Recently Intel has claimed the following in a press release (emphasis added):
SANTA CLARA, Calif., Jan. 4, 2018 — Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates.
Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.
Another more-recent press release reiterated this (emphasis added):
In early December we began distributing Intel firmware updates to our OEM partners. For Intel CPUs introduced in the past five years, we expect to issue updates for more than 90 percent of them within a week, and the remainder by the end of January. We will continue to issue updates for other products thereafter. We are pleased with this progress, but recognize there is much more work to do to support our customers.
It seems that they are claiming that they have developed firmware updates for their processors that somehow prevent both Meltdown and Spectre attacks from working, and they are being distributed through different vendors.
However I find this claim vague and unconvincing.
Are there Intel CPU firmware/microcode updates that, either partially or completely, prevent Meltdown and Spectre? If so, how do they achieve this and how does it affect performance?
MORE INFO:
Upon further research, it appears the "firmware" update may refer to a microcode update. Still no real details on what this update accomplishes though.
From Debian Bug report logs: intel-microcode: coming updates for meltdown/spectre:
It's been rumored that Intel will be releasing microcode updates to (partially?) mitigate some of the effects of meltdown and spectre.
Intel has released several updates already, but not all of them AFAIK.
These microcode updates are of little impact until the kernel changes to activate the new MSRs are deployed. But they do mess with conditional jumps and LFENCE.
Anyway, uploading a partial, unofficial set of updates to unstable to close the bug. Several processors are still missing. I expect an official release from Intel soon, hopefully with updates for everything.
Everyone should look for firmware updates, the usual good vendors already have them out, or will have them out by the end of the next week.