With the launch of Intel’s latest 8th Generation Core mobile processors, the 15W Whiskey Lake U-series and the 5W Amber Lake Y-series, questions were left on the table as to the state of the Spectre and Meltdown mitigations. Intel had, previously in the year, promised that there would be hardware fixes for some of these issues in consumer hardware by the end of the year. Nothing was mentioned in our WHL/AML briefing, so we caught up with Intel to find out the situation.

There Are Some Hardware Mitigations in Whiskey Lake

The takeaway message from our discussions with Intel is that there are some hardware mitigations in the new Whiskey Lake processors. In fact, there are almost as many as the upcoming Cascade Lake enterprise parts. Intel told us that while the goal was to be transparent in general with how these mitigations were being fixed - we think Intel misread the level of interest in the specifics in advance of the Whiskey Lake launch, especially when the situation is not a simple yes/no.

For the mitigations, here is the current status:

Spectre and Meltdown on Intel
AnandTech Cascade
Lake
Whiskey
Lake
Amber
Lake
Spectre Variant 1 Bounds Check Bypass OS/VMM OS/VMM OS/VMM
Spectre Variant 2 Branch Target Injection Hardware + OS Firmware + OS Firmware + OS
Meltdown Variant 3 Rogue Data Cache Load Hardware Hardware Firmware
Meltdown Variant 3a Rogue System Register Read Firmware Firmware Firmware
  Variant 4 Speculative Store Bypass Firmware + OS Firmware + OS Firmware + OS
  Variant 5 L1 Terminal Fault Hardware Hardware Firmware

What this means is that Whiskey Lake is a new spin of silicon compared to Kaby Lake Refresh, but is still built on that Kaby Lake microarchitecture. Intel confirmed to us that Whiskey Lake is indeed built on the 14++ process node technology, indicating a respin of silicon.

As a result, both CPU families have the all-important (and most performance degrading) Meltdown vulnerability fixed. What remains unfixed in Whiskey Lake and differentiates it from Cascade Lake CPUs is Spectre variant 2, the Branch Target Injection. This vulnerability has its own performance costs when mitigated in software, and it has taken longer to develop a hardware fix.

What About Amber Lake?

The situation with Amber Lake is a little different. Intel confirmed to us that Amber Lake is still Kaby Lake – including being built on the 14+ process node – making it identical to Kaby Lake Refresh as far as the CPU die is concerned. In essence, these parts are binned to go within the 5W TDP at base frequency. But as a result, Amber Lake shares the same situation as Kaby Lake Refresh: all side channel attacks and mitigations are done in firmware and operating system fixes. Nothing in Amber Lake is protected against in hardware.

Performance

The big performance marker is tackling Spectre Variant 2. When fixed in software, Intel expects a 3-10% drop in performance depending on the workload – when fixed in hardware, Intel says that performance drop is a lot less, but expects new platforms (like Cascade Lake) to offer better overall performance anyway. Neither Whiskey Lake nor Amber Lake have mitigations for v2, but Whiskey Lake is certainly well on its way with fixes to some of the more dangerous attacks, such as v3 and L1TF. Whiskey Lake is also offering new performance bins as the platform is also on 14++, which will help with performance and power.

Intel’s Disclosure in the Future

Speaking with Intel, it is clear (and they recognise) that they appreciate the level of interest in the scope of these fixes. We’re pushing hard to make sure that with all future launches, detailed tables about the process of fixes will occur. Progress on these issues, if anything, is a good thing.

Related Reading

Title image from PC Watch

POST A COMMENT

107 Comments

View All Comments

  • PEJUman - Thursday, August 30, 2018 - link

    I am definetely no longer interested at Intel processors. Especially after these security incidents and how they handle the microcode rollouts afterwards.

    I am still using PCs (Xeons to celerons, and everything in between) but are closer than ever to switch to MACs. If apple ditched intel for their own, I would be seriously tempted.
    Reply
  • Cooe - Thursday, August 30, 2018 - link

    You know that AMD exists, right??? Reply
  • PEJUman - Thursday, August 30, 2018 - link

    I do, I am considering them to replace the Xeons, problem is their threadripper implementations seems bandwidth/latency compromized, while EPYC is hard to get for sub 10k workstations. Which locks my <22 cores VM backend into these single/dual xeons with quads DDR4 on a ring bus, at least for now...

    Mobiles been processing power indifferent for quite some time... mostly battery life sensitive. Intel’s hold on this market is still a challenge for AMD. Not from CPU standpoint, but vendor’s integration quality.

    That’s leaves them with just 1 space, at least for my personal usage scenarios. A very price sensitive enthusiast desktop space.
    Reply
  • HStewart - Thursday, August 30, 2018 - link


    "I am definetely no longer interested at Intel processors. Especially after these security incidents and how they handle the microcode rollouts afterwards."

    You do realize that Intel is not only one with Spectre and possibly Meltdown. I would not call them incidents - since as far as I know no official Incident has been notice. Also these fix in these latest processors are not just micro-code.

    "Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors."

    https://meltdownattack.com/

    "I am still using PCs (Xeons to celerons, and everything in between) but are closer than ever to switch to MACs. If apple ditched intel for their own, I would be seriously tempted."

    The problem with Apple and there processors - it is almost 100% sure for iPhone X to get the speed they are getting they have they have predicted branch - but they are such closed architecture that one has no idea.
    Reply
  • PEJUman - Thursday, August 30, 2018 - link

    I do realize the extent of these exploits have on speculative operations. My problem with Intel lies on their response to these issues, not the performance impact thereof.

    "The problem with Apple and there processors - it is almost 100% sure for iPhone X to get the speed they are getting they have they have predicted branch - but they are such closed architecture that one has no idea."
    Agreed, which is my point exactly. This is the first time I seriously doubt Intel commitments into their product. Prior to these exploits, I trust Intel's competencies and code of ethics more than Apple's. But Intel recent singular focus on profitability prompted me to rethink my position on Apple's walled garden approach...

    I spent so much time on their botched microcode 'patch' that I am liquidating the older 'Core' systems, and consolidating them to VM's to reduce the exposure of unpatched systems. I am guessing a lot of other IT pro's are at least considering this scenario. which means less CPU sales for Intel, or at least I hope so. Since that seems to be the only language they understand.
    Reply
  • FunBunny2 - Thursday, August 30, 2018 - link

    "I think you (the press) created the interest for these fixes, to have something to write/talk about."

    sounds like a Fake News indictment?? No Collusion!!
    Reply
  • eva02langley - Thursday, August 30, 2018 - link

    This is of utmost importance. Intel deliberatly neglected security over performances and now we have this fiasco. Let me reminder you that many of the Intel CPU will never be patched because the motherboard manufacturer are not supporting older platform anymore.

    I would not buy a single Intel chip until they finally deal with it.
    Reply
  • Phynaz - Thursday, August 30, 2018 - link

    I take it that you will never be buying an AMD, IBM or ARM CPU either? Reply
  • bji - Thursday, August 30, 2018 - link

    False equivalency. Reply
  • V900 - Thursday, August 30, 2018 - link

    Absolutely not a case of “false equivalence”

    (Which, BTW: Is a non-argument usually used by the kind of people who like to parrot opinions, instead of doing the kind of rigorous thinking that lead one to form his own conclusions.)

    The worst of the Spectre/Meltdown security flaws isn’t limited to Intel, but affects any modern CPU, including AMD, etc.
    Reply

Log in

Don't have an account? Sign up now