New HyperThreading Flaw Affects Intel 6th And 7th Generation Skylake and Kaby Lake-Based Processors

MojoKid writes: A new flaw has been discovered that impacts Intel 6th and 7th Generation Skylake and Kaby Lake-based processors that support HyperThreading. The issue affects all OS types and is detailed by Intel errata documentation and points out that under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers, as well as their corresponding wider register (e.g. RAX, EAX or AX for AH), may cause unpredictable system behavior, including crashes and potential data loss. The OCaml toolchain community first began investigating processors with these malfunctions back in January and found reports stemming back to at least the first half of 2016.

The OCaml team was able pinpoint the issue to Skylake's HyperThreading implementation and notified Intel. While Intel reportedly did not respond directly, it has issued some microcode fixes since then. That's not the end of the story, however, as the microcode fixes need to be implemented into BIOS/UEFI updates as well and it is not clear at this time if all major vendors have included these changes in their latest revisions.

Apocryphal ....

[brantondaveperson]

.. doesn't mean what the article writer appears to think it means.

Anyhow, that a new highly complex processor contains subtle bug that's fixable without hardware modification isn't exactly earth-shaking news, surely? How about they just fix it, and we move on.

Re:Apocryphal ....

[Gaygirlie]

I can't help but wonder if/how much it affects performance, though. There are plenty of cases where hyper-threading is a very welcome feature and some people might be upset, if there was a hit to performance. I don't own a Skylake - or Kaby Lake - product, but I am just curious of real-world implications.

Re:Apocryphal ....

How about they just fix it, and we move on.

What about people on machines that haven't received bios updates in 5 years?

"fixes need to be implemented into BIOS/UEFI updates as well and it is not clear at this time if all major vendors have included these changes in their latest revisions."

Re:Apocryphal ....

[Gaygirlie]

Yeah, no. I ain't going to just blindly believe your claim, unless you can actually back it up.

Re:Apocryphal ....

Hmm, this is only about very recent Intel processors, it is pretty much guaranteed that your system vendor can issue the update if you ask them.

If they don't, I expect sooner or later Intel will start publishing the Kaby Lake microcode fixes just like they did with Skylake, and you can fix it that way. Yes, even on Windows, although it takes some hacking.

Re:Apocryphal ....

I can't help but wonder if/how much it affects performance, though.

There are two aspects of hyper-threading:
a) It purportedly boosts performance by about 10-20% for multithreaded apps.
b) HT processors often cost almost double (G4xx vs I3).

So, is Intel going to reimburse to I3/I5/I7 owners that have paid a huge premium for HT but can't use it anymore?

Re:Apocryphal ....

[barbariccow]

What? This post makes no sense at all.

Re:Apocryphal ....

[barbariccow]

"fixes need to be implemented into BIOS/UEFI updates as well and it is not clear at this time if all major vendors have included these changes in their latest revisions."

Methinks it's fixed in microcode like everything else, and the article even mentions that it is. Probably written by somebody who thinks everything non-windows means BIOS.

Re:Apocryphal ....

Microsoft operating systems are capable of uploading updated microcode at boot time as well (for example, this update from 2015.)

And I should imagine that Linux and MacOS both can do likewise - so the major vendors are Apple, Microsoft and the linux distro. makers.

Re:Apocryphal ....

Then you're an idiot. Hyperthreading exists because it improves performance. If it has to be disabled to make the CPU stable then of course it will take a performance hit.

Re:Apocryphal ....

The fix doesn't disable hyperthreading, the fix fixes the bug. Maybe there are some performance hits in some cases as a result, but hyperthreading will still work.

Even after all these years, however, I still consider hyperthreading dubious regarding security and stability.

Re:Apocryphal ....

[KiloByte]

The fix doesn't disable hyperthreading, the fix fixes the bug.

The fix works only for some models of Skylake (models 78 and 94, stepping 3). On any other Skylakes and all Kaby Lakes there's no way other than disabling hyperthreading entirely.

A fix might or might not be released in the future, Intel doesn't say a word about the issue.

Re:Apocryphal ....

What about people on machines that haven't received bios updates in 5 years?

If your motherboard has been around at least 5 years such that it hasn't had a BIOS update in the last 5 years, then that motherboard is 3 years too old to support a Skylake CPU, and over 4 years too old to support a Kabylake CPU.

That means those machines are unaffected by bugs in hardware too new for them to use.

Re:Apocryphal ....

Eh, *all* processor models have a microcode-level fix issued. The fix does not disable HT at all. And if the fix makes anything slower, nobody noticed it. It doesn't show on a normal benchmark, either.

The people running the huge OCaml farms are not weekend computer jockeys...

It is true that just two Skylake processor *signatures* (which are for a LOT of Skylake models) have microcode in the *public* Linux distribution of microcode updates. Everyone else needs to get it through their BIOS/UEFI, that doesn't mean the fix doesn't exist: it just means your system vendor has to do its side of the deal.

Re:Apocryphal ....

It is, however, the "job" of someone making a wild assertion, to back it up with proof. Which in this case they can't ... for obvious reasons.

Re:Apocryphal ....

[KiloByte]

Uhm, nope. Only those two models have a fix issued. On everything else, you do need to disable HT, which obviously takes a massive performance hit.

Those OCaml guys merely noticed and diagnosed the problem first -- your average mouth-breathing Windows user will have a game crash, a browser corrupt a Twitter page or MS Word lose data yet again, but that's what such users are used to. Yet that their systems are already crashy doesn't mean this extra source of crashes and data corruption doesn't matter.

As for your legendary "BIOS/UEFI updates", those can be relied on about as much as $YOUR_COUNTRY'S_PARLIAMENT to stop bribes towards their own members. Most of those "system vendors" don't pass fixes, and when they do, they're anything but timely.

Re:Apocryphal ....

[thestuckmud]

hyper-threading ... purportedly boosts performance by about 10-20% for multithreaded apps.

10-20% might be the case. I've also read some claims of 30% speed boost from hyperthreading. The boost is highly dependent on workload.

For me, 100% is often the case. I do a lot of tight number theoretic math loops and was astounded to find that one of my typical computations -- with little memory use and essentially no communication -- was 8 time quicker on 4 cores/8 threads compared to the single threaded version. Perfectly efficient! Your mileage will very probably vary, but it works for me.

And, FWIW, I usually prototype in oCaml :-)

Re:Apocryphal ....

[swilver]

I looked into HT a bit, and its performance gains.

Basically, it comes down that as soon as you have real cores available that HT barely does anything and sometimes even becomes detrimental for performance. So if you have 1 core, HT shows some real benefits. With 2 cores it was pretty marginal, and with 4 cores or more you might as well disable it.

Re:Apocryphal ....

Looks like Intel employees have mod points today... Why else would an entirely factual post which shows Intel in a bad light get modded 'Flamebait'? :/

Re:Apocryphal ....

[arglebargle_xiv]

If you don't know the model name of your processor(s), the command below will tell you their model names. Run it in a command line shell (e.g. xterm):
grep name /proc/cpuinfo | sort -u

C:\>grep name /proc/cpuinfo | sort -u
'grep' is not recognized as an internal or external command, operable program or batch file.
C:\>

Re:Apocryphal ....

[Rockoon]

Because thats what Intel does, apparently.

They were convicted of anti-competitive behavior, the largest such conviction at the time IIRC.

Re:Apocryphal ....

On everything else, you do need to disable HT, which obviously takes a massive performance hit.

What kind of stuff are you doing with your computers, where HT offers a massive performance improvement? I work in HPC, where we keep our CPU busy, and we consistently disable HT. In some cases it simply offers no benefit. In others, there's actually a performance loss. I know my codes are not an example of all that's available in the world, but I'd like to know where does HT does offer that massive performance gain...

Re:Apocryphal ....

[MrFlibbs]

A microcode patch is included with the BIOS image and is loaded by BIOS at startup. This isn't the only way to do it -- it is also possible to load a patch from the O/S. But for most users the best solution is for BIOS to do this, and that means updating the BIOS image. So the article is correct.

Re:Apocryphal ....

[KiloByte]

Well, yeah, it depends on your load. When you prefer individual threads to be as fast as possible even at the cost of total amount of instructions per second done, you obviously want to kill HT. On the other hand, for eg. compiles, HT is a great thing. But if you work in HPC, I don't think I need to explain the need to test your particular load.

Re:Apocryphal ....

[zwarte+piet]

Your terminal is throwing weird smilies at you. I think it is cross with you.

Re:Apocryphal ....

The tight loops that are mentioned in the summary are interesting though. The loop(s) itself becomes optimised when less than 64 bytes are used.

If it works like I've seen certain DSPs do loops, it will configure the instruction pointer to loop by itself until a certain condition is met, without actually needing to decode the jump, the compare, or even have to execute either.

Hopefully they didn't just disable those loop optimisations; I am doing large integer calculations.

Re:Apocryphal ....

I'm sorry that your OS is broken. Try one that works.

Re: Apocryphal ....

[douglas.w.goodall300]

Generally working around hardware bugs means changing assemblers and compilers to avoid a suspect code sequence. This means apps compiled with pre-fix languages are like time bombs, and it forces compiler vendors to reform their code generators and force a release cycle. This includes both open source as well as proprietary software and is a maintenance burden to everyone. The penguin math bug was like this. I think the silicon should be fixed instead. If intel had to pay for CPU Upgrades and service calls, they would be more likely to QA their chips better.

Re:Apocryphal ....

[Xhris]

cat /proc/cpuinfo | grep name | sort -u

Re:Apocryphal ....

This analysis makes no logical sense. What did "looking into this a bit" consist of, and what do you actually mean by "as soon as you have real cores available"? Nobody is advising you to disable real cores and use HT on the other cores instead. Enabling HT on a 4-core processor can give you massive speedups on a wide range of applications. Obviously it won't be as good as a true 8-core processor (although if you're memory bound the difference is utterly marginal) but if you don't have an 8-core processor that's completely moot.

Re:Apocryphal ....

[Bengie]

There are work loads where HT makes the system ~10% slower, but there are also work loads that make the system ~100% faster, and a huge range of possible work loads in between. A one dimensional analysis is useless.

Re:Apocryphal ....

[Paradise+Pete]

The word apocryphal is not in the article, nor is there an update notice. Did they silently change it?

Re:Apocryphal ....

[brantondaveperson]

It got changed to "apocalyptic".

Re:Apocryphal ....

[Paradise+Pete]

That was my guess. The lack of a footnote acknowledging the change is not good.

Additional links

Mantis entry https://caml.inria.fr/mantis/v...

Spec update https://www3.intel.com/content...

From the mantis page: OCaml toolkit users noted that compilation was failing on skylake processors, when multiple concurrent processes were running. Additional testing found that test systems were producing incorrect results when running compiled code on skylake systems with HT enabled.

BTW, AMD has a similar bug too

[Misagon]

AMD Ryzen also seems to have a similar bug, related to hyperthreading that happens only in very special circumstances.

Quite a few Ryzen users have experienced instability problems during heavy compilation loads under Linux, especially those using compile-based distros such as Gentoo, but also under the Ubuntu subsystem on Windows.
There has been some debate whether the problems would have been caused by an actual bug, or if the people who experienced them simply had an unstable overclock - the latter being something that has also cropped up in forums recently.

Matthew Dillon, of Dragonfly BSD fame (and Amiga fame before that...) does believe that he has found a reproducible bug. He sent a test case about it to AMD in April.
This is not the first time Dillon has found a hardware bug in a AMD CPU. He found one for an earlier AMD CPU back in 2012 which was fixed in a microcode update.

I expect this to be fixed in a BIOS/microcode update soon, if not already in AGESA 1.0.0.6 - but I have yet to see any confirmation that it would have been fixed.

Re:BTW, AMD has a similar bug too

[gweihir]

The difference is that Ryzen is a new architecture, where this is sort-of expected. Intel has this in an old architecture and that is just not acceptable.

Re:BTW, AMD has a similar bug too

Isn't one of the features of ryzen a more advanced turbo boost, why overclock?

Re:BTW, AMD has a similar bug too

[Gravis+Zero]

There has been some debate whether the problems would have been caused by an actual bug, or if the people who experienced them simply had an unstable overclock

If it only happens when you overclock, it's not a bug, it's ID10T problem.

Re:BTW, AMD has a similar bug too

Because you can overclock well beyond the amount that XFR does and you can do it on all cores where XFR will only boost by a small about on 2 cores or less.

In any case, the problem on Ryzen is completely unrelated to overclocking.

Re:BTW, AMD has a similar bug too

[Megol]

A little reminder: overclocking is the practice of running a processor with a higher clock frequency than the manufacturer guarantees* being okay. Doing that the user should always keep in mind that this can lead to errors without there being any problem with the processor and so overclocking should only be done when the result of programs aren't important.

TL;DR if the problem only occurs when overclocking then it isn't a bug.

Re:BTW, AMD has a similar bug too

[gravewax]

WTF? no a bug like this is NOT expected in a new architecture, such bugs can result in billions in losses, something AMD can't afford. having said that people overclocking has always been a problem when it comes to stability.

Re:BTW, AMD has a similar bug too

[slashdot_commentator]

> The difference is that Ryzen is a new architecture, where this is sort-of expected.

No. In the sense that this is a hardware issue, not a software issue. Hyperthread issues are not expected because the hardware is "new". Software "engineering" is a joke compared to the rigor required in hardware development. I know you may not understand this, but (successfully employed) engineers of hardware are not allowed to fuck up. Manufacturing companies spend 1000x more in design, expertise, and quality control to make sure hardware doesn't have any flaw. Because if hardware does have a flaw, its hardware -- it can't be fixed with a software patch.

> Intel has this in an old architecture and that is just not acceptable.

With a "new" architecture, it cannot fall back on years of previous versions of hardware to expose a bug. That does not mean Intel would be immune to subtle forms of design flaws, since every new version of chip means having done something new on the microcode level. Otherwise, it would be meaningless to be adding tens of thousands more transistors to do the job exactly as the previous version of chip.

It is blowing my mind right now how so many gaming enthusiasts and other amateur computer users fail to grasp the gravity of this hardware flaw. Yes, a change can be made in the CPU's microcode to avoid the flaw, but its not like Intel microcode can be rewritten from scratch. A patch on the BIOS level only means that hyperthreading is disabled. That means the extra hundreds of dollars spent to make your PC 10-30% faster than an i5 has been pissed away; your i7 just lost its performance edge to an i5. If something is actually modified on the i7's microcode, its more about kludging the intended hyperthread operation to avoid the logic bug (which means your i7 loses performance).

Fortunately, a program crashing or generating incorrect data is pretty meaningless to gamers and websurfers. But if I was an investment bank, bitcoiner, scientist, or engineering company dependent on computed output, I'd be extremely pissed off. It makes me wonder if Intel is going to have to do a product recall (or perhaps an extremely limited rebate to select industry customers). AMD really should figure out a smart way to capitalize on Intel's foobar.

Re:BTW, AMD has a similar bug too

just not acceptable

And yet here you are, on Slashdot, guaranteed to be using a machine that has, without a doubt, a couple of dozen hardware bugs, not only in the cpu but other components as well, that are either fixed with a firmware update or not fixed at all.

Without accepting this, you would not be on the internet.

Re:BTW, AMD has a similar bug too

[gweihir]

You seems to be utterly clueless about how these things work. Please go away and play with LEGO or something.

Re:BTW, AMD has a similar bug too

[gweihir]

You seem to never even have heard or processor errata sheets, let alone ever read one. And you seem to be completely unaware what hardware flaws have been historically found in CPUs. As I said to the other clueless response, go please go away and play with LEGO or something.

Re:BTW, AMD has a similar bug too

[Misagon]

Your post is a typical example of the behaviour that has hindered proper discussion on this problem.
People read half of one paragraph from one forum-post and half of a paragraph in another thread and then post a knee-jerk response to something they don't understand.

Re:BTW, AMD has a similar bug too

[Rockoon]

Not at the same magnitude that they are today.

Sure, lots of little things like the cpu will crash in some cases if a second level shadow of the carry flag register is set immediately after some other thing... so the fix is for the microcode to reorder the operations a little bit so that operations that target the carry flag are on the shallow side of the shadow registers... or at least never in that 2nd slot.. shit like that aint nothing

It is the parallel execution itself that isnt working here. Wrong results are produced. It isnt that performance is bad, or a core locks up... instead bad values are produced. Its a horrible bug at least as bad as FDIV.

Re:BTW, AMD has a similar bug too

[AmiMoJo]

If you are losing billions due to a CPU architecture bug then you are an idiot.

Even if you are somehow sure that the CPU has no bugs, you can't be sure it won't suffer from power glitches, cosmic rays and innumerable other things that can make it crash or get the wrong result. Not to mention the rest of the computer - ECC RAM can only correct single bit errors, assuming it has no faults.

Re:BTW, AMD has a similar bug too

APK shut your trap easily slashdot_commentator big mouth https://hardware.slashdot.org/comments.pl?sid=10785103&cid=54690873/

Re:BTW, AMD has a similar bug too

[gweihir]

Well, yes, to a degree. But that _is_ as expected. As CPUs are using every last trick to get faster, the whole design necessarily gets more fragile and needs longer to stabilize. This is no surprise at all. The good thing is that it looks like the current AMD design will be around for a long, long time because I think we have reached the end of large performance improvements and this was the last step. Intel may have one more fundamental re-design, but they may also not, in particular if they cannot really get ahead of AMD that way. And after that, both can do small careful improvements that do not change much and will overcome that fragility again.

Re:BTW, AMD has a similar bug too

You are an idiot if you compare a hardware bug to glitches and cosmic ray occurances. One is something that affects every piece you make, the others are 1 in a billion occurances when they crash a piece of hardware.

Re:BTW, AMD has a similar bug too

[slashdot_commentator]

And you seem to be completely unaware what hardware flaws have been historically found in CPUs. As I said to the other clueless response

Clueless? You're the one who equates this hypertheading bug to some other bug that may crop up once in a billion operations, and doesn't even effect the computed result.

As I said to the other clueless response, go please go away and play with LEGO or something.

I only got one response from you today. Now I know who likes using anonymous coward accounts to make personal attacks. Which I should forward to the mods, even though its unlikely they'll care.

Re:BTW, AMD has a similar bug too

slashdot_commentator you took a shot at APK. He dismantled ya https://hardware.slashdot.org/comments.pl?sid=10785103&cid=54692793/ you started it, he finished you for it. you got what ya deserved so quit cryin! You're out of your league here technically. Face facts. Go back to A+ class chump!

Original Intel DOC

The linked FA does not contain a link to the original Intel DOC:
https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/6th-gen-x-series-spec-update.pdf

Unfortunately it does not contains much info...

Re:As well as what?

[queazocotal]

You can often not simply install an update as a user. There is no way to do so without the BIOS vendor doing it for you.

Re:Zen for the win!

[rudy_wayne]

All you losers with your over-priced Intel crap.

I've used nothing but AMD for 20 years and I have absolutely no probl%#^$^%J NJasllodofufm DUDFUF&&()()FDJJDNDMS .......

HOLY SHIT!

where's BATMAN now?

This makes the FDIV thing look like a walk in Central Park. Groves would roll in his grave if he could.

Re: As well as what?

You can often not simply install an update as a user. There is no way to do so without the BIOS vendor doing it for you.

WTF does 'often' mean?

Either you can, or you can't. And in this case you can.

It would have taken you about 5 second to Google Intel microcode update...

OS-level microcode load exists!

> That's not the end of the story, however, as the microcode fixes need to be implemented into BIOS/UEFI updates as well and it is not clear at this time if all major vendors have included these changes in their latest revisions.

It _is_ helpful for the early-boot software to update the CPU's microcode, but it's not usually necessary. Linux has an on-the-fly CPU microcode updater. I would be shocked if Windows and OS X didn't have the same functionality.

I mean, think about the overwhelmingly common case where you're using an affected CPU on a motherboard that's no longer maintained by the vendor! Are you fucked until you go out and buy new mobos for every machine in your fleet? Lolno.

Oh wait. I fell for the clickbait. Silly me.

Re: OS-level microcode load exists!

That's not the end of the story, however, as the microcode fixes need to be implemented into BIOS/UEFI updates as well and it is not clear at this time if all major vendors have included these changes in their latest revisions.
It _is_ helpful for the early-boot software to update the CPU's microcode, but it's not usually necessary. Linux has an on-the-fly CPU microcode updater. I would be shocked if Windows and OS X didn't have the same functionality.
I mean, think about the overwhelmingly common case where you're using an affected CPU on a motherboard that's no longer maintained by the vendor! Are you fucked until you go out and buy new mobos for every machine in your fleet? Lolno.
Oh wait. I fell for the clickbait. Silly me.

LOL..

Clearly MojoKid expects the microcode update to be delivered by virgins or something.

But honestly, that is fucking embarrassing that he doesn't know how microcode updated work.

Should have went with AMD

AMD: The Quality Goes In Before the Name Goes On.

Re:Should have went with AMD

[sqorbit]

AMD: The Quality Goes In Before the Name Goes On.

See earlier comment about how AMD has a very similar bug.

Re:Should have went with AMD

[Rockoon]

AMD's very similar bug is suggested to only occur with over-clocking. YMMV.

Consider though that if you take Intels updated Microcode you will lose the ability to do base frequency over-clocking entirely on non-K processors whereas before using Intels update you still could on some skylake and ivy models.

So yeah... you get the chance to patch the microcode... but it may be doing things you dont want it to do...

What’s your point, exactly?

[Picodon]

Are you complaining about the topic as being too insignificant to deserve an article (as in: no need to tell people that they way want to update their servers) or are you preemptively commenting that other readers shouldn’t bother to comment on such an insignificant topic?

Re:What’s your point, exactly?

[brantondaveperson]

Ah you feisty person, you. I bet the details of the bug would be super-interesting lots of people, but the article glosses over that, and so I suppose I'm complaining that the article was insignificant (and not very good), the bug is significant but fixed, and I think everyone should comment about how microcode works, so that we can all learn something. Myself included, since I've no idea really.

Re: As well as what?

Either you can, or you can't.

Yep sometimes you can, sometimes you can't.

You seem to see how this works, but somehow you just dont know what that means.

Re: As well as what?

Give queazocotal a break... It's not like there have been hundreds of stories about this on Slashdot in the last 10 years... Packed full of comments from people who know how to update microcode.

Re: As well as what?

Yep sometimes you can, sometimes you can't.

You seem to see how this works, but somehow you just dont know what that means.

Give it a rest...

You 100% can.

End of story.

CRAZY

[barbariccow]

Wow! I kept reading over and over trying to find how it was escalating ring level or information leak through cache etc. but couldn't find it! I reaaaaallly wasn't expecting any type of "flaw" on slashdot to not be about some dumb security mistake. Way to surprise me again, SLUSHBOT

Re: As well as what?

Give it a rest...

You 100% can.

No, you can't:

Skylake:

1. If your processor model (listed in /proc/cpuinfo) is 78 or 94, and the stepping is 3, install the non-free "intel-microcode" package ...

2. For other processor models, disable hyper-threading in BIOS/UEFI configuration.

https://lists.debian.org/debia...

So the issue is not fixable in certain CPUs without disabling HT.

Stop it!

Stop it. Stop it now people!

Don't hurt MojoKid's feelings. It's not his fault that he doesn't understand how simple stuff like this works.

Re: As well as what?

Give it a rest...

You 100% can.

No, you can't:

Skylake:

1. If your processor model (listed in /proc/cpuinfo) is 78 or 94, and the stepping is 3, install the non-free "intel-microcode" package ...

2. For other processor models, disable hyper-threading in BIOS/UEFI configuration.

https://lists.debian.org/debia...

So the issue is not fixable in certain CPUs without disabling HT.

So you acknowledge that this is fixed, that anyone can apply the fix, but your only complaint is that the update isn't 'free as in liberty'?

You won't be happy until they open source the CPU??

Notice how Ubuntu, Microsoft, Apple, etc have taken the update?

Jesus fucking Christ. What has happened to Slashdot?

Re: As well as what?

So you acknowledge that this is fixed, that anyone can apply the fix, but your only complaint is that the update isn't 'free as in liberty'?

No, read my post again. For certain models, the microcode fix is useless. You have to neuter your CPU by disabling hyper-threading. So money spent getting this expensive tech has gone down the drain.

Jesus fucking Christ. What has happened to Slashdot?

Apparently, many readers suffer from reading comprehension problems.

Cold day in hell

[Dunbal]

It will be a cold day in hell before I buy another Intel CPU, let alone let them install microcode on my current CPU.

OCaml

[Cochonou]

It's a bit paradoxical that it was the OCaml team who found this bug, whereas OCaml is notoriously bad at parallelism.

Obligatory:Intel CPU Backdoor Report (May 5 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

Obligatory:Intel CPU Backdoor Report (May 5 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

Inaccurate article and comments

There are a lot of inaccurate comments here. First of all, reloading a new BIOS/system firmware may be the best solution for most users, however it is not the only solution. If you know how you can do a hotfix load of firmware in Linux and I suspect other OSes.

For example, I downloaded the latest firmware from Intel (dated 10 May) and placed it in /lib/firmware. Then running:

echo 1 > /sys/devices/system/cpu/microcode/reload

was enough. In the log is an entry:

[2246029.695843] microcode: updated to revision 0xba, date = 2017-04-09

In addition, the article points to a message on the debian-devel (not users) mailing list. This indicates that i3/5/7 processors with hyperthreading are affected. AFAIK, no i5 processors have hyperthreading, even though the family/model/stepping on my system is indicated in the message as vulnerable.

CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1

Well what is it? Hyperthreading or all skylake/kaby lake? Curious minds want to know.

One last thing. The current firmware package is dated May 10. Seven weeks ago, The firmware itself was produced April 9 -- 11 weeks ago. Unless Intel has not updated yet for this, many posters here are running around with their hair on fire about something already fixed.

But I guess that is normal for slashdot.

Re:Inaccurate article and comments

Mobile i3 and i5s can have hyperthreading enabled.

Re:Inaccurate article and comments

Many i5's have hyperthreading - they're typically 2 cores, 2 threads per core. A few i5's are actually quad-core and have only 1 thread/core, as in yours; they tend to be more expensive than most.

Re:Inaccurate article and comments

As for the firmware, the point in the article was that Intel didn't directly respond; they did issue firmware updates, but we don't know precisely what is in them and whether they fix the identified issue. OTOH, if a firmware patch has been issued, it can usually be manually installed should one wish to: in Linux, instructions were provided in another comment; in Windows, firmware can be updated in the Device Manager.

Re:Inaccurate article and comments

[toddestan]

Nowadays i5's tend to be quad cores without hyperthreading for desktop CPU's, and dual cores with hyperthreading for mobile CPU's. As is typical with Intel there are exceptions. Though back 6-7 years ago the most popular i5 desktop CPUs were the dual cores with hyperthreading, though even back then you could still buy quad core i5's without hyperthreading.

Re:Need to impose penalties for poor products

[telchine]

There needs to be serious penalties for companies that create poor products with serious defects. These flawed processors certainly qualify as inferior products.

You work for AMD, right? :D

Re: As well as what?

No, read my post again. For certain models, the microcode fix is useless. You have to neuter your CPU by disabling hyper-threading. So money spent getting this expensive tech has gone down the drain

I can read your post until I turn blue, but it won't change the fact that you are wrong.

All models have microcode updates, that don't affect hyoerthreading at all.

Please hand in your geek credentials.

Re: As well as what?

different AC, but regardless you are wrong he is right. all of the CPU's can be fixed/updated via microcode, however for some models that haven't had publicly available fixes published you have to go to your vendor and ask them for it. that doesn't mean it requires them to do it, but they are the only ones that will currently have the updates.

Re:Need to impose penalties for poor products

[ChrisMaple]

You obviously have no idea how difficult it is to test all features of a complex CPU with all data patterns and all instruction sequences under all conditions. Product releases would be delayed for years.

I'll keep the old Core2 a while longer...

Core2 quad core w/8G still works well. Missing a few nice things on the motherboard like USB3 and SATA3, but it's good enough for what I use it for now. And afaik it's pre-ME; at least, the tool for finding it doesn't. Yes, a primitive one could be and probably is hidden, but not the one causing all the problems now. Security by obsurity, plus Luddite, wins again?

Re:Zen for the win!

you forgot .kajsdfl^Y&%k(*ajs)&*f CARRIER LOST

Yet the hackers manage it?

Oh fuck off, Intel make billions, they should be able to test it properly if the hackers that hack it can find these flaws.

At the very minimum they could put a bounty out!

YOU obviously have no idea how to do anything but make excuses for sloppy work.

Re:Yet the hackers manage it?

A thousand monkeys at a thousand typewriters... Or alternatively, do you realize how long it takes to research just ONE of these flaws? Many of the people looking for this type of thing are making money in a much different way. I'm all for bounties, but it is absolutely insane to think they will be able to put out a completely infallible product in one go.

There is already a shortage of qualified talent to fill many of the vacancies at these companies and it would get exponentially more expensive to hire on enough people to test like you expect them to in your argument. This would then not only put every bit of this technology so far out of the reach of any reasonable consumer that it would become worthless to produce, but it would take so damn long to test it another company would swoop in and put out their "inferior product" that costs way less and works effectively the same, that the company would go belly up within a few years.

Making billions does not mean the company has an endless well to completely bend the market into some pretzel shape that makes zero sense. You shouldn't start spouting crap off like this without at least a little bit of education concerning business and the damn tech sector.

Re: Yet the hackers manage it?

| There is already a shortage of qualified talent to fill many of the vacancies at these companies and it would get exponentially more expensive to hire on enough people to test like you expect them to in your argument.

I'm with the OP. Fuck off!

Re:Yet the hackers manage it?

Intel fired 15000 people to boost the profit margin at short term. Nobody outside of Intel management team would claim it does not have any downsides on the R&D output quality.

Re: Yet the hackers manage it?

or, you know, they could stop embedding out of band mgmt into the pch

This is why we still need 32-bit

Every time a new flaw is found, be it Windows or Linux kernel, it's always 64-bit versions of stuff. It's probably because of better GPU processing. Hackers use a person's GPU for less footprint and speed. It also wouldn't surprise me if intelligence agencies have given up on keeping up with 32-bit exploits as well since no one uses it anymore.

Re:EASY way to block it (via good routers)

[slashdot_commentator]

I only allow 80, 8080 & 443 in/out here

Awww, how cute.

Did it occur to you that if a hacker is able to modify the IME system, that he can direct the packets to use port numbers other than 16992-16995? 443 would be my goto port.

Re:Zen for the win!

...NO CARRIER ?

Re: As well as what?

All models have microcode updates, that don't affect hyoerthreading at all.

[Citation needed]

Please hand in your geek credentials.

Unless you have proof all Skylake Kaby Lake CPUs have microcode updates that fix the issue without disabling HT, you'll have to hand in yours.

I've lost faith in Intel

[leptechie]

Always interested in the history of computing, I bought Andy Grove's "Only the Paranoid Survive", and was immediately intrigued by chapter one dealing with the Pentium Bug.

I never made it to chapter two. Every focus was on controlling message and image. No acknowledgement this directly affected customers, no outreach, no mitigations. Much anger at people communicating a flaw in the product, and defying Intel's response plan and schedule.

Seeing these reports of the response doesn't fix my impression.

Re: As well as what?

It's a quantum update, you do it and not do at the same time.

Re:Need to impose penalties for poor products

Yet AMD don't seem to have a problem, despite having far less resources to play with than Intel.

These things are Very Hard to Find

Putting aside the conspiracy theories for just a moment...it is the case that these things are hard to test.

Back in the days of the VAX, when Digital had the largest private network in the world (DECnet based), the validation for the FPU included a distributed computing effort called AXE which distributed random bits of FPU code to VAX systems all round the world trying to catch errors in the logic. I have no doubt the problem is exponentially harder now...

Re: Need to impose penalties for poor products

This could be automated. And with ai advances, a human wouldnt need to write the automation at all.

Re: Need to impose penalties for poor products

[X3J11]

Untrue. VME was broken on Ryzen at launch. Fixed with a microcode update.

This probably does not bode well...

[tomxor]

for future intel chips, the microcode is expanding in size at a rapid rate as Intel adds more advanced ISA features, that's now the primary focus since there is not much to be gained from physical improvements.

EASY way to block it (port filtering routers)

See subject: AMT/Intel Mgt. Engine uses ports 16992-16995 & I only allow 80, 8080 & 443 in/out here on a SINGLE stand-alone system - you must also be CERTAIN your router's internal ware is "solid" as well (turn off things like UPnP etc. & HAS NO KNOWN BACKDOOR EXPLOITS (tons do unfortunately) - get it patched ASAP if it's KNOWN exploited & TONS of routers, ARE https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/

* GOOD ROUTERS/MODEMS HAVE PORT FILTERING OPTIONS (crappy ones do not) - No "raspberry PI" needed plus once you disable the AMT engine in software? They can't even produce a malware to 'repatch' this (bios updaters require it in usermode ware, e.g. ASUS).

APK

P.S.=> Good luck - as it's the BEST EASIEST DEFENSE using what you already have (hopefully, again as not ALL modems have port filtering but most do & certainly GOOD ONES DO) vs. this threat by stopping it being able to communicate in/out period, outside of the INTEL chipset, & stopped external to it via a router/firewall hardware... apk

Re:EASY way to block it (port filtering routers)

I thought you only let elephant cock in to you gaping asshole but you you tell me that you let any diseased connection in

F00F, FDIV, and friends

[thegreatbob]

Does this one get a nifty name?

Re:EASY way to block it (port filtering routers)

Hey retard you posted this multiple times already.

Re:EASY way to block it (port filtering routers)

slashdot_commentator: Hilarious to see you pwned by APK constantly https://hardware.slashdot.org/comments.pl?sid=10785103&cid=54692565/ suddenly refusing to use your /. registeredluser account which you brag on and yet you post unidentifiably anonymously. Has self-righteous registered wannabe Christ in yourself turned to Satan? Yes. Hahahahaha. So much for the superiority of registered losers like you. He thought of a valid protection. You haven't.

EZ to block(via port filtering routers)

See subject: AMT/Intel Mgt. Engine uses ports 16992-16995 so filter those ports in a router external to OS/PC.

No "raspberry PI" needed plus once you disable the AMT engine in software? They can't even produce a malware to 'repatch' this (bios updaters require it in usermode ware, e.g. ASUS).

(I only allow 80, 8080 & 443 in/out here on a SINGLE stand-alone system (no home LAN but TCP/IP connected online))

HOWEVER - Be CERTAIN your router's internal ware is "solid" as well (turn off things like UPnP etc. & HAS NO KNOWN BACKDOOR EXPLOITS (tons do unfortunately) - get it patched ASAP if it's KNOWN exploited & TONS of routers, ARE https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/

* GOOD ROUTERS/MODEMS HAVE PORT FILTERING OPTIONS (crappy ones do not) !

APK

P.S.=> Good luck - it's the BEST EASIEST DEFENSE using what you already have (hopefully, again as not ALL modems have port filtering but most do & certainly GOOD ONES DO) vs. this threat by stopping it being able to communicate in/out period, outside of the INTEL chipset, & stopped external to it via a router/firewall hardware... apk

LMAO @ U fake name fuck slashdot_commentator

See subject: Cat got your tongue?? As AMT's software interface = gone (ez) IT CAN'T UPDATE BIOS TO 'flash' it!

* THIS PROTECTS vs. IT, No "raspberry PI" required no questions asked.

(What's the MATTER blowhard bullshitter bigmouth? POSTING UNIDENTIFIABLE AC NOW?? Why not use your FAKE NAME for your FAKE LIFE "registered 'luser'" ACCOUNT NOW??? LOL!)

APK

P.S.=> See, a STUPID BIGMOUTH FAKE NAME FUCK LIKE YOU is NEVER, ever going to get the best of me - you're too stupid! You like calling others that as well as picking on AC posters (who are MORE HONEST THAN A FAKE NAME "ne'er-do-well" DO NOTHING ZERO FUCK LIKE YOU & you know it, loser)

Hahahaha- I went thru your post history & based on your BIG MOUTH I can easily tear you to SHREDS, using YOUR OWN BLOWHARD do nothing/no proof of your BIG TALK bullshit AGAINST YOU -

Say 1 thing - go for it - I'll PUBLICLY HUMILIATE YOU & I take GREAT PLEASURE in CRUSHING big mouth do nothing ALL TALK STOOGES like you (ala Cardinal Richelieu style)... apk

Re: Need to impose penalties for poor products

[douglas.w.goodall300]

Very funny

Re: Need to impose penalties for poor products

So?

Re: Need to impose penalties for poor products

If you really believe that... Oh boy, would you like to invest in some prime real estate? It's just past this bridge...

Tried "downmod hiding" yer FAIL 2x? LOL @ U

Did it occur to you it's in hardware? How are they going to alter that as AMT's software interface = gone (ez) & IF so, provide me proof of it - ok fuckwad?? Good luck! It's unpatchable in USERMODE then so no malware can do it! E.G. ASUS bios update won't work minus Intel Mgt. Engine!

* SEE SUBJECT & YOUR POOR ATTEMPT @ HIDING YOUR FAIL 2x via bogus downmods in the links below of this post you pitiful BLOWHARD FAKE NAME USING FUCK https://hardware.slashdot.org/comments.pl?sid=10785103&cid=54690141/ & https://hardware.slashdot.org/comments.pl?sid=10785103&cid=54690965/

APK

P.S.=> No, shithead - I won't ALLOW you to play those games - & yes WE ALL KNOW it's YOU DOING IT, seeing as you WON'T USE YOUR "registered 'luser'" ACCOUNT NOW (lol, though you "RAVE" on HOW MUCH 'better' YOU ARE FOR IT, you DELUDED little fake name for your FAKE DO-NOTHING ZERO LIFE, motherfucker)... apk

Downmod hiding this too slashdot_commentator?

See subject: AMT's software interface is gone (ez) malware can't flash bios.

* THIS PROTECTS vs. IT, No "raspberry PI" required... no questions asked.

I SEE YOU TRIED DOWNMOD HIDING THIS POST TOO as it proves you WRONG as you have others like it https://hardware.slashdot.org/comments.pl?sid=10785103&cid=54690851/ - yes, we KNOW it's you & yes that's pitiful!

APK

P.S.=> What's the MATTER blowhard bullshitter bigmouth? POSTING UNIDENTIFIABLE AC NOW?? Why not use your FAKE NAME for your FAKE LIFE "registered 'luser'" ACCOUNT NOW??? LOL! See, a STUPID BIGMOUTH FAKE NAME FUCK LIKE YOU is NEVER, ever going to get the best of me - you're too stupid! You like calling others that as well as picking on AC posters (who are MORE HONEST THAN A FAKE NAME "ne'er-do-well" DO NOTHING ZERO FUCK LIKE YOU & you know it, loser)... apk