Intel Publishes Spectre & Meltdown Hardware Plans: Fixed Gear Later This Year

Since the public revelation of the Meltdown and Spectre CPU vulnerabilities early this year, Intel has spent virtually the entire time in a reactionary mode, starting from the moment the vulnerabilities were revealed ahead of schedule. Since then the company has been making progress, albeit not without some significant steps backwards such as faulty microcode updates. However in recent weeks the company finally seems to be turning a corner on their most pressing issues, and this morning is releasing a more forward-looking update to their security issues.

Jumping straight to what AnandTech readers will consider the biggest news, Intel is finally talking a bit about future hardware. Intel is announcing that they have developed hardware fixes for both the Meltdown and Spectre v2 vulnerabilities, which in turn will be implemented into future processors. Both the next version of Intel’s Xeon server/HEDT platform – Cascade Lake – as well as new 8th gen Core processors set to ship in the second half of this year will include the mitigations.

For those not up to date with their Intel codenames, Cascade Lake is the 14nm refresh of Intel’s current Skylake-E/X family. Little official information is available about Cascade Lake, but importantly for datacenter vendors, this lays out a clear timetable for when they can expect to have access to Meltdown and Spectre-hardened silicon for use in new virtual machine servers. Given that virtual machine hosts were among those at the greatest risk here – and more impacted by the performance regressions of the software Meltdown mitigations – this is understandably most crucial market for Intel to address.

Meanwhile for updating Intel’s consumer chips, this is a bit more nebulous. While Intel hasn’t shared the complete text of their announcement with us ahead of press time, their specific wording is that the changes will be included in 8th gen Core processors “expected to ship in the second half of 2018.” Intel hasn’t said what processor family these are (e.g. Cannon Lake?), or for that matter whether these are even going to be traditional consumer chips or just the Core HEDT releases of Cascade Lake. So there is a lot of uncertainty here over just what this will entail. In the interim we have reached out to Intel about how consumers will be able to identify post-mitigation chips, and while we’re still waiting on a more complete response, Intel has told us that they want to be transparent about the matter.

As for the hardware changes themselves, it’s important to note that Intel’s changes only mitigate Meltdown (what Intel calls “variant 3”) and Spectre variant 2. In both cases the company has mitigated the vulnerabilities through a new partitioning system that improves both process and privilege-level separation, going with a “protective walls” analogy.

Intel’s Meltdown & Spectre Hardware Mitigations Plans (2018)
Exploit Mitigation
Meltdown Hardware
Spectre variant 1 (bounds check bypass) Software
Spectre variant 2 (branch target injection) Hardware

Unfortunately these hardware changes won’t mitigate Spectre variant 1. And admittedly, I haven’t been expecting Intel (or anyone else) to figure that one out in 2018. The best mitigations for Spectre v2 will remain developer-focused software techniques such as retpoline.

The catch is that the more worrying risk with Spectre has always been the v1 variant, as the attack works against rather fundamental principles of speculative out-of-order execution. Which has been why the initial research on the vulnerability class noted that researchers weren’t sure they completely understood the full depth of the issue at the time. And indeed, it seems like the industry as a whole is still trying to fully understand the matter. The one silver lining here is that Spectre v1 isn’t a privilege escalation attack, so it is believed that it can only be used against same-level processes. Which can still be used for plenty of naughtiness with user data in other user-level applications, but can’t reach into more secure processes.

Moving on, for Intel’s current processors the company has updated their guidance for releasing the mitigation microcode updates. As of last week, the company has released production microcode updates for all of their products released in the last 5 years. In fact on the Core architecture side it goes even farther than that; Intel has now released microcode updates for all 2nd gen Core (Sandy Bridge) and newer processors, including their Xeon and HEDT variants. There are some outstanding questions here on how these updates will be delivered, as it seems unlikely that manufacturers will release BIOS updates for motherboards going back quite that far, but judging from how Intel and Microsoft have cooperated thus far, I’d expect to see these microcode updates also released to Windows Update in some fashion.

Finally, Intel will also be going even further back with their microcode updates. Their latest schedule calls for processors as old as the Core 2 lineup to get updates, including the 1st gen Core processors (Nehalem/Gulftown/Westmere/Lynnfield/Clarksfield/Bloomfield/Arrandale/Clarkdale), and the 45nm Core 2 processors (Penryn/Yorkfield/Wolfdale/Hapertown), which would cover most Intel processors going back to late 2007 or so. It’s worth noting that the 65nm Core 2 processors (Conroe, etc) are not on this list, but then the latter Core 2 processors weren’t on the list either at one point.

Intel’s Core Architecture Meltdown & Spectre v2 Mitigations
Microarchitecture Core Generation Status
Penryn 45nm Core 2 Microcode Planning
Nehalem/Westmere 1st Planning/Pre-Beta
Sandy Bridge 2nd Microcode Released
Ivy Bridge 3rd Microcode Released
Haswell 4th Microcode Released
Broadwell 5th Microcode Released
Skylake 6th Microcode Released
Kaby Lake 7th Microcode Released
Coffee Lake 8th Microcode Released
H2’2018 Core (Cannon Lake?) 8th Hardware Immune
Cascade Lake X Hardware Immune

Original Article