Intel CEO Addresses the Industry on Meltdown and Spectre Issues in Open Letter
by Anton Shilov on January 11, 2018 10:15 PM ESTBrian Krzanich on Thursday published an open letter addressing its partners and customers regarding the aftermath of the Meltdown and Spectre exploits publication. Chief executive of Intel reiterated the company’s plans to release security updates for its recent CPUs by early next week and mentioned the importance of collaborative industry-wide security assurance and responsible disclosures regarding security vulnerabilities going forward.
Intel intends to release software and firmware patches for 90% of its CPUs launched in the past five years by January 15. By the end of the month, Intel plans to issue software updates for the remainder 10% of processors introduced in the same period. After that, Intel will focus on releasing updates for older products based on requests and priorities of its customers. The company confirms that patches have an impact on performance and says that it varies widely based on workloads and mitigation technique.
Going forward, the world’s largest maker of microprocessors plans to share hardware innovations with the industry to fast-track development of protection against side-channel attacks. In addition, the company intends to increase funding for academic and independent research of security threats. Brian Krzanich expects other industry players to follow similar practices: share security-related hardware innovations and help researchers of security vulnerabilities.
The original letter reads as follows:
An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
Following announcements of the Google Project Zero security exploits last week, Intel has continued to work closely with our partners with the shared goal of restoring confidence in the security of our customers’ data as quickly as possible. As I noted in my CES comments this week, the degree of collaboration across the industry has been remarkable. I am very proud of how our industry has pulled together and want to thank everyone for their extraordinary collaboration. In particular, we want to thank the Google Project Zero team for practicing responsible disclosure, creating the opportunity for the industry to address these new issues in a coordinated fashion.
As this process unfolds, I want to be clear about Intel’s commitments to our customers. This is our pledge:
1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
2. Transparent and Timely Communications: As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information. These can be found at the Intel.com website.
3. Ongoing Security Assurance: Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.
We encourage our industry partners to continue to support these practices. There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.
The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.
— Brian Krzanich
Related Reading:
Source: Intel
65 Comments
View All Comments
lada - Saturday, January 13, 2018 - link
#4 probably not true. AFAIK older electronics built on bigger, now obsolete nodes has expected lifetime of 100s or 10s of years in contrast to current nodes, which have some single digit numbers. See The international technology roadmap for semiconductors 2013 whitepaper and look at page 18. Figure INTC7 - lifetime versus technology node. If I understand it correctly, the a.u. unit is atomic unit, which means there are probably only dozens of atoms across some structures.The reliability of new nodes is of particular interest to autonomous cars' manufacturers, because they need the high compute power of the latest generation of nanometer scale ICs (i.e. 7nm etc) but they need to cope with 20years of expected lifetime of the units (in a car which is moving, hot, vibrating). I think nVidia CEO has somehow addressed this with some reliability model which takes into account elevated temperatures and only 99% survival rate after the 20 years.
Which by the way means, that a Uber autonomous taxi without steering wheel will maybe kill the passengers (and maybe some more) in 1% of the cases. I'm exxagerating but you see the point.
Your laptop is on the same node as automotive A.I. enabled SoCs. Hence your statement may not necessarily be true, even if you subtract the years passed by while in on state, the survival rate of older CPUs may be even better than of those new ones. Old tech from 90's like dumbphones live and work today, but even 4 year old smartphones could be having a problem with reliability on - say - 7nm node.
The most detrimental factors are AFAIK temperature and voltage - electromigration is dependent on voltage, some parts of the chip are always on, current density of the interconnect (as per IRTS whitepaper) and temperature (higher temp - way accelerated aging). If I remember correctly, over 60 degC to 80degC accelerates aging manyfold yet single digit times.
It may not be a bad measure to use old tech with proper cooling, beating hands down all the new stuff.
BurntMyBacon - Monday, January 15, 2018 - link
@dgingeriMuch of what you said here is pretty reasonable. There are just a few things, however, that my research and experiences disagree with.
3. I'll leave aside the discussion of security between Win10 and older versions of Windows (particularly once you've taken the time to update and set them to a non-default configuration baseline). Privacy issues (one reason to "FEAR" Windows 10) are making their way into older versions of Windows via updates, so you are correct in that sense.
I disagree, however, with the notion that Windows 10 runs many legacy apps better than Windows 7. Perhaps there are a few out there and maybe these are the only ones that concern you, but in my experience with many business clients, I don't have a single scenario of legacy apps running better on Win10. There are a good number that run fine, but there are more than a few (many internally developed) applications that work on Win7 and not on Win10. I also find it hard to believe that Win10 is more stable than Win7. There were more than a few hickups, many driver related (think nVidia) that cause some pretty severe headaches for Win10 users. Windows 7 has had a lot more time to mature and stabilize. You might be able to convince me that Windows 10 is starting to become as stable as Windows 7, but my experiences even in the last month make even that less than convincing.
4. What you said about degradation of components is true and your overall statement about upgrading systems holds if for no other reason than the processor can't work without the motherboard. Life expectancy of components on a motherboard is generally less than that of the processor it hosts (under normal conditions).
However in regards to silicon semiconductors, older silicon based chips designed using larger feature sizes and fabricated with less complex processes are often far more resilient to silicon degradation than the newer chips with very small feature sizes and little room for error in the processes. Electromigration, that can occur when high currents traverse small metal traces in the silicon, can (and has) gone completely unnoticed in older chips, due to the original thickness of the trace. The amount of material that migrates is proportional to the current density on the trace. Smaller chips with smaller feature sizes (smaller traces), but similar power usage have higher current densities. These chips need special considerations for the power delivery in part because if the power delivery remained the same as on a larger chip, the traces would have both higher current densities (more metal ion displacement) and lower tolerance for electromigration (fewer metal atoms can be moved before failure).
felipetga - Friday, January 12, 2018 - link
Havent figured out if my C2Q 9550 rig will be affected and if so, will it be ever patched?A5 - Friday, January 12, 2018 - link
...I would be extremely surprised if a C2Q gets a firmware patch for this.PeachNCream - Friday, January 12, 2018 - link
Pretty much ALL CPUs are impacted by Spectre and yeah, Meltdown will likely impact any C2Q processor too. As A5 is saying, it's really unlikely that C2Q will get any sort of support due to its age. I've got very low expectations for my two Core i5-540Ms when it comes to patching.dgingeri - Friday, January 12, 2018 - link
The impact is likely to be minimal, even on a Core2Quad. You'll probably see about a 10% hit on some apps, but most games are seeing no noticeable impact.You'll see the OS patch if you're running Windows 7, 8.X, or 10, but it is highly unlikely you'll see a firmware/BIOS patch. I doubt even Z97 or X99 boards will see a firmware/BIOS patch. It's a firm maybe for intel's 100 series chipset. The 200 series chipset are even a "probably, but not guaranteed".
Simply put, the patching of this issue is a non-issue for desktop users. The big impact is server side.
Hurr Durr - Friday, January 12, 2018 - link
It can be inferred from what intel published so far that Skylake and Kaby Lake will get microcode updates, and older generations will not. Then there are motherboard vendors who have to implement these updates in BIOS updates and release them.BurntMyBacon - Monday, January 15, 2018 - link
@Anton Shilov (article): "Intel intends to release software and firmware patches for 90% of its CPUs launched in the past five years by January 15. By the end of the month, Intel plans to issue software updates for the remainder 10% of processors introduced in the same period."Haswell was launched in 2013 making it definitely withing the 5 year window. Ivy Bridge, launched in 2012, may or may not be considered within the 5 year window depending on where they start the counting from and how they are rounding/truncating the age. That said, I would expect Haswell to be the oldest chip to get it. I figure similarities with Broadwell made it relatively easy to extend support to Haswell. If they were intent on covering Ivy Bridge, there is a decent probability that Sandy Bridge would also have been supported due to architectural similarity.
I agree on the motherboard vendor issue, though. Who knows how far back the vendors will actually apply the microcode update. I think this will be very telling of to what extend vendors are willing to support their consumers and I will most definitely be basing my future purchasing decisions on how this plays out. Here's hoping there will be a few follow-up articles to assess the state of support by the major manufacturers and get it into the public eye.
digiguy - Friday, January 12, 2018 - link
I have done quite a few tests before and after the patches in several of my machines (from gen 2 to gen 7) and I have followed quite a few of those that have done the same.First and most important:
1. the impact on CPU is minimal (less than 5%, with any CPU and any Windows version)
2. the impact on SSD speeds is noticeable, but only with older CPUs, and not for sequential read an write...so 512k, 4k and above all QD32 4k and similar
3. That windows 7 is more impacted than 10 is crap from Microsoft... The same PC with dual boot and sandy bridge lost much more SSD speed in Windowds 10 than in 7...
All these tests were done with Windows update that only address Meltdown and one of the 2 variants of Spectre as far as I know. The biggest impact would come from the a microcode update, that requires a bios update by the motherboard manufacturer... I don't expect this to come for anything older than Haswell (Intel mentioned the "last 5 years"...)
Still those that applied the bios updated for the only Asus MB yet available saw a big impact only on SSD speeds, not on CPUs...
BurntMyBacon - Monday, January 15, 2018 - link
@digiguyThanks for posting your findings. I would love to see the actual numbers associated with the systems and setups, but for now I'll take it at face value. These findings do seem to agree with my personal findings so far (Skylake/Haswell).
That said, it was my understanding that Microsoft's patch needed the microcode update in order for it to fully work. Without the microcode, only part of the patch should be active. Microsoft's comment about Windows 10 vs Windows 7 was clearly (to me) assuming the system was patched and had the microcode update. Sandy Bridge won't likely be getting new microcode. Do you have numbers on a Haswell system that is patched and has a microcode update? My Haswell doesn't have the microcode yet.