This article is more than 1 year old

If at first you don't succeed, you're likely Intel: Second Spectre microcode fix emitted

Mitigations for chip design vulnerabilities, take two

Updated For the second time of asking, Intel has issued microcode updates to computer makers that it prays says will mitigate the Spectre variant two design flaw impacting generations of x86 CPUs spewed out over previous decades.

Yep, old Chipzilla has turned up at the scene of the metaphorical IT industry earthquake with a dustpan and brush*: the firmware updates are for the sixth generation (Skylake), the seventh generation (Kaby Lake) and the eight generation (Coffee Lake), the X-series line and the Xeon scalable and Xeon D processors.

Since 2 January, when The Register exposed the existence of the Meltdown and then Spectre chip design blunders, Intel and other CPU vendors have been working to mitigate the vulnerabilities.

frightened looking woman with hands over eyes

You can't ignore Spectre. Look, it's pressing its nose against your screen

READ MORE

The 12 January release of the firmware updates for Meltdown and Spectre made PCs and servers less stable, and so vendors including Lenovo, VMware and Red Hat delayed rolling out patches.

“We have now released production microcode updates to our OEM customers and partners,” said Navin Shenoy, veep and GM for mobile client platforms at Intel. “The microcode will be made available in most cases through OEM firmware updates”.

Intel said the firmware is in beta mode for Sandy Bridge, Ivy Bridge, Haswell and Broadwell. The microcode patch update schedules for the chips are here.

Shenoy said there are “multiple mitigation techniques available that may provide protection against these exploits”, including Google-developed binary modification technique Retpoline (white paper here).

According to Google: “Retpoline sequences are a software construct which allow indirect branches to be isolated from speculative execution.

“This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches”.

Retpoline is a portmanteau of return and trampoline: it is a trampoline construct built using return operations which “also figuratively ensures that any associated speculative execution will ‘bounce' endlessly.”

Intel, which is facing 32 separate lawsuits in the US over Spectre and Meltdown - from both customers and investors - extended its “appreciation” to the rest of the industry for their “ongoing support”.

Some hard pressed techies dealing with the fallout are not yet convinced of Intel’s latest microcode update, at least ones that expressed doubts on Reddit.

“Don’t patch yet,” was the advice from one, “MS had to revert one of Intel's fixes already. Best to wait until it's verified not to cause issues with the OS."

Another said, “I would imagine… at least hope, that the second time around they’d make sure they get it right. But probably still a good call.”

A third said he was “cautiously optimistic” as it will still be “up to the motherboard manufacturers to provide BIOS updates”.

And therein lies the problem, pessimists are rarely disappointed, but for optimists… it is the hope that gets them in the end. El Reg suspects Linux supremo Linus Torvalds, based on experience, fits into the former bracket where Intel is concerned. ®

* Sorry, Sean Lock, couldn't resist pinching your joke.

Updated

Intel told us it has not yet ascertained the performance impact the latest patch update may cause. "We do expect to provide more information on this in the future," a spokesman told us.

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like