Intel's 8th-Gen Xeon and Core Processors Feature Redesigned Hardware to Address Spectre and Meltdown Vulnerabilities

[k27]

"We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3. Think of this partitioning as additional “protective walls” between applications and user privilege levels to create an obstacle for bad actors."
https://newsroom.intel.com/editorials/advancing-security-silicon-level/

• What about Spectre Variant 1?
• New levels of protections: Probably no real fix; sounds IMHO more like hardware level mitigation.
• Many people already think that the problem is solved with the software updates; no it is not (at least Spectre; Meltdown Software fix works, but can lead to greater performance disadvantages - depending on the application and maybe also the OS).

And it is often forgotten or ignored that the Apple A SoCs are also affected.

 

[iReality85]

This is what I was coming to ask. I've got an Intel 8700K, which is 8th gen. So, they are just releasing a new version with a hardware fix. What kind of warranty do processors have? Maybe I deserve a free upgrade.

Yep, new batches of Coffee Lake processors will be manufactured with the hardware fixes starting in Q3. Unfortunately, I think you're stuck with your processor, but on the bright side the 8700K is no slouch! Even with the fixes you should barely notice any performance difference compared to older processors.

 

[bruinsrme]

Yes because you both have super secretive data that everyone wants!

It's a non issue for 99% of the world. Nobody is going to target the average person. There's nothing to gain. If I were going to exploit this flaw (which is pretty hard by the way), it would be on a Fortune 500 company, bank, intelligence agency or government agency that would net me something for my time and energy.

Not to see your pr0n or access the $500 dollars you have in your bank account.

Wait you mean I can’t pay the IRS in iTunes cards either?

I do feel safer mailing my tax returns through the mail than online.

Sorry my sarcasm is running high today.

Update and move on is my thinking.

 

[dannys1]

That's not right.

I got a logic board replacement on MBP 15" (Late 2016) last week. After the repair my MBP came with 10.12.3 installed and I upgrade to 10.13.3. As per Geekbench CPU benchmark, there is 10% performance loss as below:

https://browser.geekbench.com/v4/cpu/compare/7364843?baseline=7353633

So far the performance has gone down progressively with Mac OS updates over time so I haven't realised but it was quite evident when I ran Geekbench before and after the upgrade with no other changes to the default installation.

Well that hasn't happened for anyone else or across mountains of tests which were done to asses any change. Nor for all of my Mac computers.

 

[c deerinck]

I tried to watch the video.

The "scout" analogy was an interesting perspective until it took a twist that is completely unrelated to how Spectre and Meltdown work. Why do people feel compelled to use a false analogy, if they can't understand something? It isn't that difficult to understand, nor to convey.

I read an excellent summary of both techniques, and it took maybe 5-10 minutes to understand how they programmed the details. While it too was an oversimplification, it was done without ever straying from the truth. This video, unfortunately, seems to have been done by someone who prefers graphic symbolism over reality.
[doublepost=1521220165][/doublepost]

I was going to buy a new MacBook in January until all this came to light.

Can’t wait for new MacBooks now!

Are you aware that MacBooks are not susceptible to Spectre or Meltdown? Apple patches this in 2017, before they ever became mainstream knowledge.

 

[catportal]

I was thinking the same thing. Why do they HAVE to build SE into the chips in the first place. Like if you clearly know what the issue is, why continue to build chips with that "feature"? I get that it saves time, but at the cost of security? Is this lost on them or am I missing something here?

Yes, its not just 'saves time', speculative execution is one of the LARGEST performance indicators of a modern processor today.

Take for example, some code that says if this, do that, otherwise do this
normally, each instruction your computer does is broken into multiple steps, these steps are pipelined so that multiple instructions can be in flight at any given time; however when you come to the problem I posted above, any subsequent action of the "if" is dependent on the condition, this is a hard barrier for computing, barriers are slow, very slow. Speculative execution can do many things to speed this up 1) it can use past indicators to speculatively assume the "this" or "that" so which your code runs it, it doesn't stop. Another way is to execute both options and throw away the wrong one when you know which path to take. The 'security' issue you are talking about is not really an issue for personal computers where you are running multiple programs side by side from multiple people. That is already a much worse security vulnerability. In the datacenter case, it is different because companies can be running very proprietary software and you don't want another virtual machine to be able to read your stuff.