Engineering New Protections Into Hardware
Engineering New Protections Into Hardware
Overview
In 2018, the class of speculative execution side channel vulnerabilities, commonly referred to as Spectre and Meltdown, presented a unique challenge to Intel and the entire industry. Intel provided microcode updates (MCU) supporting nearly 10 years of Intel® products, which were coupled with updates from our partners to help protect against these vulnerabilities. We have also taken steps to integrate these protections into our hardware.
Side Channel Mitigation by Product CPU Model
The table below provides details on how the protections are integrated into Intel® products:
CPU Model and Stepping |
V1, Spectre |
V2, Spectre |
V3, Meltdown |
V3a |
V4 |
L1TF, Foreshadow |
MFBDS, RIDL |
MSBDS, Fallout |
MLPDS |
MDSUM |
|---|---|---|---|---|---|---|---|---|---|---|
Intel64 Family 6 Model 142 Stepping 11 |
Software |
MCU + Software |
Hardware |
MCU |
MCU + Software |
Hardware |
Hardware |
MCU+ Software |
MCU+ Software |
MCU+ Software |
Intel64 Family 6 Model 142 Stepping 12 |
Software |
Hardware + Software |
Hardware |
MCU |
Hardware + Software |
Hardware |
Hardware |
Hardware |
Hardware |
Hardware |
Intel64 Family 6 Model 158 Stepping 11 |
Software |
MCU + Software |
Software |
MCU |
MCU + Software |
MCU + Software |
MCU+ Software |
MCU+ Software |
MCU+ Software |
MCU+ Software |
Intel64 Family 6 Model 158 Stepping 12 |
Software |
MCU + Software |
Hardware |
MCU |
MCU + Software |
Hardware |
Hardware |
MCU+ Software |
MCU+ Software |
MCU+ Software |
| Intel64 Family 6 Model 158 Stepping 13 | Software | Hardware + Software | Hardware |
MCU | Hardware + Software | Hardware | Hardware |
Hardware |
Hardware |
Hardware |
2nd Generation Intel® Xeon® Processors (Formerly Cascade Lake) |
Software |
Hardware + Software |
Hardware |
Hardware |
Hardware + Software |
Hardware |
Hardware |
Hardware |
Hardware |
Hardware |
Alias(es) |
V1, Spectre |
V2, Spectre |
V3, Meltdown |
V3a |
V4 |
L1TF, Foreshadow |
MFBDS, RIDL |
MSBDS, Fallout |
MLPDS |
MDSUM |
|---|---|---|---|---|---|---|---|---|---|---|
Variant |
Bounds Check Bypass |
Branch Target Injection |
Rogue Data Cache Load |
Rogue System Register Read |
Speculative Store Bypass |
L1 Terminal Fault |
Microarchitectural Fill Buffer Data Sampling |
Microarchitectural Store Buffer Data Sampling |
Microarchitectural Load Port Data Sampling |
Microarchitectural Sampling Uncacheable Memory |
CVE(s) |
CVE-2017-5753 |
CVE-2017-5715 |
CVE-2017-5754 |
CVE-2018-3640 |
CVE-2018-3639 |
CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 |
CVE-2018-12130 |
CVE-2018-12126 |
CVE-2018-12127 |
CVE-2019-11091 |
Frequently Asked Questions
Q1. Are there any differences in the level of protection provided by software mitigated and hardware mitigated versions of these SKUs?
A: No. We expect that the level of protection equivalent whether you have microcode update (MCU) based or hardware-based mitigations in place. The hardware-based mitigations are part of our ongoing commitment to advance security at the silicon level.
Q2. Are there any differences in performance between software mitigated and hardware mitigated versions of these SKUs?
A: For application based workloads, representative of typical usage, such as SYSmark* 2014 SE, PCMark10, WebXPRT 2015, and 3DMark Skydiver Physics the data confirms that the performance between steppings is the same within the normal run to run variation. For some synthetic I/O workloads, we have observed a performance difference between steppings. These synthetic I/O workloads are not representative of mainstream usage.
Q3: How do I determine what I have and how side channel vulnerabilities are mitigated?
A: From the Microsoft Windows Command prompt run “wmic cpu get caption”. Use the result to cross reference the table below.
Q4. What does the “CPU Caption” tell me and how does it map to product SKU?
A: The product caption gives information of what product model and silicon stepping you have. You can see for example on Model 142, as we moved from Stepping 11 to Stepping 12 we integrated hardware mitigations for Variant 2 and L1TF. To determine which products models and stepping maps to what SKU, see the table below.
Product SKU Mapping to CPU Caption
CPU Model and Stepping |
SKU |
|---|---|
Intel64 Family 6 Model 142 Stepping 11 |
Intel® Core™ i7-8565U Processor |
Intel64 Family 6 Model 142 Stepping 12 |
Intel® Core™ i7-8665U Processor Intel® Core™ i7-8565U Processor Intel® Core™ i5-8365U Processor Intel® Core™ i5-8265U Processor Intel® Celeron® Processor 4305U Intel® Celeron® Processor 4205U |
Intel64 Family 6 Model 158 Stepping 11 |
Intel® Core™ i3-9350K Processor Intel® Core™ i3-9320 Processor Intel® Celeron® Processor G4950 |
Intel64 Family 6 Model 158 Stepping 10 |
Intel® Core™ i7-9750H Processor Intel® Core™ i5-9300H Processor Intel® Core™ i5-9600 Processor Intel® Core™ i5-9600T Processor Intel® Core™ i5-9500 Processor Intel® Core™ i5-9500T Processor Intel® Core™ i5-9400 Processor Intel® Core™ i5-9400T Processor Intel® Core™ i3-9100F Processor Intel® Pentium® Gold G5420 Processor Intel® Pentium® Gold G5420T Processor |
Intel64 Family 6 Model 158 Stepping 11 |
Intel® Core™ i3-9350K Processor |
Intel64 Family 6 Model 158 Stepping 12 |
Intel® Core™ i9-9900K Processor Intel® Core™ i9-9900KF Processor Intel® Core™ i5-9400 Processor |
Intel64 Family 6 Model 158 Stepping 13 |
Intel® Core™ i9-9900K Processor Intel® Core™ i9-9900KF Processor Intel® Core™ i9-9900 Processor Intel® Core™ i7-9700F Processor Intel® Core™ i9-9980HK Processor Intel® Core™ i9-9880H Processor Intel® Core™ i7-9850H Processor Intel® Core™ i7-9750H Processor Intel® Core™ i5-9400H Processor Intel® Core™ i5-9300H Processor |