Jump to content
Joseph

Security flaw discovered in Intel chips.

65 posts in this topic Last Reply

Recommended Posts

42 minutes ago, zoggy said:

here is the latest from intel on what you should upgrade/when your upgrade is coming:

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf

 

Nice find.  Would be nice of them to provide downloadable firmware updates as they are marked "production".  Probably they see that working with motherboard vendors to deploy new microcode via bios updates as the fastest way to mitigate Spectre for the big cloud boys.

Share this post


Link to post

FYI Supermicro just released bios with updated CPU microcode to address ‘Spectre’ variant 2 for most X11 boards.

  • Like 1

Share this post


Link to post

Intel have now announced that they will not (or can not) fix Spectre and Meltdown for a lot of older chips that they had earlier indicated they would release fixes for.

 

Lots of good unRAID chips will not get fixes - Core, Core 2, Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown, Jasper Forest, ...

 

http://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

http://arstechnica.com/gadgets/2018/04/intel-drops-plans-to-develop-spectre-microcode-for-ancient-chips/

http://www.theregister.co.uk/2018/04/04/intel_spectre_microcode_updates/

 

Share this post


Link to post
16 minutes ago, zoggy said:

watch the video all the way through for its relevance.

 

Yup.

Share this post


Link to post

As I noted in January when the first Meltdown/Spectre reports were published, I don't think this can be stopped. There have existed side-band attacks just listening to the sound of the power supply - how can a general-purpose processor manage to not leak side-band information unless all speculation is removed?

 

There will always be new statistical methods that can analyze branch prediction/cache misses/... and make deductions about what the CPU is doing or on what data. This is a genie that just can't be put back in the bottle.

 

I think we will need new processors where more sensitive operations are either offloaded to custom hardware or where the processor can turn off the performance mode for critical computations. But that means that in "safe" mode, we'll get glorified 386 chips running way slower than normal mode. Turning off branch-prediction and hiding cache misses means a "safe" processor will have to spend most time stalled.

Share this post


Link to post
On 8/14/2018 at 1:10 PM, Jcloud said:

Three more vulnerabilities are being disclosed today, https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/ for the popular-article going over it.

 

That's a pretty good (and honest) article.  FTA:

 

Quote

It must be said that no malware, to the best of our knowledge, is exploiting the related Meltdown and Spectre flaws, nor the aforementioned speculative-execution vulnerabilities – partly because mitigations are rolling out across the industry, and partly because there are easier ways to hack people.

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now