Shortly after the Spectre and Meltdown chip vulnerabilities were disclosed earlier this year, Intel started releasing software updates meant to mitigate the risk. Some of those updates came out better than others, but the idea was to help protect PC and servers by making it tougher for malware to infect a system and steal data that was suppose to be private. But those software-based mitigations can slow down computers in some situations.
Now Intel has announced that its first hardware-based solutions are on the way. The company will ship those 8th-gen Intel Core processors and next-gen Intel Xeon “Cascade Lake” chips in the second half of 2018.
The Meltdown and Spectre vulnerabilities take advantage of a chip technology called “speculative execution” to access and steal data without first obtaining the proper user privilege level.
According to Intel the new processors will have a new partitioning scheme that will prevent Spectre Variant 2 and Meltdown-based attacks while still allowing chips to use speculative execution to speed up performance.
Intel says Spectre Variant 1 will not be affected by these hardware changes, but the company will continue to offer software that helps minimize the risk of Variant 1-based attacks.
Does this mean that everyone should replace their computer later this year? Not necessarily. Intel says it’s already released microcode updates for every Intel product released in the past 5 years, so if you’ve got a relatively recent Intel-powered computer there’s a good chance you’ll be able to apply a software update to help protect you against Spectre and Meltdown. Unfortunately you can’t just download that update from Intel: you’ll need to check with your PC manufacturer to see if a firmware update is available for your device.
AMD meanwhile, says its chips are only really vulnerable to Spectre Variant 2, and that its chip architecture makes that vulnerability very difficult to exploit. The company has nonetheless been offering microcode updates to its partners.
AMD chips are also susceptible to Variant 1 attacks, but AMD says operating system patches protect against that, making microcode updates unnecessary.
That said, AMD has a new set of security headaches to deal with this week.
I am going to wait until Ice Lake before buying a new CPU. 10nm and supposedly new architecture. If they don’t have a good hardware fix for Spectre and Meltdown by then, they might never have the proper fix.
Neither will be fully addressed until the next ‘Architecture’… Ice Lake is likely almost fully baked already (that 2019 release is not far…), and these will likely have the same mitigation’s built into these new “8th gen” chips (Coffee Lake Refresh and Kaby Lake Refresh Refresh?).
That graphic is super convincing. I feel so much better knowing there’s a shield protecting the little Tron men zooming between the ice and the amber of my computer box!
We don’t know what 8th generation means, could be just HEDT so Cascade Lake in consumer.
AMD is vulnerable to Spectre v1 and they use the same software mitigations as everybody else. They do claim that v2 is hard to exploit.
As for those new set of headaches, those are the kind of issues that never get coverage in normal times and not at all comparable to Spectre and Meltdown.
Right, I sort of skimmed over variant 1 there. What AMD says is that they think OS updates are good enough and they don’t need to offer microcode updates. I should probably spell that out though.
” you’ll need to check with your PC manufacturer to see if a firmware update is available ”
So how does this apply to those who built their own PC?
Motherboard maker, most likely. Wherever you’d normally get a BIOS/UEFI update.
Hasn’t Microsoft said they’ll help push out microcode updates? Does Linux already allow for it?