Intel’s New Core and Xeon W-3175X Processors: Spectre and Meltdown Security Updateby Anton Shilov on October 8, 2018 9:20 PM EST
Spectre and Meltdown vulnerabilities made quite a splash earlier this year forcing makers of hardware and software to release updates in order to tackle them. There are several ways to fix the issues, including software, firmware, and hardware updates. Each generation of product is slowly implementing fixes, including some of the chips that Intel announced today.
At its Fall Desktop PC event earlier today, Intel, among other things, disclosed details concerning mitigations for Spectre and Meltdown vulnerabilities. Unlike Cascade Lake processors for servers and Whiskey Lake processors for notebooks, the new Intel Xeon W-3175X relies on software and firmware fixes for Spectre and Meltdown. By contrast, just like Cascade Lake and Whiskey Lake, the 9th Gen Core i7/i9 processors feature a number of hardware mitigations. Take a look at the state of things today in the table below.
|Spectre and Meltdown on Intel|
|Spectre||Variant 1||Bounds Check Bypass||OS/VMM||OS/VMM||OS/VMM||OS/VMM||OS/VMM|
|Spectre||Variant 2||Branch Target Injection||Firmware + OS||Firmware + OS||Hardware + OS||Firmware + OS||Firmware + OS|
|Meltdown||Variant 3||Rogue Data Cache Load||Firmware||Hardware||Hardware||Hardware||Firmware|
|Meltdown||Variant 3a||Rogue System Register Read||Firmware||Firmware||Firmware||Firmware||Firmware|
|Variant 4||Speculative Store Bypass||Firmware + OS||Firmware + OS||Firmware + OS||Firmware + OS||Firmware + OS|
|Variant 5||L1 Terminal Fault||Firmware||Hardware||Hardware||Hardware||Firmware|
As it currently stands, because the new Coffee Lake Refresh processors, the i9-9900K, the i7-9700K, and the i5-9600K, are built from new silicon designs, Intel was able to implement hardware fixes for variant 3 (rogue data cache load) and L1 terminal fault. These fixes are not in the Core-X Skylake-X Refresh processors as these are still the same silicon but with different binning and cache arrangements.
- Intel Publishes Spectre & Meltdown Hardware Plans: Fixed Gear Later This Year
- Spectre and Meltdown in Hardware: Intel Clarifies Whiskey Lake and Amber Lake
- Intel at Hot Chips 2018: Showing the Ankle of Cascade Lake
- An Interview with Lisa Spelman, VP of Intel’s DCG: Discussing Cooper Lake and Smeltdown
- Intel CEO Addresses the Industry on Meltdown and Spectre Issues in Open Letter
Post Your CommentPlease log in or sign up to comment.
View All Comments
schizoide - Tuesday, October 9, 2018 - linkWhat I would fine most useful once the embargo is up, would be to compare the performance impact of the various Spectre and Meltdown mitigations in hardware versus software on CL-Refresh versus Coffee Lake. The software and firmware mitigations can all be disabled to do this.
The performance impact is what I really care about. The impact of everything together mitigated in software/firmware is ~15-20%. If Intel strategically targeted the most impactful ones and dropped the perf impact to (say) 8%, that would be a really different conclusion than what I came up with looking at that list and guessing.
29a - Tuesday, October 9, 2018 - linkI would also like to see this.
WinterCharm - Tuesday, October 9, 2018 - linkI'm really interested in this as well.
B3an - Tuesday, October 9, 2018 - linkAlso want to see this.
ballsystemlord - Thursday, October 11, 2018 - linkMee tooo(TM). I would also like to see the HW, vs. SW/FW, vs. unfixed, Spectre/Meltdown performance impact comparisons.
HStewart - Sunday, October 14, 2018 - linkWhat I would like to see a switch to enable / disable the updates if and only if it slows performance down. I have yet seem a real case that Spectre/ Meltdown stuff lead to any real security holes. And does it actually effect clients or is it only servers. When I mean enable/disable I mean a switch in bios and actually prefer it control by the OS. In normal applications it may be possible not necessary - possible in drivers.
ry3dfx - Tuesday, October 9, 2018 - linkWhat is a i9-9500K, did you mean i5-9600K and if not, does that have the hardware fix for meltdown variant 3. Additionally what does CFL-R mean? Coffee Lake Refresh? if so what is the F for? same question about SKX-R.
Ryan Smith - Tuesday, October 9, 2018 - linkYes on the i5-9600K.
Yes on CFL-R being Coffee Lake Refresh.
SKX-R: Skylake-X Refresh
I'm not sure where you're seeing an F though?
boeush - Tuesday, October 9, 2018 - linkHe means CFL-R should really be CL-R; ditto SKX-R -> SLX-R. That is, if one follows the more standard/typical rules for acronym formation...
CoreLogicCom - Wednesday, October 10, 2018 - linkYes but with CL you are going to run into conflict with the upcoming Cannon Lake CPU’s and their eventual refreshes. Though some refer to Cannon Lake as CNL already. It’s getting weird for sure.