Meltdown & Spectre potpourri

[RedFox 1]

Watch this. This is a friend of mine, he is a Computer Modder.

 

[George++]

@RedFox 1, I like how your friend doesn't get into the technical issue of the problem(s), and simply gives an average person a decent over-view of what is the result. More people will bother doing what is needed to fix the problem with their PCs instead of having their eyes glaze over from a lot of high-tech gobbledy-gook, "look how smart I am" jargon.

 

[DrinkLyeAndDie]

Fudzilla: Intel releases its post Meltdown and Spectre performance figures

[...]

What Intel is not saying is that those figures are a lot higher than it expected to see for the newer chips. However the newer chips should hardly have been affected. On Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre "mitigation".

Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.

Older chips which lack Skylake improvements will be gutted by the patches. We were expecting to see drops of 30 percent and yet Intel has failed to mention these older chips in its announcement. This figure is more important than the post-Skylake chips because there will be a lot more older Intel chips out there. Intel has promised to release figures for chips that are up to five years old which should cover the bulk of these older chips, but five years is no longer a long time in computing terms. There are a lot of PCs out there which are older than five years old.

[...]

 

[George++]

@DrinkLyeAndDie, I don't use the latest and greatest CPU chips, Intel or AMD, I simply can't afford it. I fully expect the impact to be major for CPU intensive apps, no matter what. The security hole is just that deep, needing lots of fill dirt to plug.

 

[RedFox 1]

@DrinkLyeAndDie, I don't use the latest and greatest CPU chips, Intel or AMD, I simply can't afford it. I fully expect the impact to be major for CPU intensive apps, no matter what. The security hole is just that deep, needing lots of fill dirt to plug.

If what Jay is saying is true, they have known about this for a very long time. It goes all the way back to the Intel® Core™2 Quad Q6600. Its totally unreal to me that this has not been fixed yet.

 

[gereral1]

I'm building a new PC soon and glad Microsoft backed out AMD update as it destroyed my AMD x4 965 black edition processor and the sata drives. I thought my hard drive failed..... This PC is still fast and I can edit 4 k on it. The chip companies still hover around the same Hz clock speed. The only things that have changed is the power structure (chip size) transistors. More threads and multi cpus on one dye and larger cash. But it's mostly GPU these days so CPU I'm most everyday uses you can use a 10 year old CPU. Honestly I can capture and record 7.1 at the same time without a hiccup. I cannot play 4k but my rx470 handles encoding and playback in HDR perfect. Handles YouTube 4k and games. I know an upgrade will be nice. My first computer was a Pentium 2 lol..... Still torn between AMD or Intel. Thread ripper looks like overkill.

 

[gereral1]

My point is this update destroys older cpus!

 

[DrinkLyeAndDie]

ZDNet: Linux vs Meltdown: Ubuntu gets second update after first one fails to boot

Things are going to be rocky for awhile.

 

[Ch3vr0n]

Well the patch certainly has it's impact on cloneBD even with hw acc and output to my SSD.

"Encoder" output used to stay at 0% at all times like it should, post patch it fluctuates up to 5% so far
CPU use CloneBD used to be at 5% tops, now it's like 30-35%

 

[Ch3vr0n]

Asus releases bios updates for Spectre and meltdown: https://www.asus.com/News/V5urzYAT6myCC1o2

Sent from my Nexus 6P with Tapatalk

 

[DrinkLyeAndDie]

And yet another issues with Intel CPUs. This time it's the AMT (Active Management Technology). There's been talk about this for a few days. I just had gotten around to posting.

Fudzilla: Intel has more firmware problems

[...]

The flaw has been part of Intel chips for at least ten years and is due to weak security in Intel's Active Management Technology (AMT) firmware - remote "out of band" device management technology.

The latest vulnerability - discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post - is one of those bugs which is supposed to be a feature.

But it means that notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer - even bypassing
BIOS passwords, Trusted Platform Module personal identification numbers, and BitLocker disk encryption passwords - by rebooting the computer, entering its BIOS boot menu, and selecting the configuration for Intel's Management Engine BIOS Extension (MEBx).

[...]

With these recent discoveries and revelations I expect to see much more focus on CPUs, in general, and looking for flaws such as these. The recent events could just be the tip of the iceberg.

 

[DrinkLyeAndDie]

Steve Gibson from GRC (Gibson Research Corporation) has released InSpectre. InSpectre is a nice tiny standalone tool for checking your system vulnerability status to Meltdown & Spectre.

“InSpectre” is an easy to use & understand utility designed to clarify
the many overlapping and confusing aspects of any Windows
system's ability to prevent the Meltdown and Spectre attacks.

The tool basically shows if you are vulnerable or not. As with all programs that Gibson has released over the years it's a super tiny, portable, no-installation executable.

Download page: InSpectre (https://www.grc.com/inspectre.htm)

 

[RedFox 1]

I am vulnerable to Spectre, what to do?

 

[Ch3vr0n]

read the details more down Patch the BIOS with the firmware i linked earlier (3703 available for download on the motherboard download page), should fix that right up. Havent done that myself, so can't be fully sure. I don't like doing such "risky" things during the week. I prefer the weekend so i have some time IF things were to go wrong.

 

[RedFox 1]

read the details more down Patch the BIOS with the firmware i linked earlier (3703 available for download on the motherboard download page), should fix that right up. Havent done that myself, so can't be fully sure. I don't like doing such "risky" things during the week. I prefer the weekend so i have some time IF things were to go wrong.

That fixed it. Thanks Ch3vr0n. I guess it was my Samsung m.2 NVMe 1TB SSD

 

[DrinkLyeAndDie]

I guess it was my Samsung m.2 NVMe 1TB SSD

The fix was the CPU microcode update.

I'm not entirely sure what was fixed for M.2 devices. For all intents and purposes ASUS doesn't seem to be in any rush to push BIOS updates when they don't have to but since they did have to in this case it appears they did a nice little roll-up of fixes and those that were in the works for awhile. For the M8E they finally got around to pushing the Intel ME update which most ASUS Z170 boards had already received. They updated all the BIOSes across all the boards so that they contain all the relevant fixes. Big picture, it's probably not a bad thing.

Note: Obviously, the less BIOS updates the better. No one likes doing it. It's a pain and there's always an inherent risk when updating. ASUS shouldn't be popping out updates all the time but they do seem to drag their feet at times.

 

[DrinkLyeAndDie]

Tom's Hardware: Patch-Induced Reboot Errors Impact Kaby Lake, Skylake, Ivy And Sandy Bridge, Too

Intel released a new update on the state of the Meltdown and Spectre patches to reveal that the reboot errors it previously disclosed, which plague Broadwell and Haswell systems, also impact Kaby Lake, Skylake, Ivy Bridge, and Sandy Bridge processors.

[...]

The buggy firmware updates were distributed to motherboard manufacturers as part of a BIOS update. Vendors such as MSI, ASUS, and Gigabyte have issued press releases announcing the new BIOS revisions this week, but for now, it might not be wise to update to those versions. Users who haven't installed the latest BIOS are not affected, and Intel says that new patches will enter the validation phase early next week.

[...]

 

[DrinkLyeAndDie]

PC World: Spectre CPU patches can cause unwanted reboots, Intel warns

Engadget: Intel admits Spectre patch problems also affect newer Core chips

 

[DrinkLyeAndDie]

The Register: 'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature

[...]

Intel's fix for Spectre variant 2 – the branch target injection design flaw affecting most of its processor chips – is not to fix it.

Rather than preventing abuse of processor branch prediction by disabling the capability and incurring a performance hit, Chipzilla's future chips – at least for a few years until microarchitecture changes can be implemented – will ship vulnerable by default but will include a protection flag that can be set by software.

Intel explained its approach in its technical note about Spectre mitigation, titled Speculative Execution Side Channel Mitigations. Instead of treating Spectre as a bug, the chip maker is offering Spectre protection as a feature.

The decision to address the flaw with an opt-in flag rather than activating defenses by default has left Linux kernel steward Linus Torvalds apoplectic.

[...]

 

[DrinkLyeAndDie]

Fudzilla: Intel's patch is garbage