• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."
  • Community Question: What makes a good motherboard?

Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 60 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

IEC

Elite Member
Super Moderator
Jun 10, 2004
13,925
3,595
136
Inspectre says there is a microcode update for my IB desktop system, but where do I find it?

The one listed above does not list IB desktop chips.
You don't, unless you are lucky enough that your motherboard manufacturer supports microcode updates that far back (unlikely).

Microsoft worked with Intel to implement a microcode patch at boot (for Windows 10 and Server 2016) as a way to address vulnerability in older systems.

https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

Summary:
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

Article:
https://www.tomshardware.com/news/microsoft-windows-spectre-patch-intel-cpus,36614.html
 

LTC8K6

Lifer
Mar 10, 2004
28,523
1,569
126
You don't, unless you are lucky enough that your motherboard manufacturer supports microcode updates that far back (unlikely).

Microsoft worked with Intel to implement a microcode patch at boot (for Windows 10 and Server 2016) as a way to address vulnerability in older systems.

https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

Summary:
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

Article:
https://www.tomshardware.com/news/microsoft-windows-spectre-patch-intel-cpus,36614.html
OK, that explains why the 1231-V3 system is fully patched, but the 4790K and 3330 systems are not.

EDIT, no it doesn't.
 

rchunter

Senior member
Feb 26, 2015
933
72
91
Supermicro came out with the bios patches for their haswell based boards. I applied 2 yesterday, plus I updated the ipmi firmware on both my boards also.
 
  • Like
Reactions: wahdangun

LTC8K6

Lifer
Mar 10, 2004
28,523
1,569
126
Okay, went ahead and installed the new beta BIOS from ASUS for my Z-97A 4790K system.
Inspectre reports all good now.
 

jpiniero

Diamond Member
Oct 1, 2010
8,502
1,487
126
That seems highly unlikely given that a complete overhaul in chip architecture is required to actually fix Spectre and Meltdown. They can only "mitigate" the chip flaws until there is a new architecture.
Yeah, a hardware mitigation instead of a real fix. But that might be good enough for now.
 

beginner99

Diamond Member
Jun 2, 2009
4,672
1,080
136
How bad is this for AMD?
https://www.theregister.co.uk/2018/05/25/researchers_crack_open_amds_server_vm_encryption/

I know that there's some extraordinary conditions that are needed, but even so SEV should prevent the information to be extracted in plain text, that information should have come encrypted, right?
I'm gonna say if you have a hostile server admin or a malware infected hypervisor, this problem is gonna me a tiny, tiny concern compared to all the other issues you will be facing.
 

moinmoin

Platinum Member
Jun 1, 2017
2,079
2,495
106
But SEV purpose was to prevent this from being possible?
The primary purpose of SEV in cloud computing would be making it impossible for one VM to read the memory of another VM. That's not broken with this, the VM would still need to capture and fully control the HV first.

So it's a severe bug that ought to be fixed, but it doesn't affect SEV's current use case.
 
  • Like
Reactions: lightmanek

IntelUser2000

Elite Member
Oct 14, 2003
7,249
1,839
136
Is it realistic to believe intel will have hardware fixes for new chips by the end of the year?
From the Anandtech article:
their specific wording is that the changes will be included in 8th gen Core processors “expected to ship in the second half of 2018.
Meltdown and Spectre has variants. Some versions will be patched in hardware, while some will be patched in software. The software patched one is because it requires a bigger architecture change. They've known about this problem for some time, which is why they can have it by end of the year. But didn't know early enough to patch all.
 

LTC8K6

Lifer
Mar 10, 2004
28,523
1,569
126

thecoolnessrune

Diamond Member
Jun 8, 2005
9,464
385
126
Yes, it's about 1.5 months old now. Not sure why it is being reported again?
It's part of this batch:

https://www.tomshardware.com/news/spectre-ng-vulnerabilities-intel-arm-amd,37002.html

We knew at the beginning that more variants of the flaws would likely be discovered over time.

None of them should be a problem for home users, though.
That's a really simple answer. We didn't know anything about it then. The article you linked even noted everything was "scant on details".

Now we know some more due to disclosures. There's a small article on Toms Hardware giving a few details, including why it's being reported again. https://www.tomshardware.com/news/intel-processors-lazyfp-speculative-execution,37302.html
 

LTC8K6

Lifer
Mar 10, 2004
28,523
1,569
126
That's a really simple answer. We didn't know anything about it then. The article you linked even noted everything was "scant on details".

Now we know some more due to disclosures. There's a small article on Toms Hardware giving a few details, including why it's being reported again. https://www.tomshardware.com/news/intel-processors-lazyfp-speculative-execution,37302.html
I wish they would not release the info to the public until patches or mitigations are ready, but it seems headlines and clicks are more important.
 
  • Like
Reactions: ryan20fun

Mr Evil

Senior member
Jul 24, 2015
462
185
116
mrevil.asvachin.eu

LTC8K6

Lifer
Mar 10, 2004
28,523
1,569
126

thecoolnessrune

Diamond Member
Jun 8, 2005
9,464
385
126
I wish they would not release the info to the public until patches or mitigations are ready, but it seems headlines and clicks are more important.
This was responsibly disclosed, and continues to be responsibly disclosed in about the most efficient way possible given the surrounding factors. Both the entities (Amazon Security Research and Cyberus) are highly reputable and have skin in the game (especially given the AWS Datacenter underpinnings Amazon Security Research supports). Why do you believe "headlines and clicks" are driving this effort? This disclosure, and many of the Meltdown / Spectre disclosures have been handled very well given the scope, especially compared to that farce of a disclosure that was Ryzenfall.
 

Mr Evil

Senior member
Jul 24, 2015
462
185
116
mrevil.asvachin.eu
Except that Intel's page is dated 6/13 and the Cerberus page is dated 6/6, so it was already public.
As I stated, only the existence of the vulnerability was made public. It even says on the very page that you linked to:
https://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html said:
The Attack
This section is currently withheld by request from Intel.
 
  • Like
Reactions: DarthKyrie

ASK THE COMMUNITY