The final presentation of the Hot Chips event this week is from Intel, with a talk on its next generation Xeon Scalable platform, Cascade Lake. We recently learned about Intel’s Xeon Roadmap at the recent Datacenter Insider Summit, consisting of Cascade Lake in 2018, Cooper Lake in 2019, and Ice Lake in 2020, and now Hot Chips is the first chance for Intel to add some more information to the mix. Previously this would have been done at events like IDF, over several hours, but Intel only has 30 minutes on stage here. We picked up the slides before the presentation.

The Key Takeaways

Intel is using the opportunity to expand on Cascade Lake’s previously announced features: new instructions for machine learning by taking advantage of the AVX-512 unit, and how the platform is set to be protected / hardened against attacks such as Spectre and Meltdown. We also have confirmation about how the new Optane DIMMs, Apache Pass, will be enabled through the platform.

Unfortunately, for those expecting an IDF-like substantial talk about the design of the chips, how the SKUs will be separated, or what the product stack will look like, this was not it. We have a feeling that Intel will be drip feeding information about Cascade Lake in this manner.

However, Intel’s main play here is that a significant amount of the server and enterprise industry desperately want Spectre and Meltdown hardened processors, and will pay for them. When Intel stated that they expect Cascade to be their fastest ramping processor, make no mistake that this is likely to be true, for the reasons of security. The question marks will obviously come on price, which has yet to be announced, but Intel could easily argue ‘how much is security worth?’.

Protecting for Spectre, Meltdown, and Similar Attacks

With the range of new attacks, Intel and others moved quickly to enable firmware and operating system remedies. The downside of those remedies was a potential loss in performance, mainly due to kernel switching, that on the latest platforms could account for 3-10% performance (or more old older systems). When we spoke with Lisa Spelman, VP of Intel’s DCG, we were told that the hardware-based mitigations in Cascade Lake would have an impact on the performance loss – exactly how much was not stated, and we were told that ‘the comparison is sort of apples to oranges – either way performance is set to be increased [because of platform updates]’. Lisa did categorically state that ‘the hardware fixes put the performance back on track’, which is the key takeaway.

For the variants of side-channel attacks, Intel is applying the following updates to Cascade Lake:

Variant 1 is still to be tackled at the OS level, with variants 3a and 4 through firmware and OS updates. Variants 2, 3, and 5, will be solved in hardware, requiring no extra additions.

So while the new processors have fixes in place, not all of them will be hardware fixes. The firmware fixes might as well be hardware, given that the system will launch with these by default, but the OS fixes will have to be pushed before platforms are released. The non-hardware fixes have the potential for performance regression, however as stated above, the platform as a whole should be at a higher performance level than Skylake.

Intel did not state what the lead time was for different variant attacks to be added in hardware beyond Cascade Lake, however the earlier they know, the better. Lisa Spelman did state that every new processor features security updates, and the teams they have will be working hard to provide the best solution.

Page 2: Process Tuning and VNNI
Page 3: Optane DIMMs and Slides

Top image originally from ServeTheHome

Process Tuning and VNNI
Comments Locked

31 Comments

View All Comments

  • Yojimbo - Sunday, August 19, 2018 - link

    It's also very big in China.
  • abufrejoval - Monday, August 20, 2018 - link

    What about the Control Flow Integrity extensions announced in 2016? Are they mentioned anywhere? Does anyone know what AMD is doing about them?
    https://software.intel.com/sites/default/files/man...
  • HStewart - Monday, August 20, 2018 - link

    "Does anyone know what AMD is doing about them?"

    That is real good question and thanks for the Link? - I would be curious about what CPU's will have these extensions. My guess initially it will be part of hardware / software changes mention here. From a quick look at document , it looks primary aim at OS developers especially with mention of task switch.

    As for your original question, My guess is that AMD will be adding similar instruction in a future - it just makes it hard for OS developers - unless AMD Licenses the additions so it has similar instructions.
  • iAPX - Monday, August 20, 2018 - link

    Why and how "Mitigation" becomes "Fix"?!?

    Intel is clear about their lack of Fix again, but only mitigations. In the article it's not the same story.
  • moozooh - Monday, August 20, 2018 - link

    The main reason is likely that CPU R&D cycle normally takes some 2+ years, and the Spectre/Meltdown vulnerabilities were only fully understood sometime midways during Cascade Lake's hardware design cycle where only minor architectural changes could be made. I believe you can only expect full-scale fix in microarchitectures that entered its initial development phases in late 2017 or so. Which means they won't enter the market until mid-2019 at the earliest. So, come back for Ice Lake and its sister families I guess.
  • HStewart - Monday, August 20, 2018 - link

    I believe the difference is "Mitigation" is actually done in software or microcode downloaded to chip - but "Fix" is actually a change in actual hardware
  • edzieba - Monday, August 20, 2018 - link

    There is no "fix" without removing Speculative Execution just like there is no hardware "fix" for buffer over/underruns. The fix is in software design, the mitigation is in hardware to compensate for the change in software design.
  • HStewart - Monday, August 20, 2018 - link

    I believe that with Spectra 1 - this appears not to required CPU change and others similar to this - Spectra 2 requires no instructions and Spectra 3 requires no hardware changes

    Not sure about other changes but keep in mind kernal can prevent rogue programs for cause problems but will slow system down by using io protection technique - only thing is what kind of perormance hurt is does this cause - this can fix in hardware with new hardware that the OS

    To me as OS developer in the late 80's and early 90's, my knowledge now maybe limited - but cause of change in job - but it pretty sick that OS developers and CPU have spend resource to correct issues for situation with hackers and such to exploit hardware. Keep in mind these problems don't just effect Intel but also include ARM and AMD cpus.
  • HStewart - Monday, August 20, 2018 - link

    A link for the top part - of course part of this is just my opinion based on my previous experience as OS developer

    https://en.wikipedia.org/wiki/Meltdown_(security_v...

    I did notice a real CPU defect in IBM 486SLC - when switching from 286 protected mode 386 protected mode te IBM 486SLC had a defect according to IBM that the cache was inverted causing exception and hard lock as occur. I believe this was track down in early 90's
  • Elstar - Monday, August 20, 2018 - link

    "Variant 1 is still to be tackled at the OS level". I wish Intel were more clear about this. They clearly views variant 1 as a problem for any and all software to solve, not just OS/VMM software. The only thing magical about the OS/VMM is that they're more popular attack vectors.

Log in

Don't have an account? Sign up now