Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Intel Businesses Security Hardware

Intel Plans To Release Chips That Have Built-in Meltdown and Spectre Protections Later This Year (businessinsider.com) 154

Intel plans to release chips that have built-in protections against the Spectre and Meltdown attacks later this year, company CEO Brian Krzanich said during company's quarterly earnings call this week. From a report: The company has "assigned some of our very best minds" to work on addressing the vulnerability that's exploited by those attacks, Krzanich said on a conference call following Intel's quarterly earnings announcement. That will result in "silicon-based" changes to the company's future chips, he said. "We've been working around clock" to address the vulnerability and attacks, Krzanich said. But, he added, "we're acutely aware we have more to do."
This discussion has been archived. No new comments can be posted.

Intel Plans To Release Chips That Have Built-in Meltdown and Spectre Protections Later This Year

Comments Filter:
  • Fool me thrice (Score:2, Insightful)

    by Anonymous Coward

    From the people who brought you F00F, FDIV, and now Meltdown? No thanks.

  • So in the end (Score:5, Insightful)

    by fisted ( 2295862 ) on Friday January 26, 2018 @09:43AM (#56007029)

    So in the end, Intel is going to make a shitton of money on Meltdown and Spectre because everybody is supposed to buy their new, fixed CPUs

    • Re:So in the end (Score:5, Interesting)

      by alvinrod ( 889928 ) on Friday January 26, 2018 @09:53AM (#56007099)
      Personally I'm probably going to buy AMD for my next build. I've got an Ivy Bridge that's still serviceable enough, but now that 8-core chips have come down to mainstream prices and AMD doesn't have anemic performance compared to Intel for most workloads, I'm more than willing to give them my business. They should have their CPU lineup refreshed around April and I expect NVidia to start launching their newest line of Volta GPUs around that time as well so it's a good time to put together a new PC.
      • Re: (Score:3, Interesting)

        I second that. Also waiting for Zen+ to see it they will deliver enough performance to justify a change from my current CPU. I could buy an i9 but honestly, pay dearly for a processor that uses mayonnaise between die and lid? I did not buy a Threadriper just because of the problems to run games/memory compatibility, otherwise I would have already switched.
        • My i7 8700K crashes like crazy with 3466 mhz cl16 ram from motherboard qvl so don't worry about ryzen just doing 3200 mhz.
          Also new models in April. Threadripper seem to have better support than ryzen.

          • by Targon ( 17348 )

            You may have missed that Ryzen can go up beyond DDR4-3600 memory now. The new AGESA 1.0.0.0a isn't perfect yet, but the platform has been seeing some nice improvements.

            • by aliquis ( 678370 )

              My point really is that enabling XMP on the ASUS Z370-F Strix motherboard claiming support for up to 4000 MHz memory OC depending on the processor with an i7 8700K and Corsair Vengeance RGB 3466 MHz CL 16 2x8 GB kit on the QVL list of the Z370-F and with Samsung B-die chips AFAIK doesn't work reliably and generate memory errors in memtest86 within seconds-minutes on test 6 (block move) and crashes on a daily bases at normal use.

              So clearly 3466 MHz with the i7 8700K I happen to have didn't worked either.

              I ha

        • Also waiting for Zen+ to see it they will deliver enough performance to justify a change from my current CPU.

          Why wait? Posting from a Ryzen 1700 with 32GB. This is a budget build that arguably out-muscles high end Intel workstations. It's not just the multi-core performance that rocks, but energy sipping power performance. And single threading performance is far from shabby. Intel can't match this for the money, and maybe can't match it even if money isn't a factor.

          Next step up for me will be the Threadripper refresh. Not a budget proposition but the value is there, and currently is the performance king. Budget mo

          • Why wait? I am waiting because if is to pay a lot then I'll pick up something that has Threadripper performance for multitasking and also has more gaming performance than my current config, and maybe Zen+ or Zen2 will fulfill that goal.
            • Why wait? I am waiting because if is to pay a lot then I'll pick up something that has Threadripper performance for multitasking and also has more gaming performance than my current config, and maybe Zen+ or Zen2 will fulfill that goal.

              You don't pay a lot for Ryzen right now, a 1700 costs $290 and a decent AM4 board runs around $90. That gets you into a highly respectable box that no doubt makes your current one look old and feeble, including in game performance. Your box is five years old, right? Has half the cores and one quarter the threads of Ryzen? You will be moving from DDR3 1333 to DDR4 2400 or better. Seems like a no-brainer.

              To get into Threadripper you triple the cost at least, and you get a best on the block enthusiast machine,

      • AMD has some interesting CPU level protections in place. The RAM encryption (SME/SEV) is a nice thing, because it protects against leaks from VM to VM, as well as if the hypervisor has bugs. For a VM farm, this looks very interesting. I just hope AMD keeps playing in the enterprise sector, as competition here is always a plus.
      • amd needs boards with IPMI for the E-3 class of cpus (aka desktop) that they have. Not all servers needs an 8 ram channel 128 pci-e high end system.

    • Comment removed based on user account deletion
    • So in the end, Intel is going to make a shitton of money on Meltdown and Spectre because everybody is supposed to buy their new, fixed CPUs

      That was most of Slashdot's initial reading on the situation:

      Their stock is going nowhere but up. The time it takes them to correct their architecture is far lower than the time it will take all their customers to migrate to a different architecture.

      • The time it takes them to correct their architecture is far lower than the time it will take all their customers to migrate to a different architecture.

        Is that really true? They're struggling just to get out a patch, in spite of being considered highly competent at programming what with their compiler being so good and all. (And also so good at making code that doesn't run quickly on AMD processors even though it can do so — use gcc or even Microsoft's compiler instead for superior results on amd64! But I digress.) They're considered highly competent at making CPUs, but they don't actually seem to be as competent as their competitors. So will they ac

    • Pretty much every CPU maker was affected by Spectre. It was an oversight in how speculative execution could be abused and thus affected all CPU designs, it wasn't an accidental implementation bug like the FDIV bug. So now that "we know better" yes future CPUs are going to be superior in this regard. Just like once we realized making car bodies stronger was actually causing more occupants to be killed, newer cars designed with crumple zones were safer. No specific company was at fault here - human knowle
      • Pretty much every CPU maker was affected by Spectre. It was an oversight in how speculative execution could be abused and thus affected all CPU designs, it wasn't an accidental implementation bug like the FDIV bug.

        Meltdown was more specific to Intel, and fixing it eliminates a good chunk of Intel's performance advantage over AMD. So it will cost them in lost CPU sales to AMD.

        Apparently, Meltdown is neither "an oversight" nor "an accidental implementation bug". It's more like "fuck security, let's make this fast". Meanwhile, AMD is left looking like the square, nerdy kid who did everything right in a world of loudmouth salespeople, and we can only hope he gets the girl before the end titles.

    • Note: have not read TFA. But the headline is "built-in meltdown and spectre protection"

      That doesn't sound like "fixed" - that sounds like "mitigated" or "avoided"

      This is a hardware hack, not a proper fix.

  • by wierd_w ( 1375923 ) on Friday January 26, 2018 @09:45AM (#56007039)

    I a reminded of Torvald's scathing emails about Intel, their proposed patch sets, and how they pointed toward intel wanting to make future chips "Fast but insecure" by default, and requiring the BIOS or OS to tell the CPU "No bitch, secure mode only please", just so they could continue to claim benchmark scores (naturally, with the anti-spectre and meltdown patches disabled so the chip runs really fast.)

    Hopefully these silicon level fixes are *ACTUAL* fixes to the methodology used by the speculative execution implementation of the chip, so that speculative execution still is active, but the chip no longer leaves bits and pieces in the processor cache that can be exploited, and that it does this by default.

    Hopefully.

    • by gweihir ( 88907 )

      Since actual fixes would impact performance, that hope is slim. It will be the least they can get away with calling "a fix".

    • Hopefully these silicon level fixes are *ACTUAL* fixes to the methodology used by the speculative execution implementation of the chip, so that speculative execution still is active, but the chip no longer leaves bits and pieces in the processor cache that can be exploited, and that it does this by default.

      Hopefully.

      I can only assume that you are on copious amounts of drugs.

      Intel hasn't gotten where they are by doing what's best for the consumer. In fact, at every given opportunity, they have taken the distinctly customer-butt-violating path instead.

    • by infolation ( 840436 ) on Friday January 26, 2018 @10:54AM (#56007569)

      intel wanting to make future chips "Fast but insecure" by default, and requiring the BIOS or OS to tell the CPU "No bitch, secure mode only please", just so they could continue to claim benchmark scores (naturally, with the anti-spectre and meltdown patches disabled so the chip runs really fast.)

      Which is effectively the VW-emissions-scandal school of benchmarking.

  • by account_deleted ( 4530225 ) on Friday January 26, 2018 @09:52AM (#56007087)
    Comment removed based on user account deletion
    • by dyfet ( 154716 )

      Let me correct this for them...

      assigned some of our very best marketing minds minds to sell suckers entirely new chips with built in protections disabled by default

    • Comment removed based on user account deletion
  • Translation (Score:4, Funny)

    by 110010001000 ( 697113 ) on Friday January 26, 2018 @10:02AM (#56007165) Homepage Journal
    Our CPUs cannot be fixed with software. You are going to need to buy a new CPU.
  • wtf article? (Score:5, Informative)

    by pak9rabid ( 1011935 ) on Friday January 26, 2018 @10:20AM (#56007243)
    From the article:

    The Meltdown attack also affects chips from AMD and those based on ARM designs and, in turn, nearly every PC, smartphone and tablet made in recent years.

    What. the. FUCK! That couldn't be further from the truth. It's like Intel wrote this garbage piece of shit "article" for them.

    • What. the. FUCK! That couldn't be further from the truth. It's like Intel wrote this garbage piece of shit "article" for them.

      Troy Wolverton and BI are both on G+, so I went over there and plus-tagged them both in a complaint about it. Incompetence all around. If only BI were qualified to comment upon this issue, they would have had an editor who could catch that error.

  • And Intel ME? (Score:5, Interesting)

    by Hrrrg ( 565259 ) on Friday January 26, 2018 @10:21AM (#56007255)

    And of course, because they are serious about security, they won't be including the Intel Management Engine in computers that don't need it, RIGHT????? Fixing Meltdown and Spectre isn't news - everyone knew that they would jump on that one. But how about removing the bug-ridden, back-door infested Intel ME? THAT is what we should insist on every time they try to claim security credibility.

    • Well, according our Slashdot specialists, a open source processor has not a single advantage over the current obscure ones, not even when we mention IME.
    • Who needs credibility when you can just purchase the journalist? Why would they mention that the ME exists when they don't have plans to fix it?

    • But how about removing the bug-ridden, back-door infested Intel ME?

      They why would businesses buy Intel? If they have to spend extra money on enterprise management they may just as well go to AMD.

  • Make insecure chips but fast, use ahh didn't realize security issue marketing, slow down chips, resale chips with the same performance level, profit.

    Much cheaper than actually coming up with faster chipsets to purchase.

  • Why only now ? (Score:4, Insightful)

    by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Friday January 26, 2018 @10:31AM (#56007345) Homepage

    This was know about at least 7 months ago, there have been stories about side channels [arstechnica.com] longer than that. So: why have they only got their 'best minds' working on it now ?

  • by tomxor ( 2379126 ) on Friday January 26, 2018 @11:04AM (#56007675)
    We don't need "built in protection" we need a "design which isn't vulnerable", if the former is truly their strategy then the analogue is anti-virus inside your CPU... You people who write headline need to stop playing into Intel PR's incredulous attitude to their own fucking design flaw. Meltdown and Spectre are not inevitable, they need to be designed out not paved over. Intel: stop treating everyone like morons or suffer the consequences.
  • Are you seriously "planning"?
    I thought it was a mandatory move to be done as priority 1 over everything else!

    You insensitive silicon clod!

  • ... built-in protections against the Spectre and Meltdown attacks ...

    Hey Intel! It's not an attack, it's a demonstration of why your design is broken.
    It's fundamentally broken to read protected memory without permission.
    If your chip can read protected memory without permission at any time, for any reason, it's broken.
    Don't try to mitigate the "attack", just fix your damn broken design.

    • It's fundamentally broken to read protected memory without permission. If your chip can read protected memory without permission at any time, for any reason, it's broken.

      You don't understand Spectre. Reading protected memory through speculative execution by itself is no problem. Using the data in a way that leaves a trace (like using it to form an address and reading from that address) is the problem.

      • Reading protected memory through speculative execution by itself is no problem.

        It's a problem if you have memory mapped I/O, and reading it causes something to happen.
        For example, status registers frequently auto-clear when read.

  • [quote]Intel Plans To Release Chips That Have Built-in Meltdown and Spectre Protections Later This Year [/quote]
    Translation: Intel Plans To Releas Chips That Have Fixed The Meltdown and Spectre Bugs Later This Year.
    These are not added protection. This is not some feature. This is repairing a mistake in all chips released while continuing to sell broken products up to "Later This Year".

  • Now security is important. But, otoh, Intel has already manufactured a lot of these flawed chips. Following the news about these vulnerabilities the demand for these chips is going to drop. This should open up a window of opportunity to snap up these chips at some steeply discounted prices and use them for workloads and in environments where the chips' design flaw isn't going to be an issue (just avoid applying the mitigation patches that slow everything down).
  • or as Intel will try to frame it - next-gen performance and security!!

  • There are three main types of computing environment:

    - Monolithic single process,
    - Complex single process,
    - Mixed processes

    MSP: written in a low-level language (asm, c, c++), typically a very finely tuned process that may use CPU threads for parallelism in a very carefully managed way, probably implementing its own scheduling etc. Non-deterministic operations like OS/Kernel interactions are generally very, very carefully supervised, custom memory management all over the place, etc, this is the core focus of

  • Slashdot subject size limitation helps to find out the truth.
  • Exactly what does it mean the fix is in hardware? One option is, it means the microcode updates that Intel have made for current CPU's (and which have performance impact) has been preloaded into the CPU (i.e. part of the built-in microcode). This would be very easy for Intel since the microcode has already been validated (not the same as fully bug-free as the increase-reboot-frequency-saga shows!) so it is just a matter of pre-loading what they already made. This will make it seem built-in from a consumer p
  • Yes you do.

    How about offering some compensation to people, who bought your chips with the flaws, for the drops in the performance created by the patches? You did receive semi-monopoly prices for them, so coughing some of that up would be only fair, as we're left up with something that doesn't perform as good as advertised.

    Now if only avoiding Intel on notebooks would be easier. There will be some potentially good stuff coming up this year, such as Ryzen powered Thinkpads, but there just isn't much choice.
    On

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...