alswart - stock.adobe.com
Intel has admitted the patch it released to protect its processors from Meltdown and Spectre is flawed and will cause PCs and servers to lock up.
In a blog post, Navin Shenoy, executive vice-president and general manager of the datacentre group at Intel Corporation, wrote: “We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behaviour.”
After taking advice from Intel, HPE has removed patches covering 25 read-only memory firmware updates, which affects many of its Intel-based servers.
As Computer Weekly has previously reported, some industrial control systems have already been adversely affected by the patch.
Given the nature of non-disclosure agreements in the security research community, the existence of the Meltdown and Spectre vulnerabilities has been known for months, giving ample time for a robust patch to be developed and tested.
Intel released a patch just a few days after Google’s Project Zero published details of the microprocessor flaw at the start of January 2018. But just a few days after it became generally available to hardware manufacturers and operating system providers, there were reports that the patch was broken.
According to industry reports, Intel has proposed a fix for Spectre that appears to shift responsibility to system software providers to ensure the processor is secure against Spectre. The new processors will be vulnerable, by default, according to a rant from Linux inventor, Linus Torvalds, on the Linux Kernel Mailing List archive.
Intel has a number of contributors on this mailing list, which tends to be used by experts developing low-level software and operating system code. From the conversations on the Linux Kernel Mailing List archive, it seems Intel’s proposed workaround for fixing Spectre in future processors is to ship new processors with the Spectre fix feature disabled. System software will then be able to turn on the protection. The processors will effectively ship with the ability to protect against Spectre disabled.
System software that runs when computers or servers start up will need to check a particular processor setting, dubbed “IBRS_ALL”, which effectively tells the system that the processor has a fix for the Spectre instruction branch speculation flaw.
“The patches are complete and utter garbage. They do literally insane things. They do things that do not make sense,” wrote Torvalds.
In the post, Torvalds said Intel’s patch was only acceptable if it was limited to the current line of processors. Future processor designs would be engineered to be secure against Spectre, so the patch could eventually be phased out. But this does not appear to be Intel’s intention, according to Torvalds: “The part I think is odd is the IBRS_ALL feature, where a future CPU will advertise ‘I am able to be not broken’ and then you have to set the IBRS bit once at boot time to *ask* it not to be broken. That part is weird.”