Intel Circles Back on Meltdown and Spectre Initial Fixes Pushed

3
Intel Xeon Silver 4114 Chip
Intel Xeon Silver 4114 Chip

Today Intel published an update on their Meltdown and Spectre efforts. Unless you have been out of the IT scene for some time, you have probably seen a string of announcements since January 2018 on Meltdown and Spectre. The big disclosure is that as of today it has released microcode patches for Sandy Bridge and newer architectures. Previous fixes, especially for Haswell and Broadwell (Intel Xeon E5-2600 V3/ V4) servers created reboot issues.

The reason that this is a major milestone in the effort is that this covers the majority of the servers and (and desktops) in the field today. There is still work being done on Westmere and earlier architectures, but the thought is that the number of Westmere and older architectures running untrusted code is relatively low. As a result, Intel prioritized the fixes to what it sees as the most widely deployed, especially by its cloud customers that are clamoring for the fixes.

Intel Completes Initial Meltdown and Spectre Patching

We were briefed earlier this week on some of the performance penalties Intel is seeing. Although we were asked not to share the details, the general numbers fell in-line with what we have been seeing. The hardest hit areas are workloads like fio random 4K testing which is a well-known case that borders on worst-case for the patch mitigation performance impacts.

Some of the key highlights from today’s announcement:

  • Intel has now released microcode updates for all products launched in the past five years that require protection against the side-channel method vulnerabilities discovered by Google.
  • Intel says that Variant 1 vulnerabilities will continue to be addressed via software mitigations.
  • Intel will be introducing changes at the hardware level on next-generation platforms (Cascade Lake) addressing the Variant 2 and Meltdown. Specifically, Intel will be redesigning parts of the processor to introduce new levels of protection through partitioning that will protect against both these vulnerabilities. The redesign will start to emerge with Cascade Lake, the successor to Skylake that is the current Xeon Scalable architecture. It will also happen as part of the 8th generation core processors expected in the second half of 2018.

Unexpected Consequence

Something that we have heard in the industry is that this has been great for some server manufacturers for a reason tangential to the issue. Those customers with large server farms need methods to flash BIOS on many servers at once remotely. When we highlighted management as a high point in our Dell EMC PowerEdge R640 review, a great case for Dell EMC’s OpenManage Essentials is exactly this use case. One can use those vendor tools to manage fleets of BIOS upgrades.

What About a Next-Gen Intel Xeon E3-1200 V6 Successor?

Since the Intel Xeon E3-1200 V6 line came out about a year ago and is still using the E3 nomenclature, we probed on the topic of a replacement line in the context of these updates. We asked Intel about if this applies to a “Xeon E3” successor. As expected we received a “:)” and note essentially saying you have been doing this long enough that you should know we do not comment on upcoming product announcements, but there is a bit more time before we will talk about that. Fair enough, but we tried.

It is reasonable to think that since Intel has essentially released ~6 generations (some generations saw few SKUs available) of Xeon E3 parts, and the Xeon 3300 series before that, that Intel will continue releasing products in the same market that it has done so in for over a decade. These parts typically trail their consumer part introduction by a few months.

Final Words

There is still much work to be done, but the initial patches are out. We have also been told that the work of impact mitigation is still ongoing, especially on the performance side. The fact that next-generation products due later this year will include fixes is great guidance to hear.

3 COMMENTS

  1. I read like 10 articles on this. Nobody else is talking about how great iLO and others are for managing this patch process. It requires a full reboot too since it’s a BIOS update.

  2. Yeah what vendors really should be doing is making patching possible from Linux or ditch their proprietary BIOS and build on Coreboot. I had hopes that Open Compute puts some pressure on vendors, but especially BIOS flashing is still dreadful.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.