Intel Will No Longer Issue Spectre Patch For Some Older Chips (Updated)
Updated, 4/4/2018, 7:00am PT: Added Intel's statement.
Intel hinted in a previous microcode update guidance that some older chip architectures going back about a decade, such as Penryn, Yorksfield, and Wolfdale, would receive updates to address the Spectre vulnerability. However, in a recent microcode revision guidance, the company changed its mind.
Old Chips Forgotten
Intel announced that Penryn (launched in 2007), Yorkfield (2007), Wolfdale (2007), Bloomfield (2008), Clarksfield (2009), Nehalem-based Jasper Forest (2010), and Intel Atom “SoFIA” (2015) will no longer receive the Spectre patches, as originally promised.
The company gave the following reasons for no longer providing the patches:
After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)Limited Commercially Available System Software supportBased on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
But What’s The Real Reason?
It’s no secret that patching Spectre variant 2 wasn’t easy, as we’ve seen both Intel and Microsoft first bungle and then disable patches for this flaw. However, the real reason Intel gave up on patching these systems seems to be that neither motherboard makers nor Microsoft may be willing to update systems sold a decade ago. That's likely what Intel means by “limited commercially available system software support.”
Even though Intel develops the microcode update for its own processors, the update can be delivered only through a BIOS or OS update. If neither motherboard manufacturers nor Microsoft are willing to deliver the patches, then there’s not much point for Intel to develop them.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
With the exception of the Intel Atom “SoFIA” chip, most of the others are indeed quite old chips, so this decision shouldn’t have too much of a negative impact on PC users and companies that bought Intel chips.
Intel later followed up to our inquiry, stating the following:
We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google Project Zero. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.
-
zdzichu What a <mod edit> reason. microcode_ctl can be invoked to update microcode during runtime, or the microcode can be appended to kernel to be updated first. Linux distributions routinely ship microcode updates, so hiding behing BIOS vendors or Microsoft is a load of irrelevant crap.Reply -
quallen you still have to get the microcode to the computer. and Linux is an OS, so the OS distributor is shipping updates, so where back to square one that the vole doesn't want to play.Reply -
10tacle So basically my ten year old Wolfdale E8400 retro gaming PC is going to be hung out to dry. Way to go Intel. The more I hear stories like this, the more my next build will be AMD.Reply -
10tacle ^^LOL not going to argue that. But making a promise and breaking it like Intel did is not cool. Not cool at all.Reply -
10tacle 20853769 said:I have only one word for you Intel.....kalamata.
Knowing how Apple loves to control things, that to me sounds like getting out of frying pan and jumping into the fire. -
ElectrO_90 My car was made prior to 2007, oh well, there is a huge design flaw... buy a new one - ain't my problem.Reply
Losing everything through a hack, can be like losing a limb in an accident. It will cripple you, and the people who made the product are and should be made responsible in making it safe.