Spectre and Meltdown in Hardware: Intel Clarifies Whiskey Lake and Amber Lake
by Ian Cutress on August 30, 2018 7:00 AM EST- Posted in
- CPUs
- Intel
- Spectre
- Meltdown
- Whiskey Lake
- Amber Lake
With the launch of Intel’s latest 8th Generation Core mobile processors, the 15W Whiskey Lake U-series and the 5W Amber Lake Y-series, questions were left on the table as to the state of the Spectre and Meltdown mitigations. Intel had, previously in the year, promised that there would be hardware fixes for some of these issues in consumer hardware by the end of the year. Nothing was mentioned in our WHL/AML briefing, so we caught up with Intel to find out the situation.
There Are Some Hardware Mitigations in Whiskey Lake
The takeaway message from our discussions with Intel is that there are some hardware mitigations in the new Whiskey Lake processors. In fact, there are almost as many as the upcoming Cascade Lake enterprise parts. Intel told us that while the goal was to be transparent in general with how these mitigations were being fixed - we think Intel misread the level of interest in the specifics in advance of the Whiskey Lake launch, especially when the situation is not a simple yes/no.
For the mitigations, here is the current status:
Spectre and Meltdown on Intel | |||||
AnandTech | Cascade Lake |
Whiskey Lake |
Amber Lake |
||
Spectre | Variant 1 | Bounds Check Bypass | OS/VMM | OS/VMM | OS/VMM |
Spectre | Variant 2 | Branch Target Injection | Hardware + OS | Firmware + OS | Firmware + OS |
Meltdown | Variant 3 | Rogue Data Cache Load | Hardware | Hardware | Firmware |
Meltdown | Variant 3a | Rogue System Register Read | Firmware | Firmware | Firmware |
Variant 4 | Speculative Store Bypass | Firmware + OS | Firmware + OS | Firmware + OS | |
Variant 5 | L1 Terminal Fault | Hardware | Hardware | Firmware |
What this means is that Whiskey Lake is a new spin of silicon compared to Kaby Lake Refresh, but is still built on that Kaby Lake microarchitecture. Intel confirmed to us that Whiskey Lake is indeed built on the 14++ process node technology, indicating a respin of silicon.
As a result, both CPU families have the all-important (and most performance degrading) Meltdown vulnerability fixed. What remains unfixed in Whiskey Lake and differentiates it from Cascade Lake CPUs is Spectre variant 2, the Branch Target Injection. This vulnerability has its own performance costs when mitigated in software, and it has taken longer to develop a hardware fix.
What About Amber Lake?
The situation with Amber Lake is a little different. Intel confirmed to us that Amber Lake is still Kaby Lake – including being built on the 14+ process node – making it identical to Kaby Lake Refresh as far as the CPU die is concerned. In essence, these parts are binned to go within the 5W TDP at base frequency. But as a result, Amber Lake shares the same situation as Kaby Lake Refresh: all side channel attacks and mitigations are done in firmware and operating system fixes. Nothing in Amber Lake is protected against in hardware.
Performance
The big performance marker is tackling Spectre Variant 2. When fixed in software, Intel expects a 3-10% drop in performance depending on the workload – when fixed in hardware, Intel says that performance drop is a lot less, but expects new platforms (like Cascade Lake) to offer better overall performance anyway. Neither Whiskey Lake nor Amber Lake have mitigations for v2, but Whiskey Lake is certainly well on its way with fixes to some of the more dangerous attacks, such as v3 and L1TF. Whiskey Lake is also offering new performance bins as the platform is also on 14++, which will help with performance and power.
Intel’s Disclosure in the Future
Speaking with Intel, it is clear (and they recognise) that they appreciate the level of interest in the scope of these fixes. We’re pushing hard to make sure that with all future launches, detailed tables about the process of fixes will occur. Progress on these issues, if anything, is a good thing.
Related Reading
- Intel Launches Whiskey Lake-U and Amber Lake-Y
- Intel Discuss Whiskey Lake-U, Amber Lake-Y, and ‘Cascade Lake-X’
- Intel at Hot Chips 2018: Showing the Ankle of Cascade Lake
- Intel Wraps Up Spectre Patching, Partially Cancels Plans For 1st Gen Core & Core 2 Processors
Title image from PC Watch
107 Comments
View All Comments
davesax1 - Friday, August 31, 2018 - link
How important are these changes to the consumer? How can u tell if a new computer has the improvements? Should a consumer wait for 9th generation procesors for more hardware fixes?HStewart - Friday, August 31, 2018 - link
"How important are these changes to the consumer? "Has there been a single instance of a virus out there - I believe server machines are effected and Hardware fixes in the works.
"Should a consumer wait for 9th generation procesors for more hardware fixes?"
As this article indicates Intel has made hardware fixes for 8th gen U processors listed here, Also in article Intel has made Hardware fixes for new Server cpus.
9th generation or 10nm stuff is not a requirement form hardware fixes - they can do that with current process.
GreenReaper - Sunday, September 2, 2018 - link
The new Cascade Lake server CPUs aren't here yet, of course . . .The change is important if only because 99.9% of people will be running with performance-impacting patches until they have new hardware. Even if you never encounter a virus you will still suffer the cost of protecting against them (and indeed, those patches should in part decrease the chance that you get one from someone else - a kind of herd protection).
Total Meltdowner - Friday, August 31, 2018 - link
All the guys here with Intel stock saying "it doesn't matter". Nonsense, this is going to hurt them badly. They have to redesign these chips!HStewart - Friday, August 31, 2018 - link
NOTE: This is not related to Intel CPU directory - but for any CPU out there.One thing I am curious about if your application is code correctly so that it has no buffer over runs for example - dos the Firmware updates have any impact. If the performance impact is only with poorly written code then I don't believe this much of issue. Of course as developer myself, I understand that some time these are to notice.
As a developer for around 30 years, buffer overruns is not new thing and curious why only in the last year has this come up.
abufrejoval - Friday, August 31, 2018 - link
Still no news on shadow stacks and CFI against Return oriented Programming? The specs were published in 2016...TheJian - Monday, September 3, 2018 - link
I want the chips benchmarked when all this is done and patched to see how much we lost. IE, I just bought an 8700k not long ago and wonder how much of a hit will it take when done. If I end up down 20-30% in some stuff I think a rebate or coupon towards a next chip (or something) is in order. Or start putting info on the boxes warning customers that "CHIPS WILL NOT PERFORM AS ADVERTISED" and drop the price accordingly.