• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New Linux microcode package for Intel systems - any performance impact worth noting?

Joined
Jun 24, 2015
Messages
1,830 (0.98/day)
Location
Western Canada
System Name Ol' Beastie R3.5
Processor R7 3700X
Motherboard B550M TUF Wifi (0805)
Cooling Dark Rock Pro 4
Memory 32GB Trident Z RGB [3733] (16-19-19-37) (DJR)
Video Card(s) RTX 2060 Super FE (UV 0.950V)
Storage 2.75TB of SSDs
Display(s) GW2765HT
Case TJ08T-E, NF-A14 iPPC-2000 + SW3 120mm
Audio Device(s) DT 770 80Ω [FiiO E10K], Blue Snowball + DS7200B
Power Supply Seasonic SSR-550PX [Cablemod SE]
Mouse Endgame XM1
Keyboard various customs
Software Windows 10 2004
So my system lists a microcode update as of today. Seems like the focus of this one is on SA-00329 and SA-00320.

new microcode.png


The former seems to patch the L1D exploit that's been floating around as of late, but the patch notes state that there is no known vulnerability using said exploit. I'm no expert on this, so all I know on the subject is that Linus Torvalds blasted Amazon's patch for L1D for being inappropriately heavy handed and performance-impacting in implementing mandatory flushing of L1D cache. Seems this patch does the same.

The latter SRBDS seems to be some sort of new strain of MDS surrounding RDRAND. I don't know anything about this, but others seem to:

new microcode rdrand.png


Irony is that apparently SGX Enabled is a suitable protection for this vulnerability. I can't use SGX because I need undervolting on both Windows and Linux which means I can't use the Plundervolt (SA-00289) mitigation, in turn meaning it was safer to keep SGX off in that situation if not running the microcode update.

I don't usually care much for these in relation to my old 4790K, but this is my laptop with a 8550U and Hyperthreading already necessarily disabled for thermal throttling reasons, so if there's a bigger performance impact to these mitigations (which some of these technical reports seem to suggest) I wonder if it's better just to go without the microcode.

Thoughts on whether the microcode is worth it? The two vulnerabilities are rated at 2.8 and 6.5 out of 10, so not quite on the same level as the more famous exploits. The SRBDS vulnerability affects all Core from Ivy Bridge to Comet Lake-U, but apparently not Comet-H or Comet-S.
 

johnspack

Here For Good!
Joined
Oct 6, 2007
Messages
5,539 (1.18/day)
Location
Nelson B.C. Canada
System Name Blacknet
Processor E5-1680v2 Xeon
Motherboard Asus P9X79 Pro
Cooling Noctua NH-D14/7case fans
Memory 32gb Gskill 1866 Cas9
Video Card(s) EVGA FTW GTX 980 Ti ACX 2.0+
Storage Toshiba 3TB, x300 Toshiba 5TB, 2x EVO 850 250GB, 2x EVO 860 500GB, LG 14x Blu-Ray Rewriter
Display(s) 24" LG 24GL600F 144HZ, 23" Asus VZ239H IPS
Case Antec 1200
Audio Device(s) Asus Xonar MKII+ AKG Q701 Studio Monitors
Power Supply XFX XTR 750 Gold
Mouse Logitech G900 Chaos Spectrum
Keyboard Ducky One 2 RGB
Software Kubuntu 20.04
Benchmark Scores It's linux baby!
Would like to know this myself, it's even showing up in my vms. I think I'll leave it out for now.
 
Joined
Jun 24, 2015
Messages
1,830 (0.98/day)
Location
Western Canada
System Name Ol' Beastie R3.5
Processor R7 3700X
Motherboard B550M TUF Wifi (0805)
Cooling Dark Rock Pro 4
Memory 32GB Trident Z RGB [3733] (16-19-19-37) (DJR)
Video Card(s) RTX 2060 Super FE (UV 0.950V)
Storage 2.75TB of SSDs
Display(s) GW2765HT
Case TJ08T-E, NF-A14 iPPC-2000 + SW3 120mm
Audio Device(s) DT 770 80Ω [FiiO E10K], Blue Snowball + DS7200B
Power Supply Seasonic SSR-550PX [Cablemod SE]
Mouse Endgame XM1
Keyboard various customs
Software Windows 10 2004
Would like to know this myself, it's even showing up in my vms. I think I'll leave it out for now.
So SRBDS has a layman's name now: Crosstalk. Another fancy name to parrot against Intel products lol. Anyways, it's not that the vulnerability only affects RDRAND, RDSEED and EGETKEY; it's that Intel only patched execution of those instructions as it thought those were the most important. Result is that the rest remain vulnerable to varying degrees, and the SA-00320 fix doesn't completely nuke performance.

It seems that both SA-00320 and SA-00329 involve similar techniques by flushing memory/cache more often.

These researchers are saying something different about SGX:

Screenshot_20200610-012357__01.jpg


Same as with Plundervolt, looks like SGX should still remain disabled. Ironic as always.

If the performance impact of Intel's fix is minor as claimed, I feel a little better about SA-00320. On the other hand, still no word on the L1D fix SA-00329, probably the bigger culprit here.
 
Top