Intel Says Some CPU Models Will Never Receive Microcode Updates (bleepingcomputer.com)
An anonymous reader writes: Intel released an update to the Meltdown and Spectre mitigation guide, revealing that it stopped working on mitigations for some processor series. The Meltdown and Spectre mitigation guide is a PDF document that Intel published in February. The file contains information on the status of microcode updates for each of Intel's CPU models released in the past years. Intel has constantly updated the document in the past weeks with new information about processor series and the microcode firmware version number that includes patches for the Meltdown and Spectre flaws.
An update published on Monday includes for the first time a "Stopped" production status. Intel says that processors with a "Stopped" status will not receive microcode updates. The reasons basically vary from "redesigning the CPU micro-architecture is impossible or not worth the effort" to "it's an old CPU" and "customers said they don't need it." The following Intel processor products received a "Stopped" status marker: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, Wolfdale M0, Wolfdale E0, Wolfdale R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield, and Yorkfield Xeon.
An update published on Monday includes for the first time a "Stopped" production status. Intel says that processors with a "Stopped" status will not receive microcode updates. The reasons basically vary from "redesigning the CPU micro-architecture is impossible or not worth the effort" to "it's an old CPU" and "customers said they don't need it." The following Intel processor products received a "Stopped" status marker: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, Wolfdale M0, Wolfdale E0, Wolfdale R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield, and Yorkfield Xeon.
I'm sorry, but if I'm investing in a high-end, server-class CPU, I expect it to be supported for as long as is reasonably possible. If they said they weren't updating 10 year old Celerons or Atoms, that might be understandable. But Xeons? Let's just say I don't plan to every buy one again, at least so long as AMD represents a reasonable alternative. In fact, I will always stick with AMD (as I long have, for other reasons) until and unless Intel makes some kind of definite, enforceable support commitment.
Nonaggression works!
Apparently what's inside is the experience of abandonment.
Please note, that just because it receives a microcode update, doesn't mean it's secure. The processors are still buggy as hell.
"First they came for the slanderers and i said nothing."
Can we get a run down of the retail names for these CPUs? I feel like Intel is running a fast one on us through these code names.
Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, Wolfdale M0, Wolfdale E0, Wolfdale R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield, and Yorkfield Xeon
Are these 2012 or 2014 i5s or i7s? Xeons, are they the server or high end desktop kinds. Did HP or IBM use them in their products? Where should I be looking for more information guys?
'Intel says that processors with a "Stopped" status will not receive microcode updates. The reasons basically vary from "redesigning the CPU micro-architecture is impossible or not worth the effort" to "it's an old CPU" and "customers said they don't need it."'
Well, I am writing this on an Intel Core i-7 940, and I *do* need it. I paid quite a lot for this PC (although a while ago) and I don't see why I should not expect it to work reliably.
In general, moreover, it seems axiomatic that anyone who owns and is using one of those processors marked "Stopped" does need a fix.
It seems that Intel is ready to admit that it was (and may be still) unable to design and build processors that were dependably secure in normal operation.
Also that it is willing to let its customers down without compensation.
I am sure that there are many other solipsists out there.
Live by the QWORD, die by the QWORD.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Speaking for myself, at least, I have no axe to grind with Intel employees in general. I am sure they are mostly splendid people, quite brainy, and morally admirable.
I suspect that the people responsible for this and other disasters are mainly PHBs (within the strict meaning of the term). Who listened to their Alices and Dilberts explaining the risks, and then decided to rush right ahead anyway, because it's the quarter's bottom line that counts.
I am sure that there are many other solipsists out there.
the deafening cacophony of cheers and laughter as class action suit attorneys joined hands together again in a fit of glorious praise. For today, the Intel legal team had truly blessed them with a bountiful harvest. Yes, truly, the second summer home in the Hamptons would see a new wet bar and game room after all.
Good people go to bed earlier.
It's okay. Who wants updates anyway? ### REFUND ### is the word! ;-)
Intel has so many CPUs that they can't even keep track of all of them.
They listed the old Core 2 Duo of my Mac mini as STOPPED (shocking, I know), but I can't even find the i5-4660 of my gaming PC in the document.
#DeleteFacebook
So what, your phone manufacturer can't be assed to support UTF-8.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Really wish Apple had gone with AMD.
New wish. Apple should buy Intel for their fabs and shut the rest down.
Are the new i5, i7 and i9 CPUs also vulnerable to these flaws?
#DeleteFacebook
You can still buy parts for a 1955 Chevy or a 1964 Ford Mustang so why not an old computer?
For all the noise about "The Environment" you can do more by just using things as long as possible.
...didn't realize Trump worked for Intel's marketing department ;)
On a more serious note, the real reason is kinda two-fold:
* The marketing ROI is crap for many of these CPU models, to the point where the goodwill generated is gonna be way too low for the effort required to implement the fixes in them.
* The second reason can be summed up as "...maybe it's time to for you to buy some new gear...", which is still pretty much in Intel's favor (of course there's always going to be folks who get pissy enough about it to buy AMD CPU gear, but I'm betting that since most folks only see these fixes as a hindrance, the number of people going to AMD over this is not much more than statistical noise...)
Quo usque tandem abutere, Nimbus, patientia nostra?
As long as "Full generic retpoline" is reported in the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file, Spectre (and likely Meltdown) are not a concern.
The best was to accomplish that for Red Hat environments is to install Oracle's kernel RPM for the "Unbreakable Enterprise Kernel" (UEK).
A BIOS update would certainly be nice, but it's not necessary. The OS can apply microcode updates (both windows and linux) during boot time. Also, these microcode updates don't survive a power-off event. There is no flash memory on the CPU. The OS would need to apply the microcode on every boot, which is what it does.
Incorrect. Most operating systems have the ability to upload a microcode update very early in their boot process.
This link explains the Linux driver: microcode.txt
If I remember correctly, Windows has a similar method(but I do not know Windows well enough to confirm this).
AMD isn't pushing a Spectre fix for older CPUs. Nor is Qualcomm for Snapdragon. Nor is Samsung for Exynos. We could go on for quite a long time with such a list.
If you need the fix for your i7 which Intel has abandoned (just like all the vendors above), run a modern Linux kernel where you see the file /sys/devices/system/cpu/vulnerabilities/spectre_v2. If this file contains the word "Full" then your kernel is protected, and you don't need microcode.
The microcode is only required on Skylake and newer for full remediation.
You can update microcode post boot. Is there some specific reason this cannot be done?
Yeah, that could be taken several different ways, but let's just say that even though I'm well past the prime of my youth, I rarely get complaints about either one.
Nonaggression works!
Do you think that ARM will be replacing all the Cortex A75s that are vulnerable to the full range of Meltdown and Spectre vulnerabilities? Are we sure that Apple's ARM implementations will have superior security architecture?
Or that unpleasant feeling of fullness while being raped?
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
OpenBSD just got this capability also.
$ rpm -qi microcode_ctl | tail -3
The microcode update is volatile and needs to be uploaded on each system boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts back to the old microcode.
Same here. I don' game on my PC so I don't need anything fancy, just an average graphics card and some RAM (12GB because it was cheap). Everything runs just fine (Windows 10 and Ubuntu). We're long past the 'need to upgrade every 3-4 years or be left in the dust' thing.
None of this makes me feel any more inclined to favor Intel over AMD. This isn't their first "brown paper bag" bug and I doubt it will be their last.
AMD has bugs in their chips too. They're vulnerable to Spectre as well.
If only a 3 year warranty is even offered on some of the highest-end chips they made at the time, when some new cars are warrantied for 10
You only see a 10 year warranty on powertrains (which seldom break) and even then it isn't a 10 year warranty, It's typically a 10 year OR 100,000 mile warranty, whichever comes first. The comprehensive warranties are 3-5 years OR 30-50K miles.
I think that says something really awful about even Intel's own assessment of whether its products can be supported in the long term.
Find me ANY large chip maker offering support on a ten year old chip. Why would they offer support on chips that by computer industry standards are ancient when none of their competitors do either? AMD certainly isn't offering 10 year warranties.
AMD may or may not be drastically better, but Intel has set a very low bar, and it is going to take them serious time to earn back my business, assuming they ever do.
Sounds to me like you already preferred AMD and were just looking for a reason to bash Intel. If you prefer AMD that's fine. They make good products in general and I'd have no quarrel with someone choosing AMD chips. But if you think AMD is going to be any better on the support front than Intel you are being naive.
processors do not identify to an operating system as "FurTongue Hyper," they identify with some alphanumeric code. so it does no good to say FurTongue45 is supported and DirtyTail6 is not. the whole thing is a load of nonsense that hides what's under the hood. a pox on all chipmakers' houses.
if this is supposed to be a new economy, how come they still want my old fashioned money?
The sheer number of insults being thrown at Intel over this issue is pure amazement. Comparisons to cars (#causeSlashdot) and of course to AMD (#flameon), but it seems to me that there are far too great of expectations for the level of support a company should provide, especially given the sheer complexity of a processor and how it relates to security threats. To expect the design of something like a general purpose CPU to be perfect out of the door and error-free for the next several decades seems ridiculous to me. The claims that people now have to throw away their hardware because of this seem equally ridiculous.
At some point, ANY for-profit company is going to stop supporting an old product, especially in a low-margin environment. The sheer rate of technological advancement almost necessitates that. Let's stop blaming Intel for what is effectively an industry-normal rate of support. Consider that 10 years ago:
We were on the 2.4 Linux Kernel (no longer supported with updates)
Intel Processors were running on LGA775 sockets (NewEgg sells only 2 compatible motherboards directly, both from ASRock. ASUS/Gigabyte/ETC all don't sell compatible motherboards anymore)
We were running RHEL 2/3/4, all of which are no longer supported
But I don't see anyone griping that these other entities are engaged in the practice of forced upgrades, leaving their trusted and loyal customers hanging in the face of growing security concerns. So maybe all the Intel bashing should either subside or should be expanded to the entire industry, but I think the latter is a bit naive. Security threats evolve, new ones are created, old ones forgotten or mitigated. If it were easy, there wouldn't be a dozen new packages to update my OS every day. Remember that Intel can't just push all updates to these older architectures by themselves either, some require BIOS updates and now you're expecting motherboard companies to update a product they haven't touched in a decade as well.
Using Kinfocenter I saw my CPU is listed as an i7-2760QM
The search for i7-2 brought it up, they call it a Sandy Bridge.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Correct me if I am wrong but I don't think Windows applies microcode.
12:50 - press return.
How else is Intel going to get even richer? Users that run old hardware, simply because it is still good enough are a plague in Intel's profits! This is a perfectly fine opportunity to force them to upgrade and should not be missed.
In completely unrelated news, I am currently planning to get a nice new Ryzen 2 system when they become available.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
So that's just a few weeks from (an of course premature and ill-conceived) "oh, my server's CPU doesn't seem to be affected" (because in the beginning of the spectre/meltdown aftermath it wasn't even on Intel's official list) to "oh, my server's CPU not only is very much affected indeed, it won't even get the necessary microcode anymore". And no, that server is definitely not being used in a closed environment. And no, it is neither uncommon nor unreasonable to use ten-year-old servers for purposes which need limited horsepower, while still profiting from all the bells and whistles of a server like a lights-out feature with its own network interface and a full-fledged RAID controller.
Thank you, Intel, for giving me such a determining reason for future purchase decisions, the next of which seems to be closer than I thought until a few minutes ago (or wanted, for that matter).
You're wrong.
In the first generation mobile Core i processors (i7-xxx and i5-xxx), the low end ones (i7-6xx, i5-4xx, i3-3xx) are fixed, but the higher end ones (i7-7xx, i7-8xx, i7-9xx) are being stopped. Same is true with the desktop processors.
I suspect that's a matter of what's architecturally viable to fix as opposed to *ahem* marketing considerations. Perhaps the processor in question has more aggressive speculative execution baked into the hardware that's difficult (if possible at all) to mitigate.
I'll admit a certain amount of distrust of Intel right now. They did not behave as I expected them to.
Seriously not meaning to sound snide but perhaps your expectations are unrealistic? I think there is no reasonable basis to expect AMD would have behaved any differently than Intel in the same situation. Intel has done pretty much exactly what I expected them or any rational profit seeking company to do.
* The second reason can be summed up as "...maybe it's time to for you to buy some new gear...", which is still pretty much in Intel's favor (of course there's always going to be folks who get pissy enough about it to buy AMD CPU gear, but I'm betting that since most folks only see these fixes as a hindrance, the number of people going to AMD over this is not much more than statistical noise...)
To me, the "customers said they don't need it" part (when applied to Bloomfield and Gulftown) sounds like "the crowd who's spent hundreds of dollars for a few % speed increase would wilfully opt out of the performance-crippling patches anyway". Though I've seen a few posts here contradicting that line of reasoning.
Running a old Dell T5400 with the dual Harpertowns that I picked up used. No microcode patch to slow me down, no sir!
Dual quad cores running at 3Ghz. That's like 24Ghz right?
Average Intelligence is a Scary Thing
These are the Core 2 and very first Core I series processors from 8 to 10 years ago.
Hour long are they expected to keep updating microcode? Especially when apparently their customers that pretty for support don't want too bother with these old CPUs
also I7 no ecc less pci-e less ram channels lower ram cap.
"Intel- Experience when it's inside you with no lube"
> apply the microcode on every boot
Only after a powercycle, reboot keeps the updated firmware in CPU.
Looks like I'm already covered:
#~> cat /proc/cpuinfo | grep -e model -e bugs | head -3 | tail -2
model name : Intel(R) Core(TM) i7-4771 CPU @ 3.50GHz
bugs : cpu_meltdown spectre_v1 spectre_v2
Il n'y a pas de Planet B.
I miss the golden days of "Socket 7", when I went for what seemed like almost 10 years by just swapping CPUs (at one point, keeping the current cpu & replacing the mobo with another socket 7 mATX board for some reason I can't remember. No matter how hard Intel tried to kill it, everyone else treated it like a de-facto standard & it just became even MORE entrenched until PC-100 ram finally became too limiting (and expensive... from what I recall, 128mb of pc100 cost about 2-3x as much as 128mb of pc133 or DDR-1, to the point where you could pay for a new mobo with the ram savings alone).
They're not kidding when they say "sometimes its impossible". Microcode is NOT general purpose code. There's only so much you can do with microcode, and it often involves just messing with voltage timings and gates that are already part of the silicon. Granted, I'm sure some supply-demand / cost/benefit analysis is going on, but please challenge the assumption that they can just 'fix the bug' with microcode updates.
You largely can't reprogram what the CPU's underlying silicon actually does, using microcode. People keep talking about it like its some complete programming language. It is not.
a better analogy would be that it is similar to a program that is running the system for controlling railroad track switching. You can make the trains do a lot by making them switch tracks and change direction and so forth, but there's only so much you can do - the tracks they go on and the location of the switches are pre-set.
Oh never mind, the 'customers said they don't need it' was paraphrased from the following sentence in TFA: 'Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.' So that makes it more likely they were actually referring to the 'SoFIA 3GR': a low-powered Atom part.