After security researchers were able to exploit design flaws in modern processors that lay undetected for up to 20 years, Intel said it would redesign future chips to correct those flaws, and on Thursday it provided a little more information about how that will work.
Starting with the Cascade Lake version of its Xeon server processors later this year, Intel will incorporate “protective walls” in its hardware that prevent malicious hackers from using speculative execution techniques to steal private information from the secure part of the processor. These fixes will also ship with the PC version of the Cascade Lake chips, but the tech industry has been much more concerned about the effect of these design flaws on server processors running in data centers and cloud vendors.
The new fixes allow Intel to still benefit from the performance advantages of speculative execution — in which a processor guesses which upcoming instructions it will need to execute in order to speed things up — without the security risks. The hardware changes address Variants 2 and 3 of the Spectre and Meltdown issues first disclosed in early January, and software fixes should continue to address Variant 1, Intel said.
Intel, operating system vendors, and cloud computing companies rushed to implement software “mitigations” once Meltdown and Spectre were introduced, but in some cases those software fixes had a severe impact on system performance. The average PC user probably didn’t notice, but data center operators running certain types of applications sure did.
“This is not a singular event; it is a long-term commitment,” Intel CEO Brian Krzanich said in a blog post Thursday. While the Cascade Lake fixes address the Meltdown and Spectre exploits, security researchers and cloud companies are worried about undetected flaws exposed by side-channel attacks, another way to describe how security researchers discovered Meltdown and Spectre.