Our near term focus is on delivering high quality mitigations to protect our customers infrastructure from these exploits. We’re working to incorporate silicon-based changed to future products that will directly address the Spectre and Meltdown threats in hardware. And those products will begin appearing later this year.
(Gotta wonder if they mean to tackle both at the same time, and whether that is an inclusive ‘and’, but still.
Following on: does this imply ‘more lead time’, does this mean ‘we’ll be fixing the easy stuff this year’, or is this actually possible with them having enough money to throw at the problem?)
Well, it depends on what all those bolded words mean – does it mean they’ll be launching something that addresses meltdown as low-hanging fruit, spectre down the road? Does it mean ‘1 consumer part to come this year’? All? Etc.
And it depends on how long they’ve been working on this internally, without acknowledging it…
Never underestimate Intel.
They have the budget, knowledge, tech and tooling to do that if they want to.
For all I know intel Skunkworks probably already made a fix to parts of the issue X years ago which then got nixed and mothballed instead,
Like I said somewhere earlier in this thread.
Intel will focus on security like mad-men in-order to come out on top and claim the high-ground.
Loudly claiming once again to have the most secure processors in the world.
And I’m saying this as a long time AMD user.
Intel is an unstoppable technological industrial force if it want’s to be.
They have the majority of the best paid engineers in the microprocessor industry.
And Intel Management will work them to death to save their own asses.
Intel certainly has a ton of resources. They have really good people, tons of money and their own fabs. I think what they mean with “later this year” is that CPUs will ship with the microcode updates from the factory. But you never know, they might spend a ton of resources and produce something more substantial. It will be interesting for sure. I need more popcorn. And beer, lots of more beer.
Addendum: I get that they probably can fix Meltdown (variant 3) in silicon relatively easy but rather hard/impractical to fix it in microcode (I’ve had some details explained to me, I almost feel smart now lol). Spectre 2 (branch predict) is probably trickier, but maybe they’ll just add a PCID tag in the branch predictor cache? Spectre Variant 1 (bounds check) I have no clue how they would fix in silicon. But I’m far from a CPU designer, just some idiot on the internets.
It’s too unstable. Eventually it might be. Redhat rolled back their microcode bundle because of side effects on some hardware combinations and Ms is doing the same. So best bet right now is bios or uefi update from hw vendor
Intel is supplementing that guidance to include two new resources provided today by Microsoft:
For most users – An automatic update available via the Microsoft® Update Catalog which disables ‘Spectre’ variant 2 (CVE 2017-5715) mitigations without a BIOS update. This update supports Windows 7 (SP1), Windows 8.1, and all versions of Windows 10 - client and server
Also - they confirm that a new microcode fix is ‘under way’…
Both of these options eliminate the risk of reboot or other unpredictable system behavior associated with the original microcode update and retain mitigations for ‘Spectre’ variant 1 and ‘Meltdown’ variant 3 until new microcode can be loaded on the system.
For those concerned about system stability while we finalize these updated solutions, earlier this week we advised that we were working with our OEM partners to provide BIOS updates using previous versions of microcode not exhibiting these issues, but that also removed the mitigations for ‘Spectre’ variant 2 (CVE 2017-5715)
Well if the micro code (or whatever the fix is) is ONLY in the BIOS updates, then might be worth covering in The news that some manufacturers aren’t (or at least havent yet) adding bios updates for x99 or earlier motherboards. For example my MSI X99A Raider’s most recent update is from 2016.
I didn’t do a thorough look but many boards that aren’t X299 or Z270 don’t have a patch. I checked MSI and Asus.