Intel Clears Up Microcode Licensing Controversy - Simpler License, Allows Benchmarking
https://www.phoronix.com/scan.php?page=news_item&px=Intel-Microcode-License-Fixed
On phoronix too.
-
Competitor rules
Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.
Intel Clears Up Microcode Licensing Controversy - Simpler License, Allows Benchmarking
https://www.phoronix.com/scan.php?page=news_item&px=Intel-Microcode-License-Fixed
On phoronix too.
Soldato
- Joined
- 31 May 2009
- Posts
- 21,456
Aye so they got caught and ran away blaming it on legal.
Even though legal would be acting on specific instructions.
So now we await a few benchmarks of before and after application of all patches in various uses, including sql.
Even though legal would be acting on specific instructions.
So now we await a few benchmarks of before and after application of all patches in various uses, including sql.
Soldato
- Joined
- 31 May 2009
- Posts
- 21,456
@CAT-THE-FIFTH @humbug
No wonder they do not want the benchmarks
https://www.phoronix.com/scan.php?page=article&item=l1tf-early-look&num=2
And for FULL Protection you must disable Hyperthreading on the Intel CPUs also
Now that i7 8c/8t makes sense
Is this real?
For full protection you have to disable hyperthreading?
On all intel chips?
No reason to disable it as an average desktop user/gamer as there is no remote vulnerability and if an attacker has got that far then you have much worse problems.
If you are running VMs that other people can log into or you might be sandboxing potentially malicious code in or other use where a 3rd party can execute code remotely all bets are off.
Soldato
- Joined
- 31 May 2009
- Posts
- 21,456
Ok. So any xeon in a business setting for security reasons where folks log in, and basically everything has been moved to virtual machines, these all should have hyperthreading turned off?
Am i missing something or is that not an absolutely massive performance kick in the balls for anyone running such a setup?
Am i missing something or is that not an absolutely massive performance kick in the balls for anyone running such a setup?
Depending on BIOS it is usually there with the turbo boost settings, usually 2-3 options down from where you can set multipliers for number of active cores.
I think every board I've had has had the option to disable Hyperthreading, even back in the pre-UEFI days. Same goes for SMT on Ryzen. It can occasionally be slightly unclear by being labelled as just "HT" or something. If it's not immediately apparent, it's probably tucked away in some sort of "CPU features" or "CPU configuration" submenu.
Soldato
Is a massive performance hit, if a company needs maximum security, or your desktop PC.
https://access.redhat.com/security/vulnerabilities/L1TF-perf
The fact that all the 9th generation Core chips except the new i9s lack HyperThreading makes so much sense when you understand these ongoing security issues. I'm surprised AMD's SMT hasn't had flaws revealed yet (especially ones that require microcode updates or software workarounds that hamper performance).
Spectre affected several ranges of CPU's, including AMD but it's difficult to exploit and most of the issues are Intel only issues like Meltdown and the L1 cache attack that are much more severe.
So far AMD claims their CPU's aren't affected by the 3 variants of Foreshadow so SMT is safe to use.
https://www.amd.com/en/corporate/security-updates
So far AMD claims their CPU's aren't affected by the 3 variants of Foreshadow so SMT is safe to use.
https://www.amd.com/en/corporate/security-updates
I wonder if we'll eventually get to the stage where microcode updates can be installed into BIOSs from the OS regardless of motherboard manufacturer? AMD and Intel could make their motherboard partners implement a common API that allows microcode updates to be injected into BIOS images easily and regularly, like OS patches are applied. The situation now is any microcode security updates require a long turn around time and, in many cases, older systems are simply forgotten.
It'd be similar to how Google introduced separate monthly security patches to Android because partners (*cough* Samsung) were taking 12+ months to release updates, leaving many devices vulnerable to exploits.
It'd be similar to how Google introduced separate monthly security patches to Android because partners (*cough* Samsung) were taking 12+ months to release updates, leaving many devices vulnerable to exploits.
Exactly, AMD just do things in a fundamentally more secure way. It annoys me how some, like Steve Gibson from Security Now, refuse to acknowledge this and draw an equivalence between Intel and AMD in this matter. When asked whether someone should buy AMD instead, he said that he's always bought Intel and will always buy Intel. He also said the information on whether AMD is vulnerable is provided by AMD themselves implying it's not trustworthy for this reason, this is a lie by omission as the researchers have not been able to contradict AMD's claims.
He also claimed that AMD lied about Spectre by saying they weren't vulnerable. This is not true, they said they were vulnerable to Spectre variant 1 from the beginning and they had a near zero risk to Spectre variant 2. This is not the same as a zero risk, contrary to Mr Gibson's claims. AMD released an optional microcode to bring this risk down to zero, this is not equivalent to Intel who have a high risk from variant 2.
AMD is not vulnerable to Meltdown or Foreshadow as they have protections for paging operations in hardware and they check things that Intel don't bother to check for performance reasons. This is fundamentally a more secure design.
Last edited:
Caporegime
A lot of people are heavily invested in Intel, AMD are a massive inconvenience to these people.
Indeed, it's amazing how some highly intelligent people will simply repeat the propaganda rather than look into it in detail, particularly on a security podcast where things are gone into in great detail and the focus is supposed to be on security.
Soldato
And everyone forgot that there is also Ryzen Pro CPUs with full fat security also.
When you have 99% of the market like Intel does for datacenter, there's a lot more interest in finding vulnerabilities for their architectures than the others which are ~1%.
This is good since it pushes some more security focused companies to avoid Intel and give others a chance, but once AMD & ARM server chips start gaining more market share all bets are off on which chips are more "secure".
This is good since it pushes some more security focused companies to avoid Intel and give others a chance, but once AMD & ARM server chips start gaining more market share all bets are off on which chips are more "secure".
This is speculation. AMD and ARM were also examined, Intel are vulnerable to all the security issues so far whereas AMD are the least vulnerable of that group. Yes, we are talking about a specific set of vulnerabilities, but from the technical data AMD obviously thought more about security when designing their chip.