Intel Hardware Fixes For Spectre, Meltdown & More: What We Know


A few weeks after the Meltdown and Spectre processor vulnerabilities were disclosed in January, Intel promised that new CPUs coming out later this year would include hardware-level protections. In August, we learned more specific information about the kind of silicon-based mitigations that will come in upcoming Core and Xeon processors.

Since the disclosure of Meltdown and Spectre, there have been a total of six variants of the side-channel vulnerabilities disclosed. The first three were the two variants of Spectre and one variant of Meltdown. Then in May, two more were disclosed: Variant 3a, which is in the same family as Meltdown, and Variant 4. Most recently, the fifth variant was disclosed in August as L1 Terminal Fault, a vulnerability that researchers named Foreshadow.

[Related: Intel's Foreshadow CPU Vulnerability: Here’s What Eight Vendors Are Telling Their Partners To Do]

Hardware-level protection in next-generation Xeon Scalable processors and new eighth-generation Core processors have been teased as early as March, when Brian Krzanich, Intel's CEO at the time, said they would arrive in the second half of 2018.

Sponsored post

Intel Xeon Server CPU

After formally announcing its next-generation Xeon CPU, code-named Cascade Lake, at Intel's Data-Centric Innovation Summit, the company confirmed a week later in August at the Hot Chips consortium that Cascade Lake would include hardware mitigations for the second variant of Spectre, the first variant of Meltdown and L1 Terminal Fault, AnandTech reported. The second variant of Spectre, however, will also require software updates.

Meanwhile, Variant 1 of Spectre will still require software updates for protection, Variant 3a of Meltdown will require a firmware update, and the fourth variant will require a mix of firmware and software updates for Cascade Lake, according to AnandTech.

Cascade Lake is expected to come out later this year.

Intel Core Client CPU

This week, Intel officially announced new eighth-generation Core mobile CPUs that are optimized for connectivity, high performance and long battery life. One of the new CPUs, the Whiskey Lake U-series, will come with some hardware mitigations while the Amber Lake Y-series will not, AnandTech reported.

Whiskey Lake will come with hardware mitigations for the first variant of Meltdown and L1 while Variant 2 of Spectre will require a mix of firmware and hardware updates. Like Cascade Lake, the other exploits will require firmware, software or both kinds of updates.

Laptops and 2 in 1s powered by Whiskey Lake will come out this fall.

An Intel spokesperson told CRN that future Core products will eventually come with hardware mitigations for Variant 2 of Spectre. The difference in mitigation capabilities is the result of the complexity of the vulnerabilities, the spokesperson added.

The Message For The Channel

Jason Kimrey, Intel's U.S. channel chief, expects the new hardware-level security features will be a selling point for upcoming CPUs, he told CRN in an interview at The Channel Company's XChange 2018 event last week. However, he wouldn't say whether he thought the new security features would create another refresh opportunity.

"The most important thing is for customers to stay current both with software and their hardware platforms," Kimrey said. "We're not going to slow down in terms of the way we come to market with those."

Kimrey said he has been trying to be as transparent as possible with channel partners about security disclosures, mitigations and related matters.

"I think the ones that have taken advantage of that, value that and told us how much they valued it," he said, pointing to the Intel Technology Partner program as a main source of information for partners.

Kent Tibbils, vice president of marketing at ASI, a Fremont, Calif.-based distributor, told CRN earlier this month that his company has heard from multiple channel partners who are curious about Intel's next-generation of processors that come with hardware-level security features. However, he said, they are more interested in release dates and feature sets for upcoming products.

"This does not mean they aren’t looking at security risks for their clients, it means they are comfortable with the level of communication and response from Intel and the industry in terms of how these issues have been addressed," he said in an email.