With the launch of Intel’s latest 8th Generation Core mobile processors, the 15W Whiskey Lake U-series and the 5W Amber Lake Y-series, questions were left on the table as to the state of the Spectre and Meltdown mitigations. Intel had, previously in the year, promised that there would be hardware fixes for some of these issues in consumer hardware by the end of the year. Nothing was mentioned in our WHL/AML briefing, so we caught up with Intel to find out the situation.

There Are Some Hardware Mitigations in Whiskey Lake

The takeaway message from our discussions with Intel is that there are some hardware mitigations in the new Whiskey Lake processors. In fact, there are almost as many as the upcoming Cascade Lake enterprise parts. Intel told us that while the goal was to be transparent in general with how these mitigations were being fixed - we think Intel misread the level of interest in the specifics in advance of the Whiskey Lake launch, especially when the situation is not a simple yes/no.

For the mitigations, here is the current status:

Spectre and Meltdown on Intel
AnandTech Cascade
Lake
Whiskey
Lake
Amber
Lake
Spectre Variant 1 Bounds Check Bypass OS/VMM OS/VMM OS/VMM
Spectre Variant 2 Branch Target Injection Hardware + OS Firmware + OS Firmware + OS
Meltdown Variant 3 Rogue Data Cache Load Hardware Hardware Firmware
Meltdown Variant 3a Rogue System Register Read Firmware Firmware Firmware
  Variant 4 Speculative Store Bypass Firmware + OS Firmware + OS Firmware + OS
  Variant 5 L1 Terminal Fault Hardware Hardware Firmware

What this means is that Whiskey Lake is a new spin of silicon compared to Kaby Lake Refresh, but is still built on that Kaby Lake microarchitecture. Intel confirmed to us that Whiskey Lake is indeed built on the 14++ process node technology, indicating a respin of silicon.

As a result, both CPU families have the all-important (and most performance degrading) Meltdown vulnerability fixed. What remains unfixed in Whiskey Lake and differentiates it from Cascade Lake CPUs is Spectre variant 2, the Branch Target Injection. This vulnerability has its own performance costs when mitigated in software, and it has taken longer to develop a hardware fix.

What About Amber Lake?

The situation with Amber Lake is a little different. Intel confirmed to us that Amber Lake is still Kaby Lake – including being built on the 14+ process node – making it identical to Kaby Lake Refresh as far as the CPU die is concerned. In essence, these parts are binned to go within the 5W TDP at base frequency. But as a result, Amber Lake shares the same situation as Kaby Lake Refresh: all side channel attacks and mitigations are done in firmware and operating system fixes. Nothing in Amber Lake is protected against in hardware.

Performance

The big performance marker is tackling Spectre Variant 2. When fixed in software, Intel expects a 3-10% drop in performance depending on the workload – when fixed in hardware, Intel says that performance drop is a lot less, but expects new platforms (like Cascade Lake) to offer better overall performance anyway. Neither Whiskey Lake nor Amber Lake have mitigations for v2, but Whiskey Lake is certainly well on its way with fixes to some of the more dangerous attacks, such as v3 and L1TF. Whiskey Lake is also offering new performance bins as the platform is also on 14++, which will help with performance and power.

Intel’s Disclosure in the Future

Speaking with Intel, it is clear (and they recognise) that they appreciate the level of interest in the scope of these fixes. We’re pushing hard to make sure that with all future launches, detailed tables about the process of fixes will occur. Progress on these issues, if anything, is a good thing.

Related Reading

Title image from PC Watch

POST A COMMENT

107 Comments

View All Comments

  • duploxxx - Thursday, August 30, 2018 - link

    and where is the press providing info that Intel has supply issues till the end of the year of most of there skylake cpu?

    https://h41360.www4.hpe.com/partner-news/cat-enter...
    Reply
  • Chad - Thursday, August 30, 2018 - link

    Thank you, Ian! Reply
  • ajp_anton - Thursday, August 30, 2018 - link

    "Amber Lake is still Kaby Lake, but built on the 14+ process node, identical to Kaby Lake Refresh"

    Uh, isn't 14+ also Kaby Lake? And why do you keep referring these as using the Kaby Lake architecture, when it's all still Sky Lake? Or at least the CPU part is, the GPU got a minor media upgrade in KBL, but the CPU is what's being talked about here.
    Reply
  • Ryan Smith - Thursday, August 30, 2018 - link

    Note that Kaby Lake has a different iGPU than Skylake. So if we're talking about just the CPU core, then Skylake is an apt comparison. If we're talking about the complete chip design, then Kaby Lake is more accurate. Reply
  • FunBunny2 - Friday, August 31, 2018 - link

    "So if we're talking about just the CPU core"

    it seems, what with CAD and VHDL/Verilog libraries, and just the maths of doing so, that most of what's in a cpu core ought not to have been 're-designed'. modulo wider and smaller node. yes? IOW, has anyone, for example, created a 'new' ALU circuit since 19XX?
    Reply
  • V900 - Thursday, August 30, 2018 - link

    It’s frankly incredible, and somewhat disturbing, that Intel is THAT out of touch with the market.

    Anytime there’s news about Intel CPUs, within the first dozen comments, people start asking about Spectre fixes. It’s been like that for awhile.

    How Intel could have missed this, is.... Weird, to say the least.

    Did Intel take a lesson from 13th century monasteries, and keep its PR and engineering staff secluded from the rest of the world or something?
    Reply
  • Dr.X - Monday, September 3, 2018 - link

    @V900 Please understand (<-Sorry for that hated phrase) that the cause of Spectre & Meltdown was a strategic performance feature up to 2016, namely Speculative Execution (spec.ex), which by my memory was first introduced in the Pentium Pro in the late 1990's. There were no Virtual Machines at that time, to expose the now understood vulnerabilities of spec.ex. Today VMs are everywhere and all are vulnerable. Cisco has even switched to AMD based UCS servers to satisfy customer demand for non-Intel platforms. Reply
  • JoeyJoJo123 - Thursday, August 30, 2018 - link

    Hoping that there's purely hardware fixes for the Intel 9000 series and I may consider upgrading to that or Ryzen 2 or 3 from my current 4690k, depending on overall value/features.

    Good to hear there's real hardware fixes on the horizon, even if the implementation isn't entirely in hardware.
    Reply
  • wow&wow - Thursday, August 30, 2018 - link

    So the mitigation for "Foreshadow" still only reduce the risk but can't eliminate it!

    All the system companies and retail stores selling the products with the Intel faulty chips inside but without the warning sticker "This product has known security risks with Intel CPU inside." on the products should be sued for not disclosing to consumers!
    Reply
  • Oxford Guy - Monday, September 3, 2018 - link

    Haven't you heard? Only elites are entitled to own IP. The rest of us are supposed to surrender everything about ourselves to the almighty cloud. Reply

Log in

Don't have an account? Sign up now