48

Has Intel released any information about new processors?

According to their advisory a number of processors are susceptible, but it says nothing about when new processors will be fixed. Also Meltdown and Spectre Vulnerabilities has no answers addressing this.

So, from what production date on will/are Intel processors secured against speculative execution attacks?

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
bitmask
  • 585
  • 1
  • 5
  • 12
  • I mean specifically those that are made from a given date forwards. So for example, the answer *could* be "All processors made after Feb. 5th are secure" or something along those lines. – bitmask Feb 13 '18 at 09:22
  • 14
    Probably best rephrased as **"From what production date on will/are Intel processors likely be secure against speculative execution attacks (Spectre)?"** Also, with or without performance loss? It seems logical they will offer the end-user the choice. Also that some mechanism will be added to mark known-good code so it has permission to run speculatively. – smci Feb 13 '18 at 10:33
  • 6
    @smci The issue *isn't* that code is run speculatively; it's that the CPU doesn't eliminate the secondary effects of that speculative execution when it's determined that the code didn't have permission to access the area of memory which it tried to access (e.g. the CPU doesn't invalidate a cache line which is loaded from restricted memory spaces due to the speculative execution). Thus, it's not an issue of giving permission to run speculatively, it's an issue of properly cleaning up from having done so, so that the secondary effects are not detectable. – Makyen Feb 13 '18 at 16:26
  • 1
    All recent Intel x86/x64 CPUs are vulnerable to meltdown. There will hopefully be some future new processors without that bug, but it is not known yet when they will be released. All recent x86/x64 CPUs are vulnerable to spectre. It is not yet known if this can be fully prevented without massive performance loss. There might be CPUs in the future without that, or there might be just software solutions. So if you need a x64 CPU without the meltdown bug, you have AMD. If you need one without spectre, you are out of luck. – Josef Feb 13 '18 at 09:26
  • "but it is not known yet when they will be released" Do you think that will be weeks, months or years? – bitmask Feb 13 '18 at 09:32
  • @bitmask Years. Just look how long it takes to create a new processor group, to test them, to prepare for producing them, etc.etc. – user155462 Feb 13 '18 at 10:08
  • Thanks. I was thinking they could patch the problem in the current design and then churn out hardware that is not susceptible. But I guess it's too deeply rooted in the design to fix. – bitmask Feb 13 '18 at 10:51
  • ARM (or at least decent arm) is also vulnerable to spectre, not just x86/x86_64. This means all your phones and tablets too. – Programmdude Feb 13 '18 at 12:18
  • Technically you could use an Itanium, as it seems not vulnerable to these issues. The latest generation is even somewhat current (May 2017). But its probably a dead end for other reasons. – schlenk Feb 14 '18 at 00:17

3 Answers3

33

The processors that were already announced and are about to be launched in the near future will still be vulnerable to both Spectre v2 and Meltdown if patches and/or firmware is not applied correctly. Spectre v1 was not entirely fixed with the latest patches. Most recent products have patches available, although not always functioning very well.
You can easily cross-reference the list of affected products to the soon-to-be-launched ones.

To answer your question directly: Intel plans to fix this on a hardware level in 2018. Intel's CEO stated the following in the earnings call for Q4 2017

Our near term focus is on delivering high quality mitigations to protect our customers infrastructure from these exploits. We’re working to incorporate silicon-based changed to future products that will directly address the Spectre and Meltdown threats in hardware. And those products will begin appearing later this year.

I don't know what "appearing" means in this context (announcement of new products or release of new products).

Conclusion: throughout 2018 anybody who plans to buy a new processor (or a new laptop/PC with a new processor) will have to take some security measures to secure themselves against Spectre and Meltdown IF the accompanying firmware or the OS has no proper protection against these vulnerabilities.

Edit: After the conversation with R.. I rechecked Intel's official statements. All mitigation attempts and patches only target Meltdown and Spectre v2, because:

For the bounds check bypass methodthat's Spectre v1, Intel’s mitigation strategy is focused on software modifications.

It remains unclear if this will remain Intel's strategy throughout the next product cycle.

Luc
  • 31,973
  • 8
  • 71
  • 135
Tom K.
  • 7,913
  • 3
  • 30
  • 53
  • 3
    Linus has a rant recently about how Intel is inconveniencing them because the initial fixes still allowed exploits and the only reason they were pushing this down to the OS level (for new chips) is because they value benchmarks over security: https://www.theinquirer.net/inquirer/news/3024926/linus-torvalds-tells-intel-that-its-spectre-and-meltdown-fixes-are-garbage – Quaternion Feb 13 '18 at 18:56
  • 1
    @R.. While it is true that there have been some problems with the provisioning of patches, I wouldn't go so far, as to say that there is no fix per se. Intel [released microcode patches for certain processor types](https://www.intel.com/content/www/us/en/support/articles/000026620/mini-pcs.html) to mitigate Spectre v2 and Linux kernels were updated to mitigate all 3 vulnerabilities. See [here for Spectre v1](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f84a56f73dddaeac1dba8045b007f742f61cd2da). More **working** Microcode updates have to be released soon though. – Tom K. Feb 13 '18 at 19:14
  • 4
    @TomK.: Spectre variant 1 cannot be fixed on existing cpus unless Intel is able and willing to offer a switch (MSR) to turn off speculative execution or at least branch prediction, which they are not doing. The link you provided is about hardening particular software (e.g. parts of kernel) against it, which does not let you safely run existing software that can't or can't easily be patched and rebuilt, and doesn't catch all the other countless ways Spectre could be exploited. – R.. GitHub STOP HELPING ICE Feb 13 '18 at 19:34
  • 2
    @R.. I don't want to split hairs, but there is a big difference between "There is no fix for Spectre" and (paraphrasing here) "Intel did not give out a working patch for Spectre v1 **yet**." As far as I understand Intel's press releases, they do plan to do just that. – Tom K. Feb 13 '18 at 19:46
  • 3
    @TomK.: Their publicity materials claim that they intend to "fix Spectre" (probably only variant 2, not variant 1) in future cpu models. They have not claimed anywhere that they intend to fix variant 1 on existing cpus via microcode updates. Doing so may be possible, but it would be a **huge** performance hit (probably 25-75% slower) and thus they have a huge incentive not to do it. Customers should demand that they do. We really need skilled lawyers and technical ppl working on making that happen... – R.. GitHub STOP HELPING ICE Feb 13 '18 at 19:57
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/73102/discussion-between-jpmc26-and-r). – jpmc26 Feb 14 '18 at 02:13
7

It’s all speculation at this point. Normally, the 9th gen of Intel’s CPUs should be protected from the meltdown bug, and that generation is scheduled for the second half of 2018 (according to HKEPC). But that generation of CPUs was already quite ahead in development when the bug was found so it's quite likely that 9th gen will also be affected, in which case we'll have to wait for the 10th gen (second half of 2019 or beginning of 2020).

Luc
  • 31,973
  • 8
  • 71
  • 135
Overmind
  • 8,779
  • 3
  • 19
  • 28
  • So, predicting 2H/2019? – smci Feb 13 '18 at 10:35
  • 2
    Yes, my bet in on the Ice Lake fix. – Overmind Feb 13 '18 at 11:29
  • Hardware mitigation of Meltdown could be pretty easy / localized, without requiring any design changes that affect any logic outside the load port. See my answer on https://security.stackexchange.com/questions/177100/why-are-amd-processors-not-less-vulnerable-to-meltdown-and-spectre. For example, squash the data to zero as well as setting a fault-on-retirement flag, so speculative execution using the data you're not allowed to access always sees `0` instead of the secret data. This takes maybeone extra gate delay in the load port. (And one clock cycle is several gate delays long) – Peter Cordes Feb 14 '18 at 03:20
  • I would not be surprised to see HW mitigation of Meltdown in Cannonlake. Not likely a new stepping of Skylake / Kaby Lake / Coffee Lake, though. (Efficient) Spectre mitigation is *much* harder, and Intel's strategy so far is apparently just to provide an API for software to defend itself, not to fully block it even in the long term. – Peter Cordes Feb 14 '18 at 03:23
  • Yes, that is a possibility. – Overmind Feb 14 '18 at 06:14
  • 3
    "It’s all speculation at this point." Pun intended? – Michael Feb 14 '18 at 15:38
  • No. Since we don't have an official announcement... – Overmind Feb 15 '18 at 08:00
5

Are new intel CPUs vulnerable to Meltdown/Spectre?

When software mitigation protections are not correctly implemented new Intel CPUs are vulnerable to both Meltdown and Spectre.

Has intel released any information about new processors?

In an investors call Intel indicated that they are "working to incorporate silicon-based changed to future products that will directly address the Spectre and Meltdown threats in hardware."

Note that in-development silicon might not be at an early enough stage in development to fully resolve the exploits without software mitigation or performance impacts. Ideally they would implement a full fix that doesn't require software mitigation and has full performance, but the root of one of the exploits is branch prediction, meant to increase performance, and they may be unable - particularly at this stage of development - to keep full performance of branch prediction and still prevent this exploit.

So while these silicon fixes may "address" the threats, they may not be fully resolved wholly in silicon.

So, from what production date on will/are intel processors secured against speculative execution attacks?

At this time there is no definitive date or production schedule. Late 2018 is the timeframe to release silicon that "addresses" these threats, but there is no guarantee that release will fully resolve the issue in hardware without additional software mitigation. Performance has not been addressed at all in released or known information.

Adam Davis
  • 1,071
  • 7
  • 11