Announcement

Collapse
No announcement yet.

The Ongoing CPU Security Mitigation Impact On The Core i9 10900K Comet Lake

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Pranos View Post
    The Intel CPUs are based on the old i/C2D architecture and are only new generations. I dont think they will ever fix them in hardware... to be real, why should they? If they have already fixed it in Software?
    "Fixed" is a term which needs to be used with care. Basically the fixes are no more than things to have a "reduced risk". It's probable that known attack patterns can be adjusted slightly and all current mitigations go to hell. If you really want to put an end to all that stuff you'll need to produce fixed silicon with some major changes to it's old and broken architecture or you'll need to accept to drop your performance to like 10% losing 90% to do a real mitigation in software.

    Comment


    • #12
      Originally posted by Pranos View Post
      The Intel CPUs are based on the old i/C2D architecture and are only new generations. I dont think they will ever fix them in hardware... to be real, why should they? If they have already fixed it in Software?
      Because the software mitigations are like using gallons of chlorine gas over a few sprays of bug killer to handle a wasp nest.

      Moreover, some of the software fixes can produce a loss of performance on platforms not effected by the exploit like when Intel released a (IIRC) Spectre fix for the kernel that was basically an all-or-nothing fix (meaning that it would effect every processor when on or none when off and not just things actually effected by Spectre). The IIRC is because that may have been for Meltdown....been quite a few of these lately (mitigations and fixes) and they're hard to keep track of if you're not a security nerd.

      Comment


      • #13
        This CPU is affected by LVI and the results are meaningless without LVI mitigation.

        https://wccftech.com/intel-chips-vul...w-lvi-attacks/

        The true Intel performance is sometimes only 7%. Nobody sane would use such insecure CPU in the server without full mitigations.

        Comment


        • #14
          Originally posted by ezst036 View Post
          When will Intel have this fixed in the hardware?
          It takes years from when they are first found to have them changed. You have to do new layout, then simulations, initial fab and characterization of the part, then various stages of qual before it can hit manufacturing. When it does his large scale manufacturing there is still a time of sorting out the recipe both in the front end and back end.

          People don't realize that these things can't change quickly, thing of it like stopping a train and making it go the opposite direction. It takes time.

          Comment


          • #15
            Originally posted by ezst036 View Post
            When will Intel have this fixed in the hardware?
            Spectre-class vulnerabilities will not be solved in hardware ever unless you wanna throw OoOE out of the window.

            Comment


            • #16
              In Intel language the original design was a feature not a bug. In practice, you avoid the bug(s) by either removing the feature(s) or adding extra cycles to check/flush data structures. All new benchmarks should have the updated microcode/firmware/OS whatever to mitigate. We assume everyone, including Intel, now do the same.

              Comment

              Working...
              X