Intel firmware/microcode updates that make processors "immune" to both Spectre and Meltdown?

Question

Recently Intel has claimed the following in a press release (emphasis added):

SANTA CLARA, Calif., Jan. 4, 2018 — Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates.

Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.

Another more-recent press release reiterated this (emphasis added):

In early December we began distributing Intel firmware updates to our OEM partners. For Intel CPUs introduced in the past five years, we expect to issue updates for more than 90 percent of them within a week, and the remainder by the end of January. We will continue to issue updates for other products thereafter. We are pleased with this progress, but recognize there is much more work to do to support our customers.

It seems that they are claiming that they have developed firmware updates for their processors that somehow prevent both Meltdown and Spectre attacks from working, and they are being distributed through different vendors.

However I find this claim vague and unconvincing.

Are there Intel CPU firmware/microcode updates that, either partially or completely, prevent Meltdown and Spectre? If so, how do they achieve this and how does it affect performance?

---

MORE INFO:

Upon further research, it appears the "firmware" update may refer to a microcode update. Still no real details on what this update accomplishes though.

From Debian Bug report logs: intel-microcode: coming updates for meltdown/spectre:

It's been rumored that Intel will be releasing microcode updates to (partially?) mitigate some of the effects of meltdown and spectre.

---

Intel has released several updates already, but not all of them AFAIK.

These microcode updates are of little impact until the kernel changes to activate the new MSRs are deployed. But they do mess with conditional jumps and LFENCE.

Anyway, uploading a partial, unofficial set of updates to unstable to close the bug. Several processors are still missing. I expect an official release from Intel soon, hopefully with updates for everything.

Everyone should look for firmware updates, the usual good vendors already have them out, or will have them out by the end of the next week.

Answer 1

Intel will release patches for all processors that are not older than 5 years. Most of these patches will be provided within the next week, the rest until the end of January 2018.

They also released this pdf and this should answer all further questions regarding these patches.

---

TL;DR:

Mitigation for:

Bounds Check Bypass (=Spectre): Software modifications
Branch Target Injection (=Spectre): Software modifications and Microcode Update
Rogue Data Cache Load (=Meltdown): Operating systems have to be patched for now, but newer processors will "have hardware support" for mitigation.

---

A shortened quote from the whitepaper follows. I emphasized the parts, that concern your question:

Bounds Check Bypass Mitigation

For the bounds check bypass method, Intel’s mitigation strategy is focused on software modifications. The software mitigation that Intel recommends is to insert a barrier to stop speculation in appropriate places. In particular, the use of an LFENCE instruction is recommended for this purpose. Serializing instructions, as well as the LFENCE instruction, will stop younger instructions from executing, even speculatively, before older instructions have retired but LFENCE is a better performance solution than other serializing instructions. An LFENCE instruction inserted after a bounds check will prevent younger operations from executing before the bound check retires. Note that the insertion of LFENCE must be done judiciously; if it is used too liberally, performance may be significantly compromised.

Intel’s analysis of the Linux kernel for example has only found a handful of places where LFENCE insertion is required, resulting in minimal performance impact.^{No comment on Windows/MacOS}

Branch Target Injection Mitigation

For the branch target injection method, two mitigation techniques have been developed. This allows a software ecosystem to select the approach that works for their security, performance and compatibility goals. The first technique introduces a new interface between the processor and system software. This interface provides mechanisms that allow system software to prevent an attacker from controlling the victim’s indirect branch predictions, such as flushing the indirect branch predictors at the appropriate time to mitigate such attacks. [...] This mitigation strategy requires both updated system software as well as a microcode update to be loaded to support the new interface for many existing processors.

The second technique introduces the concept of a “return trampoline”, also known as “retpoline”. Essentially, software replaces indirect near jump and call instructions with a code sequence that includes pushing the target of the branch in question onto the stack and then executing a Return (RET) instruction to jump to that location, as Return instructions can generally be protected using this method. This technique may perform better than the first technique for certain workloads on many current Intel processors. [...] For Intel® Core™ processors of the Broadwell generation and later, this retpoline mitigation strategy also requires a microcode update to be applied for the mitigation to be fully effective.

Rogue Data Cache Load Mitigation

For the rogue data cache load method, the operating system software may ensure that privileged pages are not mapped when executing user code in order to protect against user mode access to privileged pages.

This basic dual-page-table approach was previously proposed as a mitigation for side channel attacks on Kernel Address Space Layout Randomization (KASLR) in the “KASLR is Dead: Long Live KASLR1” paper and was called KAISER. This approach also mitigates Rogue Data Cache Load. Intel has worked with various OS vendors to enable a dual-page-table approach in their operating systems. An OS implementing this dual-page-table mitigation may wish to take advantage of the Process Context Identifier (PCID) feature on processors which support it. PCID can greatly reduce the performance cost of TLB flushes caused by frequent reloading of CR3 during user/supervisor mode transitions.

Future Intel processors will also have hardware support for mitigating Rogue Data Cache Load.

---

Also Intel’s CEO, Brian Krzanich apparently spoke to some of this during his CES 2018 keynote.

https://youtu.be/RlJ9zB74G_U?t=3545

---

What does this mean for me as an end user?

1. Does your machine have a Intel processor?

   1. No? Get updates for your OS/VM and your browser. Look for patches by AMD or ARM. If you don't have any of those either, keep your eyes open, if your vendor pops up in the "is also affected"-list.
   2. Yes! Get the patches from official sources. Also update your OS. You should be fine then. Possibly this can be done in one step. Do this as soon as the patches are available, a new WannaCry might pop up tomorrow.