Whiskey Lake CPUs have hardware protection against Meltdown and L1TF

Intel this week announced its Amber Lake and Whiskey Lake processors, the latter of which includes hardware protection for Meltdown and L1TF. The chip maker confirms this. There is no hardware protection in Amber Lake CPUs.

Intel confirmed the hardware changes to Tom’s Hardware. It states that full protection is in place against Meltdown and L1TF or Foreshadow, vulnerabilities found in Intel processors over the course of this year. The first allows to read kernel memory from userspace and the second has access to the CPU’s L1 cache, which contains data from SGX enclaves, for example. So far, software mitigations have already been made available for this, but now also in the hardware itself. These should have less negative impact on the performance of a system.

However, that does not mean that all the vulnerabilities that Intel identifies with side-channel methods have been addressed in Whiskey Lake, as can be seen from the table below. For example, for Specter and related variants, only patches via microcode and the operating system are available. Intel further tells Tom’s Hardware that the hardware changes are only present in Whiskey Lake, but not in Amber Lake. The chipmaker announced laptop chips within these generations this week.

The Core i3-8145U, i5-8265U and i7-8565U are the first consumer processors to have some form of hardware protection against the Meltdown and L1TF vulnerabilities. They are not the only chips that Intel has provided with hardware adjustments. For example, two weeks ago it was announced that Intel is also introducing hardware protection in the upcoming Xeon CPUs of the Cascade Lake generation. However, the safeguards in Cascade Lake and Whiskey Lake do not target the same vulnerabilities. Intel says it plans to expand hardware customizations over time.

Vulnerability variants Whiskey Lake Cascade Lake
Variant 1 / Bounds Check Bypass OS OS and VMM
Variant 2 / Branch Target Injection Firmware and OS Hardware + OS and VMM
Variant 3 / Rogue Data Cache Load (Meltdown) Hardware Hardware
Variant 3a / Rogue System Register Read Firmware and OS Firmware
Variant 4 / Speculative Store Bypass Firmware and OS Firmware + OS and VMM
Variant 5 / L1 Terminal Fault (L1TF) Hardware Hardware

Information sourced from Tom’s Hardware and Intel