With the launch of Intel’s latest 8th Generation Core mobile processors, the 15W Whiskey Lake U-series and the 5W Amber Lake Y-series, questions were left on the table as to the state of the Spectre and Meltdown mitigations. Intel had, previously in the year, promised that there would be hardware fixes for some of these issues in consumer hardware by the end of the year. Nothing was mentioned in our WHL/AML briefing, so we caught up with Intel to find out the situation.

There Are Some Hardware Mitigations in Whiskey Lake

The takeaway message from our discussions with Intel is that there are some hardware mitigations in the new Whiskey Lake processors. In fact, there are almost as many as the upcoming Cascade Lake enterprise parts. Intel told us that while the goal was to be transparent in general with how these mitigations were being fixed - we think Intel misread the level of interest in the specifics in advance of the Whiskey Lake launch, especially when the situation is not a simple yes/no.

For the mitigations, here is the current status:

Spectre and Meltdown on Intel
AnandTech Cascade
Lake
Whiskey
Lake
Amber
Lake
Spectre Variant 1 Bounds Check Bypass OS/VMM OS/VMM OS/VMM
Spectre Variant 2 Branch Target Injection Hardware + OS Firmware + OS Firmware + OS
Meltdown Variant 3 Rogue Data Cache Load Hardware Hardware Firmware
Meltdown Variant 3a Rogue System Register Read Firmware Firmware Firmware
  Variant 4 Speculative Store Bypass Firmware + OS Firmware + OS Firmware + OS
  Variant 5 L1 Terminal Fault Hardware Hardware Firmware

What this means is that Whiskey Lake is a new spin of silicon compared to Kaby Lake Refresh, but is still built on that Kaby Lake microarchitecture. Intel confirmed to us that Whiskey Lake is indeed built on the 14++ process node technology, indicating a respin of silicon.

As a result, both CPU families have the all-important (and most performance degrading) Meltdown vulnerability fixed. What remains unfixed in Whiskey Lake and differentiates it from Cascade Lake CPUs is Spectre variant 2, the Branch Target Injection. This vulnerability has its own performance costs when mitigated in software, and it has taken longer to develop a hardware fix.

What About Amber Lake?

The situation with Amber Lake is a little different. Intel confirmed to us that Amber Lake is still Kaby Lake – including being built on the 14+ process node – making it identical to Kaby Lake Refresh as far as the CPU die is concerned. In essence, these parts are binned to go within the 5W TDP at base frequency. But as a result, Amber Lake shares the same situation as Kaby Lake Refresh: all side channel attacks and mitigations are done in firmware and operating system fixes. Nothing in Amber Lake is protected against in hardware.

Performance

The big performance marker is tackling Spectre Variant 2. When fixed in software, Intel expects a 3-10% drop in performance depending on the workload – when fixed in hardware, Intel says that performance drop is a lot less, but expects new platforms (like Cascade Lake) to offer better overall performance anyway. Neither Whiskey Lake nor Amber Lake have mitigations for v2, but Whiskey Lake is certainly well on its way with fixes to some of the more dangerous attacks, such as v3 and L1TF. Whiskey Lake is also offering new performance bins as the platform is also on 14++, which will help with performance and power.

Intel’s Disclosure in the Future

Speaking with Intel, it is clear (and they recognise) that they appreciate the level of interest in the scope of these fixes. We’re pushing hard to make sure that with all future launches, detailed tables about the process of fixes will occur. Progress on these issues, if anything, is a good thing.

Related Reading

Title image from PC Watch

Comments Locked

107 Comments

View All Comments

  • cashkennedy - Friday, August 31, 2018 - link

    i worked at 2 walmarts, and in both they were in rooms that every department managers had keys to and they would let any employee go into the room alone to use the printer or various other reasons. So you could easily tamper with the physical hardware (insert a flash drive / move around cables / steal a hard drive)
  • 29a - Friday, August 31, 2018 - link

    "Hell even the training AIO computers have a Windows 7 and windows XP product codes taped to them so easy to reinstall the OS."

    OEMs have to put the product key on the case for legal reasons.
  • tmnvnbl - Thursday, August 30, 2018 - link

    How is this not relevant for everyone? These are severe security issues that affects nearly every application processor everybody uses all day for all their personal or work related stuff. I highly recommended you to look into it a bit more, and I really appreciate anandtech going after this. I assume Intel did not want to talk about it because it remains a sore point for them, not that it is not interesting for people.
  • andrewaggb - Thursday, August 30, 2018 - link

    I completely agree, this should be relevant for everyone. Security issues of any kind are important for people to understand and these ones come with a meaningful performance impact.
  • timecop1818 - Thursday, August 30, 2018 - link

    lol it affects literally less than 1% of desktop computing population. it's a hugely blown out of proportion exploit that is completely inpractical to execute on Joe Q Public's machine and even less useful to obtain any valuable data.

    I'm glad Microsoft at least provides registry keys to disable all this fucking nonsense.
  • chrcoluk - Wednesday, September 26, 2018 - link

    I agree with timecop, this has got to be one of if not the most overhyped exploit in my lifetime, its been hyped up in the sense that if you dont patch your systems you going to get wrecked in terms of data loss. The reality is this requires a machine to be already compromised before it can even be attempted and even then its very difficult and complicated to pull off, the performance hit is hideous, I wouldnt put it past a competitor of intel deliberately leaking this to trash intel's performance, as that is the worst impact of this vulnerability, not the security issue itself but the loss of performance, and milions are blindly patching their systems like sheep.

    Most of this stuff requires a microcode update, if you on windows 8.1 or older on old microcode, it means even if you fully patched up only meltdown is mitigated and that can be disabled by a registry key, so thankfully most people wont be feeling the full performance brunt of this nonsense and only need to disable meltdown. Windows 10 however I think does provide microcode updates via windows update loaded up on windows boot, so for windows 10 users its more difficult to reclaim performance but I think the lot including Foreshadow can be disabled via the registry.
  • willis936 - Thursday, August 30, 2018 - link

    If you read about journalism you'll see that it's about stories. And man what a story this is. They didn't manufacture interest, it's just interesting.
  • V900 - Thursday, August 30, 2018 - link

    Journalists manufacture stories all the time.

    It’s how they manufacture consent.
  • cerealspiller - Saturday, September 1, 2018 - link

    "It's how they manufacture consent."

    Now that's what I call a Freudian slip of EPYC proportions. :-)
  • jordanclock - Thursday, August 30, 2018 - link

    That's absolutely not true. These vulnerabilities are scary for everyone. EVERYONE. Your data is traversing systems running CPUs that are vulnerable to this attack, whether or not you directly access those systems.

    I do not remember any other vulnerabilities that were so pervasive and in such fundamental functions of CPUs of many vendors going back years.

Log in

Don't have an account? Sign up now