Intel admits chip security has a long way to go

A year on from the discovery of the Spectre and Meltdown processor flaws, Intel has admitted its work on security has only just begun.

In a web post, Leslie Culbertson, an executive vice-president and general manager of product assurance at Intel, wrote: “While I’m pleased with the progress we’ve made, our work is just beginning. So, as we look to 2019, two things are certain. First, security will continue to be an area where vigilance is required. Second – and just as important – we at Intel will continue to drive security innovation across our product portfolio to better protect customers and help drive the industry forward to make all our products more secure.”

The new class of security vulnerabilities that includes Spectre and Meltdown presents a challenge for the entire industry.

Following revelations of the chip flaws, Culbertson said Intel had made a commitment to build in advanced security at the silicon level to help protect against side channel exploits like Spectre and Meltdown.

“On the client side, we started introducing this with our 8th Generation Intel Core U-series processor (Whiskey Lake) in August, followed by our 9th Gen Intel Core desktop processor (Coffee Lake) in October,” she said.

According to Culbertson, Intel has aligned its microcode update process with scheduled software updates used across the industry.

“In June 2018, we made our MCUs [microcode updates] OS-loadable, making the update for Spectre V2 possible via Windows Update. Moving forward, we intend to enable delivery of MCUs through this automated process when possible,” she said.

As Computer Weekly has previously reported, the microcode updates issued by PC manufacturers, and the operating system and hypervisor software patches for Spectre and Meltdown, can have a detrimental effect on performance. For instance, in November 2018, technology website Phoronix reported that benchmarks on the latest Linux 4.2.0 kernel ran significantly slower on systems patched against Spectre V2.

Only the company’s Xeon Scalable processor (Cascade Lake) has hardware-based protections for Spectre V2, which reportedly get around the performance hit experienced in some systems using older generations of Intel processor that need to be patched with microcode and operating system updates.