Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Intel AMD Hardware Technology

Intel Launches 16 and 18-Core Core i9 Desktop Chips To Take On AMD Threadripper (hothardware.com) 119

MojoKid writes: Intel has officially launched its Skylake-X processor offering in response to AMD's Ryzen Threadripper series of desktop CPUs. The new Core i9-7980XE and Core i9-7960X are 18 and 16-core configurations respectively, with 2.6GHz and 2.8GHz base clocks and 4.4GHz max boost clocks. Both chips support Intel HyperThreading, with 36 threads of processing for the 7980XE and 32 for the 7960X, while both also have 44 lanes of PCI Express connectivity and support for DDR4-2666MHz memory. Both chips also utilize Intel's X299 chipset platform and are LGA 2066 socket compatible. The Core i9-7980XE has 24.75MB of shared L3 cache, 1MB of L2 cache per core, and a TDP of 165W. The Core i9-7960X's details are essentially same, though two processor cores and the cache associated with them have been lopped off. The Core i9-7960X has a couple of advantages, however, in that its base clock is 200MHz higher than the flagship Core i9-7980XE and it has higher all-core frequency boost to 3.6GHz, while the 7908XE tops out at 3.4GHz on all cores. The new chips are multi-threaded beasts in the benchmarks, posting the highest scores seen to date in heavily threaded workloads. They also offer strong single-threaded performance that outpaces AMD's Ryzen processors. Power consumption is surprisingly good as well and only marginally higher than the 10-core Core i9-7900X. However, at $1999 for the Core i9-7980XE and $1699 for the Core i9-7960X, as usual with Intel high-end chips, they're certainly not cheap.
This discussion has been archived. No new comments can be posted.

Intel Launches 16 and 18-Core Core i9 Desktop Chips To Take On AMD Threadripper

Comments Filter:
  • Too little too late (Score:5, Interesting)

    by xxxJonBoyxxx ( 565205 ) on Monday September 25, 2017 @07:51PM (#55263191)
    Sorry Intel, the new AMD procs offer great performance for the money. No reason to go Intel for at least a generation.
    • The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

      What we know about Intel CPU backdoors so far:

      TL;DR version

      Your Intel CPU and Chipset is running a backdoor as we speak.

      The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

      30C3 Intel ME live hack:
      @21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
      [Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware [youtube.com]
      [Quotes] Vortrag [events.ccc.de]:
      "DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

      "the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

      "We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

      "To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

      "We can permanently monitor the keyboard buffer on both operating system targets."

      Backdoor removal:
      The backdoor firmware can be removed by following this guide [github.io] using the me_cleaner [github.com] script.
      Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

      Decoding Intel backdoors:
      The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

      If you are skilled in these areas, download Intel ME firmwares from this collection [win-raid.com] and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

      Useful links:
      The Intel ME subsystem can take over your machine, can't be audited [ycombinator.com]
      REcon 2014 - Intel Management Engine Secrets [youtube.com]
      Untrusting the CPU (33c3) [youtube.com]
      Towards (reasonably) trustworthy x86 laptops [youtube.com]
      30C3 To Protect And Infect - The militarization of the Internet [youtube.com]
      30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software [youtube.com]

      1. Introduction, what is Intel ME

      Short version, from Intel staff:

      Re: What Intel CPUs lack Intel ME secondary processor? [intel.com]
      Amy_Intel Feb 8, 2016 9:27 AM

      The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

      Long version:

      ME: Management Engine [libreboot.org]

      The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

      The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

      The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.

      ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ignition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.

      Quotes on Intel backdoors:

      A message from RMS [fsf.org]
      by Richard Stallman on Dec 29, 2016 09:45 AM

      The current generation of Intel and AMD processor chips are designed with vicious back doors that users cannot shut off. (In Intel processors, it's the "management engine".)

      No users should trust those processors.

      2. The backdoor is next to impossible to decode and reverse engineer:

      Due to multiple instruction sets + custom compression algorithm.
      The Trouble With Intel's Management Engine [hackaday.com]

      While most of the firmware for the ME also resides in the Flash chip used by the BIOS, the firmware isn't readily readable; some common functions are in an on-chip ROM and cannot be found by simply dumping the data from the Flash chip.

      This means that if you're trying to figure out the ME, a lot of the code is seemingly missing. Adding to the problem, a lot of the code itself is compressed with either LZMA or Huffman encoding. There are multiple versions of the Intel ME, as well, all using completely different instruction sets: ARC, ARCompact, and SPARC V8. In short, it's a reverse-engineer's worst nightmare.

      To break the Management Engine, though, this code will have to be reverse engineered, and figuring out the custom compression scheme that's used in the firmware remains an unsolved problem.

      But unsolved doesn't mean that people aren't working on it. There are efforts to break the ME's Huffman algorithm. Of course, deciphering the code we have would lead to another road block: there is still the code on the inaccessible on-chip ROM. Nothing short of industrial espionage or decapping the chip and looking at the silicon will allow anyone to read the ROM code. While researchers do have some idea what this code does by inferring the functions, there is no way to read and audit it. So the ME remains a black box for now.

      3. The backdoor is active even when the machine is powered off:

      Intel rolled out something horrible [hackaday.com]

      The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we canÃ(TM)t even look at the code.

      4. Onboard ethernet and WiFi is part of the backdoor:

      The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system

      If your CPU has Intel Anti-Theft Technology enabled, it is also possible to directly access the backdoor from cell towers using 3G.

      5. The backdoor uses encrypted communication:

      https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Using_Intel_AMT [wikipedia.org]

      AMT version 4.0 and higher can establish a secure communication tunnel between a wired PC and an IT console outside the corporate firewall. In this scheme, a management presence server (Intel calls this a "vPro-enabled gateway") authenticates the PC, opens a secure TLS tunnel between the IT console and the PC

      6. Recent backdoors run Java applets

      *3 billion devices run Java* and everyone's motherboard is running it.

      https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#cite_ref-is_31-0 [wikipedia.org]

      Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System.

      7. Possible attack vectors from Intel/CIA/NSA (who holds the certificate):

      Cross-Device Attack Vectors:
      1. Obtain CA Cert trusted by ME > Broadcast DHCP announcement with domain name matching the certificate > Ethernet-Port > CPU backdoor (No exploits required, still works when system is turned off)

      2. Insecure mobile > Broadcast wireless magic packet (CA cert broadcast) > On-Chip-Wifi/On-Chip-Intel-Wireless-Display > CPU backdoor (Only a backdoored mobile is required)

      Other Attack Vectors:
      3. Cell tower broadcast > Intel Anti-theft technology (On-Chip 3G receiver) > CPU backdoor

      4. Zero day browser exploit > Powershell > Intel AMT > CPU backdoor

      8. Backdoor inside a backdoor

      For years Intel acted as if they weren't simply selling spy gears for the US government, but the Vault 7 leak forced them to come out in the open. On May 1st 2017, Intel released a "Critical" security bulletin INTEL-SA-00075 [intel.com], admitting Intel Core CPU from 1st gen to 7th gen (2006-2017) all share the same critical vulnerability:

      CVE Name: CVE-2017-5689
      Impact of vulnerability: Elevation of Privilege
      Severity rating: Critical
      Original release: May 01, 2017

      There is an escalation of privilege vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.

      Intel created a backdoor in the ME web console by using strncmp() to compare password, anyone sending an empty string as password (length 0) can get into the system, with no access log on both Intel ME and the OS:

      The hijacking flaw that lurked in Intel chips is worse than anyone thought [arstechnica.com]

      The bug was in the code to compare the two passwords. It used the strncmp function that compares the first N characters of two strings:
      strncmp(string1, string2, N)

      Sending an empty password, the compare code does this:
      strncmp("6629fae49393a05397450978507c4ef1","",0)

      Which is equivalent to:
      strncmp("","",0)

      And always return true.

      Many vulnerable systems are exposed to the internet:

      The hijacking flaw that lurked in Intel chips is worse than anyone thought [arstechnica.com]

      A query of the Shodan security search engine found over 8,500 systems with the AMT interface exposed to the Internet, with over 2,000 in the United States alone.

    • by AmiMoJo ( 196126 ) on Tuesday September 26, 2017 @07:44AM (#55265601) Homepage Journal

      There are other advantages to AMD parts too. More PCIe lanes, better chipsets especially if you want to do virtualization with IOMMU pass-through, longer expected lifespan of the socket and motherboard, and a less terrible secret backdoor system.

  • Hooray! (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Monday September 25, 2017 @08:01PM (#55263225) Journal
    So, it's a Xeon that can't do ECC. Seems totally worth it.
    • That's what I was wondering about as well. The lack of ECC support seems like a deal breaker for some workloads. The weird thing is that their previous HEDT chips had ECC support, so I'm not sure why they removed it, especially when they have more competition than anytime in recent memory.
      • Re:Hooray! (Score:5, Interesting)

        by fuzzyfuzzyfungus ( 1223518 ) on Monday September 25, 2017 @10:04PM (#55263731) Journal
        I'm not privy to Intel's cryptic market segmentation schemes; but I'd imagine that it is because they now have competition. As long as AMD was basically irrelevant; "High end" could pretty much mean what Intel wanted it to: either the point on the i7 price performance curve where 'price' really starts to overshadow 'performance' or the end of the Xeon range with low core counts somewhat limited cache and total system RAM support; at their preference.

        Now that AMD has some actually interesting parts again; Intel has less freedom to just call things "High end". Because AMD still lags on single threaded performance, they do have an "is a really fast i7 for extra money" option(the i7-7740x, only 4 cores and limited RAM support; but very, very, aggressive clock speed) and the slightly baffling i57640x(pay a nontrivial premium for an LGA2066 motherboard why exactly?); but because AMD is dishing out the core counts, PCIe lanes, and RAM capacities; they also have the i9s; which are painfully expensive by desktop standards; but look like awfully tempting budget Xeons unless something can be done about that.

        ECC makes a pretty good 'something'. Lasering off virtulization support would go quite badly(making them effectively useless to anyone who spins up even the occasional VM, which is a fair number of people who buy $1000+ CPUs; but probably also being a massive bargain for people who don't plan to virtualize their workstation or server workloads, which is still a lot of units). Disabling AMT wouldn't be effective enough: gamer/enthusiast types wouldn't care; but neither would a lot of workstation or server customers(either all your computers are in one place, so fancy remote access tools aren't interesting; or you can just add an AST2400 or something if Intel tries to charge too much). Gimping core counts or PCIe lanes isn't an option because AMD; which pretty much leaves ECC.
        • Except AMD Threadripper offers ECC support as well. In the olden days, Intel was chimping on the consumer and low server end, trying to keep the Xeons from beating the Itaniums, and that was what led AMD to jump in with native 64bit support and dual core chips and start eating Intel's lunch.

          • That it does(and that's one of the reasons why it would be my choice if I were in the market); but I suspect that Intel is more willing to sacrifice that feature vs. AMD than they are to render a pretty massive slice of single-socket Xeons either irrelevant or in need of a nontrivial price cut.

            If AMD makes enough headway that the pain of losing marketshare to the other guy is greater than the pain of your cheap products cannibalizing your high-margin products; I would expect Intel to adjust their strateg
          • by Anonymous Coward

            A lot of the AMD Ryzen chips support ECC. I just bought a mid-range 1600 with a mini-ITX board and it supports ECC. I bought a 16GB stick of ECC for it for only USD$120.

            • by Agripa ( 139780 )

              A lot of the AMD Ryzen chips support ECC. I just bought a mid-range 1600 with a mini-ITX board and it supports ECC. I bought a 16GB stick of ECC for it for only USD$120.

              As far as I know, all of the Ryzen chips support ECC. AMD said it was supported but not validated on the initial ones.

              This follows the pattern set by AMD where all of their socket AM chips have supported ECC.

          • by nojayuk ( 567177 )

            It's about time high-end and even commodity PCs moved to supporting ECC and using it as common practice. When total RAM fit in a PC was 1 or 2GB and data rates were a few hundred MB per second at best a bit error rate of 1 per trillion reads or writes was acceptable. Now that common motherboards can accept 64GB and more and RAM access speeds have also escalated the chances of a problematic bit error occurring in code or data have shot up, especially as the RAM's die mask sizes have decreased.

            As an aside I'v

  • 165W (Score:5, Interesting)

    by ChunderDownunder ( 709234 ) on Monday September 25, 2017 @08:02PM (#55263227)
    That's way hotter than the worst Pentium IV.

    "Power consumption is surprisingly good". I wouldn't like to see the power bill at the end of the month and what sort of passive cooling is used to achieve a quiet workspace?

    I can see why the review website is called Hot Hardware.

    • by Anonymous Coward

      uh, those things take 500 watts when you overclock them and run them full out (e.g. prime95)

      165 watts. LOL

    • Re:165W (Score:5, Insightful)

      by Mad Merlin ( 837387 ) on Monday September 25, 2017 @10:22PM (#55263811) Homepage

      The Pentium 4 was also only a single core (or dual core if you count the short lived Pentium D line, which was based on Pentium 4 cores glued together) with vastly worse IPC. These have up to 18 cores and will chew through multithreaded workloads something like 50x faster than the fastest Pentium 4, while using comfortably less than double the power at full tilt (the i9-7980XE uses more than it's TDP at full load, around 195W, but recall that the Pentium 4 had a 115W TDP). Also, the idle and lightly loaded power usage on the i9-7980XE is dramatically lower than any Pentium 4. Unless you're running the CPU in part of a render farm that works 24/7 or something, it's going to be drastically quieter and use less power overall than any Pentium 4, not to mention absolutely obliterate it on performance.

      Having said that, I'd still opt for a Threadripper over one of these if I was building a computer today. The extra raw performance from the i9-7980XE over the 1950X (between low single digit %s to around 40%, depending on the test) is nice, but when you consider the weaker X299 platform (fewer PCIe lanes, no ECC) and the toothpaste under the IHS in the Intel (meaning it's impossible to properly cool it without delidding and potentially destroying the CPU, not to mention the runaway power usage even with a mild overclock) for double the cost, Threadripper seems like the obvious pick.

      • Don't forget the spectacular expense of the X299 platform. As usual, you'll wind up spending an extra hundred bucks on a decent motherboard for Intel as opposed to AMD.

        I'm still running an FX-8350 on a G1 Gaming, and it's spectacular for what it is. Rock-solid, awesome price:performance for when I built it. A new AMD system would be literally twice as fast, though.

        • by Agripa ( 139780 )

          Don't forget the spectacular expense of the X299 platform. As usual, you'll wind up spending an extra hundred bucks on a decent motherboard for Intel as opposed to AMD.

          And then Intel magnanimously allows you to spend more for a dongle to enable RAID.

  • by Joe_Dragon ( 2206452 ) on Monday September 25, 2017 @08:06PM (#55263239)

    Threadripper has more pci-e and $700 less

  • by JustNiz ( 692889 )

    >> 2.6GHz and 2.8GHz base clocks and 4.4GHz max boost clocks.

    They obviously did that for heat/power consumption but single thread performance is gonna suck. My guess is you're only gonna actually see 4.4 Ghz once in a blue moon, and even then it won't be sustainable for more than a few seconds.

    This is a desktop processor not a server chip. Single threaded performance is critical.

    • You are wrong. Not only will it run at max turbo on single threaded code all day every day, it'll barely use any power doing it. Idle cores use very little power.

  • How many of you "heard" the summary being read in Linus Tech Tips style? I know I did. It certainly read like some of their "content" lately.

  • 44 lanes! (Score:4, Insightful)

    by darkain ( 749283 ) on Monday September 25, 2017 @10:25PM (#55263829) Homepage

    44 lanes of PCIe? That is only four more lanes than my first generation Xeon E5 workstation that I'm using right now, which is only a quad-core chip. Granted though, this machine is pretty maxed out with that tho, even with just one GPU, thanks to PCIe SSD, dedicated sound card, and 10gbe networking.

    • by AmiMoJo ( 196126 )

      PCIe lane starvation is a big problem now, and Intel is failing to solve it.

      Now we have NVMe SSDs all wanting 4 lanes, and USB 3.1 needs a couple of lanes per port to give maximum bandwidth, standard desktop CPUs don't have enough for today's needs, let along room for expansion. If you want that system to last 5+ years you want some free lanes to add expansion cards later.

      Threadripper finally delivers plenty of PCIe lanes. And ECC RAM support. And a software TPM. And it's a lot cheaper. And it runs cooler.

  • by Lady Galadriel ( 4942909 ) on Monday September 25, 2017 @11:30PM (#55264095)
    Competition is a good thing. Without AMD, and all the people who helped keep them alive, Intel would have sat on things like this.

    In the long run, Intel parts are likely going to be better. They have more money, more chip desigers, and un-fortunantly more customers, (some that will pay outragous prices).
    • It isn't just some....pretty much every corporate giant and military in the world purchases Intel's chip offerings, in bulk. Intel's consumer-end market is and always has been a fraction of their overall sales (and that includes the bulk-buyers in this segment such as Dell and Apple). This has only slightly changed in the short era since ARM-designs took off in popularity. If AMD and a few other of the smaller chip makers could procure those kinds of contracts, things might actually change, but until then w

  • Beyond a certain point, adding more cores doesn't add any performance. On the desktop, your average user is only *actively* using one or two applications. A typical application can't really make use of more than 2-3 threads, and probably doesn't make full use of those. Four cores is plenty, 8 is luxury that will mostly be idle. Anything over 8 is just nonsense on a typical desktop.

  • if you track Moore's Law, it hasn't been followed in ages. performance of chips used to double about every year. the "GHz" doubled, or equivalent suchs as instructions per second, transistor count, fill rate, bandwidth, core count, etc.

    This stopped along time ago. Around the year 2005, the first quad core process landed- transistor counts hit 1 billion. Then they sat at quad core and 1 billion transistors for ages, barely adjusting clock rates, making small under the hood tweaks that amounted to marginal pe

  • Comment removed based on user account deletion

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...