Spectre and Meltdown in Hardware: Intel Clarifies Whiskey Lake and Amber Lake
by Ian Cutress on August 30, 2018 7:00 AM EST- Posted in
- CPUs
- Intel
- Spectre
- Meltdown
- Whiskey Lake
- Amber Lake
With the launch of Intel’s latest 8th Generation Core mobile processors, the 15W Whiskey Lake U-series and the 5W Amber Lake Y-series, questions were left on the table as to the state of the Spectre and Meltdown mitigations. Intel had, previously in the year, promised that there would be hardware fixes for some of these issues in consumer hardware by the end of the year. Nothing was mentioned in our WHL/AML briefing, so we caught up with Intel to find out the situation.
There Are Some Hardware Mitigations in Whiskey Lake
The takeaway message from our discussions with Intel is that there are some hardware mitigations in the new Whiskey Lake processors. In fact, there are almost as many as the upcoming Cascade Lake enterprise parts. Intel told us that while the goal was to be transparent in general with how these mitigations were being fixed - we think Intel misread the level of interest in the specifics in advance of the Whiskey Lake launch, especially when the situation is not a simple yes/no.
For the mitigations, here is the current status:
| Spectre and Meltdown on Intel | |||||
| AnandTech | Cascade Lake |
Whiskey Lake |
Amber Lake |
||
| Spectre | Variant 1 | Bounds Check Bypass | OS/VMM | OS/VMM | OS/VMM |
| Spectre | Variant 2 | Branch Target Injection | Hardware + OS | Firmware + OS | Firmware + OS |
| Meltdown | Variant 3 | Rogue Data Cache Load | Hardware | Hardware | Firmware |
| Meltdown | Variant 3a | Rogue System Register Read | Firmware | Firmware | Firmware |
| Variant 4 | Speculative Store Bypass | Firmware + OS | Firmware + OS | Firmware + OS | |
| Variant 5 | L1 Terminal Fault | Hardware | Hardware | Firmware | |
What this means is that Whiskey Lake is a new spin of silicon compared to Kaby Lake Refresh, but is still built on that Kaby Lake microarchitecture. Intel confirmed to us that Whiskey Lake is indeed built on the 14++ process node technology, indicating a respin of silicon.
As a result, both CPU families have the all-important (and most performance degrading) Meltdown vulnerability fixed. What remains unfixed in Whiskey Lake and differentiates it from Cascade Lake CPUs is Spectre variant 2, the Branch Target Injection. This vulnerability has its own performance costs when mitigated in software, and it has taken longer to develop a hardware fix.
What About Amber Lake?
The situation with Amber Lake is a little different. Intel confirmed to us that Amber Lake is still Kaby Lake – including being built on the 14+ process node – making it identical to Kaby Lake Refresh as far as the CPU die is concerned. In essence, these parts are binned to go within the 5W TDP at base frequency. But as a result, Amber Lake shares the same situation as Kaby Lake Refresh: all side channel attacks and mitigations are done in firmware and operating system fixes. Nothing in Amber Lake is protected against in hardware.
Performance
The big performance marker is tackling Spectre Variant 2. When fixed in software, Intel expects a 3-10% drop in performance depending on the workload – when fixed in hardware, Intel says that performance drop is a lot less, but expects new platforms (like Cascade Lake) to offer better overall performance anyway. Neither Whiskey Lake nor Amber Lake have mitigations for v2, but Whiskey Lake is certainly well on its way with fixes to some of the more dangerous attacks, such as v3 and L1TF. Whiskey Lake is also offering new performance bins as the platform is also on 14++, which will help with performance and power.
Intel’s Disclosure in the Future
Speaking with Intel, it is clear (and they recognise) that they appreciate the level of interest in the scope of these fixes. We’re pushing hard to make sure that with all future launches, detailed tables about the process of fixes will occur. Progress on these issues, if anything, is a good thing.
Related Reading
- Intel Launches Whiskey Lake-U and Amber Lake-Y
- Intel Discuss Whiskey Lake-U, Amber Lake-Y, and ‘Cascade Lake-X’
- Intel at Hot Chips 2018: Showing the Ankle of Cascade Lake
- Intel Wraps Up Spectre Patching, Partially Cancels Plans For 1st Gen Core & Core 2 Processors
Title image from PC Watch
Facebook
Twitter
RSS
107 Comments
View All Comments
duploxxx - Thursday, August 30, 2018 - link
and where is the press providing info that Intel has supply issues till the end of the year of most of there skylake cpu?https://h41360.www4.hpe.com/partner-news/cat-enter...
Chad - Thursday, August 30, 2018 - link
Thank you, Ian!ajp_anton - Thursday, August 30, 2018 - link
"Amber Lake is still Kaby Lake, but built on the 14+ process node, identical to Kaby Lake Refresh"Uh, isn't 14+ also Kaby Lake? And why do you keep referring these as using the Kaby Lake architecture, when it's all still Sky Lake? Or at least the CPU part is, the GPU got a minor media upgrade in KBL, but the CPU is what's being talked about here.
Ryan Smith - Thursday, August 30, 2018 - link
Note that Kaby Lake has a different iGPU than Skylake. So if we're talking about just the CPU core, then Skylake is an apt comparison. If we're talking about the complete chip design, then Kaby Lake is more accurate.FunBunny2 - Friday, August 31, 2018 - link
"So if we're talking about just the CPU core"it seems, what with CAD and VHDL/Verilog libraries, and just the maths of doing so, that most of what's in a cpu core ought not to have been 're-designed'. modulo wider and smaller node. yes? IOW, has anyone, for example, created a 'new' ALU circuit since 19XX?
V900 - Thursday, August 30, 2018 - link
It’s frankly incredible, and somewhat disturbing, that Intel is THAT out of touch with the market.Anytime there’s news about Intel CPUs, within the first dozen comments, people start asking about Spectre fixes. It’s been like that for awhile.
How Intel could have missed this, is.... Weird, to say the least.
Did Intel take a lesson from 13th century monasteries, and keep its PR and engineering staff secluded from the rest of the world or something?
Dr.X - Monday, September 3, 2018 - link
@V900 Please understand (<-Sorry for that hated phrase) that the cause of Spectre & Meltdown was a strategic performance feature up to 2016, namely Speculative Execution (spec.ex), which by my memory was first introduced in the Pentium Pro in the late 1990's. There were no Virtual Machines at that time, to expose the now understood vulnerabilities of spec.ex. Today VMs are everywhere and all are vulnerable. Cisco has even switched to AMD based UCS servers to satisfy customer demand for non-Intel platforms.JoeyJoJo123 - Thursday, August 30, 2018 - link
Hoping that there's purely hardware fixes for the Intel 9000 series and I may consider upgrading to that or Ryzen 2 or 3 from my current 4690k, depending on overall value/features.Good to hear there's real hardware fixes on the horizon, even if the implementation isn't entirely in hardware.
wow&wow - Thursday, August 30, 2018 - link
So the mitigation for "Foreshadow" still only reduce the risk but can't eliminate it!All the system companies and retail stores selling the products with the Intel faulty chips inside but without the warning sticker "This product has known security risks with Intel CPU inside." on the products should be sued for not disclosing to consumers!
Oxford Guy - Monday, September 3, 2018 - link
Haven't you heard? Only elites are entitled to own IP. The rest of us are supposed to surrender everything about ourselves to the almighty cloud.