Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake

  News, Security
image_pdfimage_print
Enlarge / Intel Core i9 X-series Skylake X.

Intel reports that it has developed a stable microcode update to address the Spectre flaw for its Skylake, Kaby Lake, and Coffee Lake processors in all their various variants.

The microcode updates help address Spectre variant 2 attacks. Spectre variant 2 attacks work by persuading a processor’s branch predictor to make a specific bad prediction about which code will be executed. This bad prediction can then be used to infer the value of data stored in memory, which, in turn, gives an attacker information that they shouldn’t otherwise have. The microcode update is designed to give operating systems greater control over the branch predictor, enabling them to prevent one process from influencing the predictions made in another process.

Intel’s first microcode update, developed late last year, was included in system firmware updates for machines with Broadwell, Haswell, Skylake, Kaby Lake, and Coffee Lake processors. But users subsequently discovered that the update was causing systems to crash and reboot. Initially, only Broadwell and Haswell systems were confirmed to be affected, but further examination determined that Skylake, Kaby Lake, and Coffee Lake systems were rebooting, too.

A new microcode for mainstream Skylake processors was released earlier this month. The latest microcode covers both Skylake variants, such as Skylake X (used in the newest Core X and Xeon-W processors), Skylake D (used in the latest Xeon D chips) and Skylake SP (used in Xeon Scalable Processor), and the post-Skylake mainstream chips, branded as 7th and 8th generation Core, and codenamed Kaby Lake and Coffee Lake.

Older processors using the Broadwell and Haswell cores still do not have a fixed microcode update available. Intel claims that microcode fixes for Sandy Bridge, Ivy Bridge, Broadwell, and Haswell processors are in beta. This means that Intel has distributed a microcode update to hardware vendors for testing, protected under NDA. A handful of older chips are described as having their microcode updates in “pre-beta,” meaning that Intel is performing internal validation of the fix prior to the “beta” stage external testing.

In general, PC users will have to wait for their system or motherboard vendor to provide an updated firmware that contains the microcode.

https://arstechnica.com/?p=1263653