With the launch of Intel’s latest 8th Generation Core mobile processors, the 15W Whiskey Lake U-series and the 5W Amber Lake Y-series, questions were left on the table as to the state of the Spectre and Meltdown mitigations. Intel had, previously in the year, promised that there would be hardware fixes for some of these issues in consumer hardware by the end of the year. Nothing was mentioned in our WHL/AML briefing, so we caught up with Intel to find out the situation.

There Are Some Hardware Mitigations in Whiskey Lake

The takeaway message from our discussions with Intel is that there are some hardware mitigations in the new Whiskey Lake processors. In fact, there are almost as many as the upcoming Cascade Lake enterprise parts. Intel told us that while the goal was to be transparent in general with how these mitigations were being fixed - we think Intel misread the level of interest in the specifics in advance of the Whiskey Lake launch, especially when the situation is not a simple yes/no.

For the mitigations, here is the current status:

Spectre and Meltdown on Intel
AnandTech Cascade
Lake
Whiskey
Lake
Amber
Lake
Spectre Variant 1 Bounds Check Bypass OS/VMM OS/VMM OS/VMM
Spectre Variant 2 Branch Target Injection Hardware + OS Firmware + OS Firmware + OS
Meltdown Variant 3 Rogue Data Cache Load Hardware Hardware Firmware
Meltdown Variant 3a Rogue System Register Read Firmware Firmware Firmware
  Variant 4 Speculative Store Bypass Firmware + OS Firmware + OS Firmware + OS
  Variant 5 L1 Terminal Fault Hardware Hardware Firmware

What this means is that Whiskey Lake is a new spin of silicon compared to Kaby Lake Refresh, but is still built on that Kaby Lake microarchitecture. Intel confirmed to us that Whiskey Lake is indeed built on the 14++ process node technology, indicating a respin of silicon.

As a result, both CPU families have the all-important (and most performance degrading) Meltdown vulnerability fixed. What remains unfixed in Whiskey Lake and differentiates it from Cascade Lake CPUs is Spectre variant 2, the Branch Target Injection. This vulnerability has its own performance costs when mitigated in software, and it has taken longer to develop a hardware fix.

What About Amber Lake?

The situation with Amber Lake is a little different. Intel confirmed to us that Amber Lake is still Kaby Lake – including being built on the 14+ process node – making it identical to Kaby Lake Refresh as far as the CPU die is concerned. In essence, these parts are binned to go within the 5W TDP at base frequency. But as a result, Amber Lake shares the same situation as Kaby Lake Refresh: all side channel attacks and mitigations are done in firmware and operating system fixes. Nothing in Amber Lake is protected against in hardware.

Performance

The big performance marker is tackling Spectre Variant 2. When fixed in software, Intel expects a 3-10% drop in performance depending on the workload – when fixed in hardware, Intel says that performance drop is a lot less, but expects new platforms (like Cascade Lake) to offer better overall performance anyway. Neither Whiskey Lake nor Amber Lake have mitigations for v2, but Whiskey Lake is certainly well on its way with fixes to some of the more dangerous attacks, such as v3 and L1TF. Whiskey Lake is also offering new performance bins as the platform is also on 14++, which will help with performance and power.

Intel’s Disclosure in the Future

Speaking with Intel, it is clear (and they recognise) that they appreciate the level of interest in the scope of these fixes. We’re pushing hard to make sure that with all future launches, detailed tables about the process of fixes will occur. Progress on these issues, if anything, is a good thing.

Related Reading

Title image from PC Watch

Comments Locked

107 Comments

View All Comments

  • chrcoluk - Wednesday, September 26, 2018 - link

    its not dumb.

    I think disclosing potential vulnerabilities to the public when the following are all trus is just irresponsible.

    1 - No immediate means of patching
    2 - No Known use of the exploit
    3 - Implications of disclosure are high.

    All of these are true for these exploits, it should never have been publicly disclosed in the first place.

    It definitely would not surprise me if we had dozens of exploits discovered on cpus and gpus before end of 2020 and as a result our hardware runs significantly slower for exploits that will never be used in the wild. Its insanity.

    aebiv here is something for you to think about

    First of all there is never a guarantee bugs get found, next even if they do how do you know these bugs were not found before but simply not disclosed? even by bad guys.

    Third how do you expect these cpu bugs to be so dangerous to the average joe bloggs, why is no malware using meltdown e.g. when it was disclosed 9 months ago, after all 10s of millions of devices are vulnerable yet no nasty guy has took advantage of it, the answer is they cannot do it because its too complicated to pull off. These are potential security bugs and I would not go above the word potential, they not practical for live attacks.
  • FunBunny2 - Thursday, August 30, 2018 - link

    "at the time these cpu's were designed the designers had no clue there would be aholes out there trying to pick apart their designs to use them for no good such as screwing peoples systems over."

    yeah, the dumbest. processor design is a maths exercise, limited only by what transistors can do. and they can do anything, modulo speed of execution. since cpu design depends, deeply, on CAD widgets made by others. I wager it's been 4 decades since any cpu was drawn at the transistor level and taped out. it's all black boxes, running on black magic. provably correct circuits? only to the extent the testbed knows where the holes could be.
  • eva02langley - Thursday, August 30, 2018 - link

    "at the time these cpu's were designed the designers had no clue there would be aholes out there trying to pick apart their designs to use them for no good such as screwing peoples systems over."

    Intel knew what they were doing a long time ago. Their number one concern was to maintain a near monopolistic market and this is one of the strategy they employed.

    By making people believe their CPUs were faster and as safe as the competition, they manipulated market like they did with Mother of all program (MOAP). In fact, their CPUs were faster at the cost of security... AMD drop the ball with bulldozer, no question, but they were more secure.
  • HStewart - Thursday, August 30, 2018 - link

    "AMD drop the ball with bulldozer, no question, but they were more secure."

    AMD also has problem with Spectre.

    These are not bugs - it design functionality that was made not only in Intel CPUs but also in AMD and ARM cpus. the following statement about it

    "Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors."

    https://meltdownattack.com/
  • bji - Thursday, August 30, 2018 - link

    Spectre is also the almost-impossible-to-exploit version of these bugs. Meltdown, the Intel-only one, is the one that could be exploited reasonably easily.
  • Manch - Friday, August 31, 2018 - link

    AMD processors aren’t affected by the Meltdown bug at all.

    Spectre patches are optional for AMD bc they're almost near zero chance. It would require an infected firmware upgrade to do anything. The rest are patch via OS already and have zero impact on performance.

    No, its a bug. Stop being delusional.

    Am I happy about the perf hit? nope. Am I going to toss my 4970K? LOL, nooooo. Is Intel the more vulnerable bc they cut corners on security for performance? Yes.
  • chrcoluk - Wednesday, September 26, 2018 - link

    The severity of a exploit is determined by the ease it can be carried out not by the amount of potential targets. More potential targets means more possible damage but if its difficult to carry out, then its ot a severe exploit. These cpu exploits all of them require local access to the machine already, meaning that requirement alone makes it non trivial. But even if one already has local access they difficult to pull off, in short you never going to see "ANY" of these in malware bots, its the sort of exploit a dedicated state sponsored attacker would use on individual targets.
  • joenathan - Thursday, August 30, 2018 - link

    I 100% don't agree with you, I for one was wondering why this information was missing. I think any CPU Intel releases should have this information. I own an i7-8700K and debated heavily between choosing it or Threadripper, at the time the simple fact was the 8700k benchmarked better.

    Now with the performance hits from the mitigations and patches the reason for me investing in the z370 platform start falling apart.

    Additionally I build systems for other people too, knowing the best CPU to recommend to people is huge for me and Anandtech's stance on this is a breath of fresh air, it means I will be able to make informed choices.
  • Cooe - Thursday, August 30, 2018 - link

    "I own an i7-8700K and debated heavily between choosing it or Threadripper, at the time the simple fact was the 8700k benchmarked better."

    Uhh no.... No it does not. (At least if "benchmarks" means ANYTHING not 1080p gaming or pure single-core synthetics).
  • eva02langley - Thursday, August 30, 2018 - link

    I don't recommend a single Intel CPU altogether. There is no reasons to buy one today. The differences in performances are too marginal to really make a significant impact in anything.

    The 2700x is a great cpu, the 2400G is the best APU on the market and the 2950x is an incredible chip to. It is hard to recommend Intel with Spectre and Meltdown.

Log in

Don't have an account? Sign up now