Intel's Whiskey Lake Brings In-Silicon Meltdown And Foreshadow Fixes

Tanyac

Reputable
Aug 30, 2014
745
8
5,415
153
The new mitigations, which are baked directly into the silicon, should reduce or even eliminate the performance impact.

Assuming they fix the flaws properly and don't just band aid them, which I suspect is exactly what Intel will do - it's cheaper and faster than a proper fix.

I'm using X299 and Z370 chipsets and I can say for sure my performance hit in the applications I tested is more than 10%. After paying almost $2000 for a delidded 7900x (AUD), I'm not impressed!
 

Co BIY

Reputable
Jun 18, 2015
267
11
4,815
6
More security always costs something. Performance, convenience, money, time, beauty.

I'm sure that they are also worried about fixing known issues and inadvertently creating others.

People die in car crashes (most often caused by malevolent actors breaking laws), the builder installs seat belts (and provides it free to the customer), the customer complains that it now takes longer to get in the car and it put a wrinkle in their dress.

Have any attacks using the Spectre / Meltdown weaknesses ever occurred in the real world ?
 

DavidC1

Distinguished
May 18, 2006
391
6
18,785
0


They are at this weird phase where its damned if you do, damned if you don't.

Errata and potential exploit exist. I mean computer code and hardware is incredibly complex. Do the security researchers wait and fix when the exploits cause real life impact, or do they proactively go about finding and fixing them? They often offer bounties so people can purposely look for exploits and bugs. However, if such bugs normally would have never been exploited, are they not doing more damage by doing so?

There's a saying in programming fixing one bug will create 99 different ones. That may be a bit extreme, and obviously said as a joke. But maybe not so far from reality.
 

PaulAlcorn

Senior Editor
Editor
Feb 24, 2015
729
88
11,060
0


Not that they know of, at least until the security researches released the code that made it so simple a script kiddie could pull off an attack.

It's such a strange situation, in ways. The security researchers almost look like the bad guys because they go about unearthing stuff that may have never been discovered and used. But then they share the code as a means to force vendors to patch stuff.

But, who can say these attacks weren't used in the past. What if a state actor, like China, had used this attack for a decade and no one knew? The crux of the issue is that the attacks are virtually undetectable, so we can't say they haven't been used. Or, perhaps they were being used, were discovered, and then some three-letter agency tipped off the security researchers so as not to expose a threat to national security. Stranger things have happened, for sure.
 

silverblue

Distinguished
Jul 22, 2009
1,199
4
19,285
0
(second time of having to post these, I should've known the login process eats most things that I type)

AnandTech says that neither Spectre nor Meltdown have been fixed in hardware in either Whiskey Lake nor Amber Lake, as per this paragraph at https://www.anandtech.com/show/13275/intel-launches-whiskey-lake-amber-lake

"During Intel’s briefing, a lot of noise was made about some of the features: 2x overall performance, 12x better WiFi, 10.5x transcoding. These seem like impressive numbers, until you realise that Intel is comparing the new parts to five year old machines (e.g. Haswell-U), and none of these performance figures factor in the Spectre and Meltdown updates (the new chips are not protected in hardware, for those wondering). Does anyone remember two years ago when Intel was comparing its latest platform against three year old machines?"

I've posted something similar in their comments section, hopefully somebody can clarify this point.
 

PaulAlcorn

Senior Editor
Editor
Feb 24, 2015
729
88
11,060
0


As stated in this article, Intel did not share this information at launch. However, Intel confirmed this to us directly, today. This is new information.

I'm sure Ian will update his article as time permits.
 

DGurney

Prominent
Feb 21, 2017
30
0
530
0
So... how does your OS know you have a mitigated CPU, in order to resume normal operation and stop imposing the performance-robbing software mitigation?
 

stdragon

Commendable
Apr 5, 2018
1,551
4
1,660
196


It can probe the CPU to validate. The OS will take a backseat and abstain from implementing mitigation if it detects the CPU isn't vulnerable.

CPU microcode is distributed one of two ways. Either rolled into a BIOS update, or pushed up as a Windows Update. In fact, this month MS just released Intel provided Microcode in this months update KB4100347. You can can review the full list below. To obtain them, you just have to install Windows Updates as normal. No special action needs to be taken by you. And depending how old your system is, the microcode loaded by the OS could very well be newer than the version provided in BIOS, so the newest will supersede it

https://support.microsoft.com/en-us/help/4100347/intel-microcode-updates-for-windows-10-version-1803-and-windows-server
 

ASK THE COMMUNITY