and Spectre.

An "in-silicon" fix would entail a major CPU micro-architecture design that's inherently immune to the two vulnerabilities and yet offers the benefits of modern branch-prediction and speculative execution. Krzanich says processors with in-silicon fixes to the two vulnerabilities will be released to market by the end of 2018.



View at TechPowerUp Main Site

 

[Upgrayedd]

Would really like to see something great come of this. Just hope they don't bork it like they did with the recent software updates.

 

[R-T-B]

Would really like to see something great come of this. Just hope they don't bork it like they did with the recent software updates.

The meltdown patch (where most of the performance was supposedly lost) was fine, at least as far as bugs are concerned. Their spectre microcode was pretty borked however, that is for certain.

 

[R0H1T]

Would love to see how this pans out, a major fix in hardware could take anywhere between a year or two to implement - from the time it was first disclosed. If their hardware fixes actually work, not like the current (software) hackjob, then this could open them up for even more lawsuits. Since the first KASLR PoC was demonstrated back in 2016, it's possible that Intel sat on meltdown for even longer than what some of us are led to believe.

 

[Zyll Goliat]

How convenient.....now when we reach the peak of the Ghz Speed suddenly spectre&meltdown shows up to slow us down....but hey our "Saviors"prepared for us special "in-silicon" fix on their NEW-LATEST&GREATEST architecture FOR ONLY:...............$

 

[londiste]

Would really love to have a direct quote or statement from Intel about this. I suspect Krzanich had much more careful wording on this than what Tom's is using. I would not count on Intel having CPUs that are fixed as such for Meltdown and Spectre. Hoping, but not counting on that.

 

[john_]

And so they created (AMT, ME, Spectre, Meltdown vulnerabilities) the necessity to so many people happy with their Sandy, Ivy, Hasswell, Broadwell, Skylake, Kaby lake, Coffe Lake, to upgrade first thing next Christmas to the new Secure Lake processors.

 

[kastriot]

So all of this it's conspiracy theory about making more money from suckers like us

 

[john_]

So all of this it's conspiracy theory about making more money from suckers like us

You can't say it is not. I mean, for years Intel processors where super secure and in a period of 6-8 months they found half a dozen pretty serious security problems? Where they sleeping all those years and woke up last summer? Didn't had the necessary stuff before to check? Didn't had the tools to check?

 

[Zyll Goliat]

So all of this it's conspiracy theory about making more money from suckers like us

Well if it is It's certainly not the first or the last one that happened on this "Rock"........

 

[R-T-B]

You can't say it is not.

I think the Google Project Zero researchers can pretty dang easily.

This is hurting Intel's image more than helping it in the enterprise space (where the most money is made) as well. Many of those customers might be taking a look at otherwise dead in the water EPYC.

As a conspiracy theory, it's pretty awful.

 

[StrayKAT]

I honestly think Intel simply screwed up. No conspiracy. I mean, good will is worth as much as hard cash too. It's one thing to screw peon consumers, but not huge vendors and partners.

 

[londiste]

You can't say it is not. I mean, for years Intel processors where super secure and in a period of 6-8 months they found half a dozen pretty serious security problems? Where they sleeping all those years and woke up last summer? Didn't had the necessary stuff before to check? Didn't had the tools to check?

Actually, researchers have not been sleeping and security issues come up every once in a while. Not as serious as the current ones but still.
The research on current issues started far longer ago than 6-8 months.
They did not have necessary stuff before to check, mainly know-how (in case of Meltdown and Spectre, necessary details on microarchitectural behaviour of Intel's branch predictor and speculative execution).
They did not always have tools (as an example, one of the methods used in research Flush+Reload is from 2013).

Intel has more know-how but they also have a different perspective on things and I do not mean it in the way they are not interested in plugging up every security problem they find. No doubt they do exactly that for a lot of them. There is a significant amount of people poking at CPUs (among other things) trying to find a hole, a malfunction, a vulnerability. Different approach, often lacking specific knowledge of how things work, poking at a black box, can yield intererting results and ideas that you would not get when looking at a known piece of technology.

 

[Legacy-ZA]

How convenient.....now when we reach the peak of the Ghz Speed suddenly spectre&meltdown shows up to slow us down....but hey our "Saviors"prepared for us special "in-silicon" fix on their NEW &LATEST architecture FOR ONLY:...............$

View attachment 96405

I couldn't agree more; if the chip makers were truly sincere, they would do recalls and replace their flawed CPU's, I don't care if it will cost them billions, they are the ones that screwed up and should pay for it. Of course this won't be doable for all their CPU lineups, as some of them are no longer manufactured and have been discontinued, If I am not mistaken, that means only the 4000 series and up would be eligible.

 

[R-T-B]

I couldn't agree more; if the chip makers were truly sincere, they would do recalls and replace their flawed CPU's, I don't care if it will cost them billions, they are the ones that screwed up and should pay for it. Of course this won't be doable for all their CPU lineups, as some of them are no longer manufactured and have been discontinued, If I am not mistaken, that means only the 4000 series and up would be eligible.

That would require a fundemental redesign of the affected cpus.

Also, the 6000 series is being phased out of manufacturing. Hoping for the 4000 series which is long out of warranty by all standards is just silly.

 

[bug]

Would really love to have a direct quote or statement from Intel about this. I suspect Krzanich had much more careful wording on this than what Tom's is using. I would not count on Intel having CPUs that are fixed as such for Meltdown and Spectre. Hoping, but not counting on that.

They were preparing Ice Lake for this year anyway. Since that was in the works, I would have been really surprised if it didn't take care of these vulnerabilities from their roots. The next AMD CPU will follow suit. Maybe not the Ryzen refresh, but certainly Ryzen 2.

 

[john_]

I think the Google Project Zero researchers can pretty dang easily.

This is hurting Intel's image more than helping it in the enterprise space (where the most money is made) as well. Many of those customers might be taking a look at otherwise dead in the water EPYC.

As a conspiracy theory, it's pretty awful.

I wouldn't say it will cost them more than what they will gain in the end. AMD is not exactly at the same level of Intel. It can't cover all the demand for server CPUs, EPYC are pretty good chips, but not better than Intel. ARM is also not exactly exploding in the server market. People building servers aren't going to throw Intel chips and software that are used to for years and turn to AMD and ARM so easily. I would love to see something like that, but it wouldn't happen. No IT guy will play his job in the roulette of going EPYC and having to face any bad news about EPYC in the future. With Intel things are easier to explain "Boss, I used the best processors from the best company that everyone is using".

Intel holds 99% of the server market. Even if it was losing 9% because of EPYC and Meltdown, the 90% that would stay with them, will be forced to update sooner rather than latter. So Intel will gain much more money from that 90%, compared to what would make from a 99% that doesn't feel the need to rush any update. Also Intel does have the stuff and money to create a new line of processors that are truly the most secured in the market. So a NEW Intel image will be created super fast in the end of this year, an image that will look even better compared to that OLD Intel image that was hit by Spectre and especially Meltdown. Meaning MORE sales.

 

[iO]

This is just a minor band-aid to mitigate the performance impact of their crappy software fix.
A real, actual fix for both Meltdown and especially Spectre cant realistically be expected before 2021.

 

[Legacy-ZA]

That would require a fundemental redesign of the affected cpus.

Also, the 6000 series is being phased out of manufacturing. Hoping for the 4000 series which is long out of warranty by all standards is just silly.

If they are no longer manufactured then they should recall them and get them off the shelves.

 

[bug]

This is just a minor band-aid to mitigate the performance impact of their crappy software fix.
A real, actual fix for both Meltdown and especially Spectre cant realistically be expected before 2021.

Because?

 

[R-T-B]

If they are no longer manufactured then they should recall them and get them off the shelves.

When they can do a software fix? Why?

Meltdown has been fixed fine. It hurts performance but it works. Spectre effects all modern speculative CPUs. Are you seriously suggesting we recall all present high-performance CPUs?

Because?

Cause that's when the world ends. No CPU = no problem... yay!

 

[iO]

Because?

Former Intel employee on twitter:

https://twitter.com/x/status/949370010652196864

It takes months and years of development, revisions, steppings, validations etc to make sure new hardware works as expected while not introducing new bugs or compatibility issues with existing code.

No way they are that fast putting something in sillicon while they cant get their "rather simple" micro code fix to work properly...

 

[bug]

Former Intel employee on twitter:

https://twitter.com/x/status/949370010652196864

It takes months and years of development, revisions, steppings, validations etc to make sure new hardware works as expected while not introducing new bugs or compatibility issues with existing code.

No way they are that fast putting something in sillicon while they cant get their "rather simple" micro code fix to work properly...

Believe what you want, but they already had like 9 months to bake this into Ice Lake. Which in turn is 9-12 months from release.

 

[mastrdrver]

Believe what you want, but they already had like 9 months to bake this into Ice Lake. Which in turn is 9-12 months from release.

Believe what you want, but Intel has a history of being shitty when it comes to doing what they should do. Just look at the recent problem with the Linux patch for evidence.

 

[Chaitanya]

I know it's not going to help people here who are wearing tinfoil hats but for more information regarding the two vulnerabilities go to following links:
https://meltdownattack.com/
https://googleprojectzero.blogspot.in/