AMD released Spectre 2 mitigations on Patch Tuesday

by Mark Tyson on 11 April 2018, 11:11

Tags: AMD (NYSE:AMD)

Quick Link: HEXUS.net/qadslh

Add to My Vault: x

Yesterday AMD's CTO Mark Papermaster penned a security blog update describing Spectre mitigations delivered to Microsoft Windows users via Patch Tuesday downloads. The updates which started to roll out yesterday from Microsoft deliver code containing Google Project Zero (GPZ) Variant 2 (Spectre) mitigations at an operating system level. If you are a Linux user, AMD recommended mitigations for GPZ Variant 2 were made available earlier in 2018.

To make things clear, AMD reminds readers that it already delivered GPZ Variant 1 (Spectre) mitigations through operating system updates earlier this year. Furthermore, Papermaster re-stated the assertion that the GPZ Variant 3 (Meltdown) does not apply to AMD because of its processor design.

GPZ Variant 2 (Spectre) mitigations aren't as simple to deliver as those for Spectre 1, they need both OS patches and firmware (microcode) patches to be delivered and work in concert. In other words, yesterday's Windows 10 (version 1709) updates including the AMD supplied patches have to be partnered with updates from AMD hardware partners such as motherboard and systems makers.

On the topic of the scope of the microcode updates, Papermaster wrote that "our recommended mitigations addressing Variant 2 (Spectre) have been released to our customers and ecosystem partners for AMD processors dating back to the first 'Bulldozer' core products introduced in 2011". While that may be the case, we would expect modern Ryzen era motherboards / systems to get microcode updates first with some older boards and systems likely to be neglected. That is the way this business works, as borne out by the experience people have had with the distribution of Intel Spectre 2 fixing BIOS updates.



HEXUS Forums :: 14 Comments

Login with Forum Account

Don't have an account? Register today!
Would be nice if they had given an actual version number to look for. Mine seems to be from mid December still:

$ rpm -q -f /usr/lib/firmware/amd-ucode/microcode_amd_fam15h.bin
linux-firmware-20171215-82.git2451bb22.fc27.noarch
$ cat /proc/cpuinfo | grep “microcode” | uniq
microcode : 0x600084f

Last BIOS from ASUS was 2015, so I won't hold my breath for them to release an update.
One for the true nerds out there….

… given the performance impact of these patches (Anandtech did an analysis and the hit to NVMe drive performance is horrific) I personally think informed users should be allowed to decide on whether the patches are installed. Is there any way to prevent their installation on a Windows 10 system or to remove them and stop them coming back?
philehidiot
One for the true nerds out there….

… given the performance impact of these patches (Anandtech did an analysis and the hit to NVMe drive performance is horrific) I personally think informed users should be allowed to decide on whether the patches are installed. Is there any way to prevent their installation on a Windows 10 system or to remove them and stop them coming back?
Do you have a link we can check out those horrific performance?
philehidiot
One for the true nerds out there….

… given the performance impact of these patches (Anandtech did an analysis and the hit to NVMe drive performance is horrific) I personally think informed users should be allowed to decide on whether the patches are installed. Is there any way to prevent their installation on a Windows 10 system or to remove them and stop them coming back?

You could try: https://www.grc.com/inspectre.htm
philehidiot
One for the true nerds out there….

… given the performance impact of these patches (Anandtech did an analysis and the hit to NVMe drive performance is horrific) I personally think informed users should be allowed to decide on whether the patches are installed. Is there any way to prevent their installation on a Windows 10 system or to remove them and stop them coming back?

Are you sure the performance issue impacts spectre patches for AMD and not just meltdown patches for intel? The media has been pretty poor at explaining that distinction, much to intel's delight I'm sure. Everything I've seen so far indicates no performance loss for spectre patches on any platform, that could have changed of course.