Slashdot Mirror
Intel Details Cascade Lake, Hardware Mitigations for Meltdown, Spectre (extremetech.com)
An anonymous reader shares a report: Ever since Meltdown and Spectre were disclosed, Intel's various customers have been asking how long it would take for hardware fixes to these problems to ship. The fixes will deploy with Cascade Lake, Intel's next server platform due later this year, but the company is finally lifting the lid on some of those improvements and security enhancements at Hot Chips this week.
One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre. It's hard to quantify exactly what this looks like, because the impact tends to be extremely workload-dependent. But Intel's guidance has been in the 5-10 percent range, depending on workload and platform, and with the understanding that older CPUs were sometimes hit harder than newer ones. Intel wasn't willing to speak to exactly what kind of uplift users should expect, but Lisa Spelman, VP of Intel's Data Center Group, told AnandTech that the new hardware solutions would have an "impact" on the performance hit from mitigation, and that overall performance would improve at the platform level regardless. Variant 1 will still require software-level protections, while Variant 2 (that's the "classic" Spectre attack) will require a mixture of hardware and software protection. Variant 3 (Meltdown) will be blocked in hardware, 3a (discovered by ARM) patched via firmware, with Variant 5 (Foreshadow) also patched in hardware.
One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre. It's hard to quantify exactly what this looks like, because the impact tends to be extremely workload-dependent. But Intel's guidance has been in the 5-10 percent range, depending on workload and platform, and with the understanding that older CPUs were sometimes hit harder than newer ones. Intel wasn't willing to speak to exactly what kind of uplift users should expect, but Lisa Spelman, VP of Intel's Data Center Group, told AnandTech that the new hardware solutions would have an "impact" on the performance hit from mitigation, and that overall performance would improve at the platform level regardless. Variant 1 will still require software-level protections, while Variant 2 (that's the "classic" Spectre attack) will require a mixture of hardware and software protection. Variant 3 (Meltdown) will be blocked in hardware, 3a (discovered by ARM) patched via firmware, with Variant 5 (Foreshadow) also patched in hardware.
Use AMD instead.
From the slide in the FA, Variant 1 (Bounds-Check Bypass, one of the worst variants), Variant 2 (Branch-Target Injection), and Variant 4 (Speculative-Store Bypass) are all still relying on OS/VMM mitigations --- which means that Intel has done absolutely nothing to try to address them.
Still. Broken.
One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre.
It's like getting back the "A" grade you lost after they found out you've been cheating. Sure it's a major concern because now you'll actually have to work for your grade. Meanwhile, there are other students who didn't cheat in the first place. Guess which one I'm going to hire?
Escher was the first MC and Giger invented the HR department.