Slashdot Mirror
Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown (geekwire.com)
Intel said on Thursday it is introducing hardware protections against the Spectre CPU flaw that was discovered last year. From a report: Starting with the Cascade Lake version of its Xeon server processors later this year, Intel will incorporate "protective walls" in its hardware that prevent malicious hackers from using speculative execution techniques to steal private information from the secure part of the processor. These fixes will also ship with the PC version of the Cascade Lake chips, but the tech industry has been much more concerned about the effect of these design flaws on server processors running in data centers and cloud vendors.
The new fixes allow Intel to still benefit from the performance advantages of speculative execution -- in which a processor guesses which upcoming instructions it will need to execute in order to speed things up -- without the security risks. The hardware changes address Variants 2 and 3 of the Spectre and Meltdown issues first disclosed in early January, and software fixes should continue to address Variant 1, Intel said.
The new fixes allow Intel to still benefit from the performance advantages of speculative execution -- in which a processor guesses which upcoming instructions it will need to execute in order to speed things up -- without the security risks. The hardware changes address Variants 2 and 3 of the Spectre and Meltdown issues first disclosed in early January, and software fixes should continue to address Variant 1, Intel said.
Intel will incorporate "protective walls" in its hardware ...
Big, beautiful walls and Intel will get AMD to pay for them. :-)
It must have been something you assimilated. . . .
Intel has already failed at exactly that before :
IntelME was supposed to be exactly that: a separated isolated ARC core in the chipset, that was used to handle administrative tasks even if the main x86 CPU was shutdown (IntelAMT - Intel own NIH syndrom "lights out management" vaguely similar to IPMI). Got further repurposed for some trusted security tasks (TPM), got further repurposed for DRM related task, used also for critical steps to bring the hardware up.
And was the target of attacks and exploits last summer. Attacks that thus work EVEN when the main x86 CPU is turned off (remembre, before the overarching list of roles, it began as an IPMI-like solution). To the point that vendors like DELL started offering new BIOS/UEFI firmware, in which the Intel ME code was stripped to the bare strict minimum for just the "bring hardware up" part.
But I'm sure *this time around* the walled secure CPU core that Intel promise will be flawless and never exploited~~
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
AMD has its bugs, but one new feature that they have implemented is RAM encryption. This way, one VM has no way of obtaining content from another VM's RAM space, should a leak be possible. Why not be proactive in dealing with virtualization and keeping stuff separate, perhaps adding some pipeline randomization to foil side channel attacks?
Intel knows what they are doing. Might as well be ahead of the curve and add some useful security features.
Partitions inside Intel CPUs? How often will we have to re-format the damn things?
#DeleteFacebook
No, these are rather small modifications to existing designs: moving protection checks earlier (for meltdown) to prevent speculative execution past a guaranteed exception is not a complete redesign.
The protection bits are in the TLB entry, that you need to look up for address translation anyway, and then they may be checked in parallel with the cache access. Compared to looking up the tags for an 8-way (or 4, can't remember) cache access, checking the protection is simple.
Recent chips have 57 virtual address bits of which only the 12 lower go without translation, the TLB is at least 4 way set associative, so this means that you need 4 45 bit comparators to select the TLB entry. Once translated, the L1 cache lines are 64 or 128 bytes on a physical address range of 46 bits, so this means that the cache tags are 39 or 40 bit wide (some AMD CPUs even allow a larger physical address space).
Therefore, for the address translation and cache tags matching, you end up with at least 8 comparators about 40 bits wide each, more if the associativity is higher.
Well, the protection bits in the TLB and the current privilege levels altogether are less then 8 bits (2 for the current privilege level, 3 or 4 for protection in the TLB entry).
Completely negligible in terms of silicon area. Of course the logic has to be able to say: stop here, but it already needs to take into account the case of a TLB miss, and of a cache miss. It's probably not that hard to change the logic to treat a protection violation as a TLB miss, except that all that logic in Intel's core dates back to the PentiumPro...
You work for Oracle?
While you went about paying a company to diss AMD, I checked CTS' report, found out one of my intel systems uses one of the mentioned vulnerable chipsets, the ASM1142, for its USB 3.1 controller.
I bet that the PoC exploit would work on the intel platform right out of the box, if the CTS code isn't full of shit.
Gimme a copy so I can test it out.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
We called it "mandatory security levels and categories" (eg, Dockmaster.mil), and then reinvented them for minis (eg, Trusted Solaris) and micros (eg, SELinux), and now Intel is doing the category part in hardware, just like Multics. Methinks they're a tiny bit behind the times...
davecb@spamcop.net