Video: Intel says it can’t protect all chips vulnerable to Meltdown and Spectre.
Chip maker AMD has released new microcode updates to mitigate the Spectre variant 2 side-channel attack, which Microsoft has supported with a Windows 10 patch for AMD systems.
AMD’s latest microcode update coincided with Microsoft’s April Patch Tuesday fixes and comes just weeks after Intel wrapped up its Spectre 2 mitigations for all CPU families released over the past nine years.
AMD’s chief mitigation for its chips on Windows affected by variant 2 CPU indirect branch target injections is called ‘indirect branch prediction barrier‘, or IBPB, which is only intended for cases when software switches from one user context to a context that should be protected.
AMD’s whitepaper on the Meltdown and Spectre attacks advises against two other Spectre variant 2 mitigations for Windows and Linux on AMD known as Indirect Branch Restricted Speculation (IBRS) and Single Thread Indirect Branch Predictor (STIBP). It’s also recommending Google’s Retpoline combined with IBPB for Linux.
This context switching restriction is why Windows 10 users are being urged to install Microsoft’s latest Windows 10 update KB4093112, which contains a supporting update for Windows 10 that limits ARM’s IBPB to when software switches from user context to kernel context.
“Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows,” wrote Mark Papermaster, AMD’s CTO.
Microsoft is planning to release a similar update for AMD’s fix on Windows 2016 following final validation and testing, according to Papermaster.
AMD said it has already released microcode updates to its customers and partners for all chips dating back to the first Bulldozer core products released in 2011.
These updates will be released as BIOS updates from PC and server makers and motherboard providers.
Papermaster in January announced “optional microcode updates” for Ryzen and Epyx processors and flagged further microcode updates for older chips in coming weeks.
AMD at the time said its chips weren’t affected by Meltdown, while Spectre version 1 attacks would be mitigated by OS updates.
Microsoft released new Windows 10 updates for AMD processors in February after an earlier update stopped AMD systems from booting.
AMD has yet to release patches for the Ryzenfall, Masterkey, Fallout, and Chimera bugs revealed in March.
Previous and related coverage
A handful of CPU families that Intel was due to patch will now forever remain vulnerable.
Windows 7 Meltdown patch opens worse vulnerability: Install March updates now Microsoft’s Meltdown fix opened a gaping hole in Windows 7 security, warns researcher.
Use HP, Lenovo or Dell? Get ready for new updates to guard against Spectre Intel’s fixed microcode updates to mitigate the Spectre attack have now reached Sandy Bridge and Ivy Bridge chips.
New Spectre attack variant can pry secrets from Intel’s SGX protected enclaves Sensitive data protected by Intel’s Software Guard Extensions could be open to a new side-channel attack.
Intel’s Spectre fix for Broadwell and Haswell chips has finally landed Chips that sparked Intel’s recall of microcode for Spectre Variant 2 attack now have stable fixes.
Intel’s new Spectre fix: Skylake, Kaby Lake, Coffee Lake chips get stable microcode Intel makes progress on reissuing stable microcode updates against the Spectre attack.
Linux Meltdown patch: ‘Up to 800 percent CPU overhead’, Netflix tests show The performance impact of Meltdown patches makes it essential to move systems to Linux 4.14.
Roughly a week after the update was released, many machines still lack the fix for the critical CPU vulnerabilities.
Our devices may never truly be secure, says the CEO of the company that designs the heart of most mobile chips.