Video: AMD and Microsoft join forces to block Spectre attacks.
Intel’s upcoming microcode updates to address the just-revealed Spectre variant 4 attack are likely to put a significant drain on CPU performance.
Intel has anticipated questions about performance this time around by confirming upfront that its combined software and firmware microcode updates to mitigate Spectre variant 4 will cause a performance impact of up to eight percent.
“If enabled, we’ve observed a performance impact of approximately two to eight percent based on overall scores for benchmarks like SYSmark® 2014 SE and SPEC integer rate on client and server test systems,” wrote Intel executive vice president Leslie Culbertson.
Intel calls the Spectre attack a Speculative Store Bypass and calls its mitigation Speculative Store Bypass Disable (SSBD), which is delivered as a microcode update to operating system vendors, equipment manufacturers, and other ecosystem partners.
Intel in January was less forthcoming in its communications about the performance impact caused by its mitigations for Spectre variant 2, only saying it would vary depending on the workload. However, Google found the impact to be significant and developed its own Retpoline software alternative.
Intel’s current benchmarking to test the impact of SSBD was run on unspecified Intel reference hardware and an 8th Generation Intel Core desktop microprocessor.
The performance impact is four percent in the SYSmark 2014 SE overall score, two percent under the SPECint_rate_base2006 (n copy) total score, and eight percent in the SPECint_rate_base2006 (1 copy) total score.
The impact on a Skylake architecture Xeon processor is similar under these benchmarks.
But unlike Intel’s updates for variant 2, the updates for Spectre variant 4, which is rated as a ‘moderate’-severity issue and closely related to Spectre variant 1, will be optional and will by-default set to off. In this state, there is no impact on performance.
“We’ve already delivered the microcode update for variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks,” wrote Culbertson.
“This mitigation will be set to off by default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact.”
As Intel notes in its advisory, “SSBD provides additional protection by providing a means for system software to completely inhibit a Speculative Store Bypass from occurring if desired.”
In other words, if consumers and OEMs want their hardware to be extra secure they can choose that option at the expense of performance.
Intel also notes that already-released browser mitigations against Spectre variant 1 do help mitigate variant 4. AMD similarly recommends leaving SSBD disabled.
Previous and related coverage
Reports are emerging of eight new ‘Spectre-class’ security CPU vulnerabilities.
A new variant of Spectre can expose the contents of memory that normally can’t be accessed by the OS kernel.
Microsoft releases new Windows updates to address the Spectre variant 2 flaw affecting Intel chips.
AMD has released microcode updates for Spectre variant 2 that require Microsoft’s latest Windows 10 patch.
A handful of CPU families that Intel was due to patch will now forever remain vulnerable.
Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.
Since the beginning of 2018, the number of cases has risen from three to 32.