Intel this week announced its Amber Lake and Whiskey Lake processors, the latter of which includes hardware protection for Meltdown and L1TF. The chip maker confirms this. There is no hardware protection in Amber Lake CPUs.
Intel confirmed the hardware changes to Tom’s Hardware. It states that full protection is in place against Meltdown and L1TF or Foreshadow, vulnerabilities found in Intel processors over the course of this year. The first allows to read kernel memory from userspace and the second has access to the CPU’s L1 cache, which contains data from SGX enclaves, for example. So far, software mitigations have already been made available for this, but now also in the hardware itself. These should have less negative impact on the performance of a system.
However, that does not mean that all the vulnerabilities that Intel identifies with side-channel methods have been addressed in Whiskey Lake, as can be seen from the table below. For example, for Specter and related variants, only patches via microcode and the operating system are available. Intel further tells Tom’s Hardware that the hardware changes are only present in Whiskey Lake, but not in Amber Lake. The chipmaker announced laptop chips within these generations this week.
The Core i3-8145U, i5-8265U and i7-8565U are the first consumer processors to have some form of hardware protection against the Meltdown and L1TF vulnerabilities. They are not the only chips that Intel has provided with hardware adjustments. For example, two weeks ago it was announced that Intel is also introducing hardware protection in the upcoming Xeon CPUs of the Cascade Lake generation. However, the safeguards in Cascade Lake and Whiskey Lake do not target the same vulnerabilities. Intel says it plans to expand hardware customizations over time.
|Vulnerability variants||Whiskey Lake||Cascade Lake|
|Variant 1 / Bounds Check Bypass||OS||OS and VMM|
|Variant 2 / Branch Target Injection||Firmware and OS||Hardware + OS and VMM|
|Variant 3 / Rogue Data Cache Load (Meltdown)||Hardware||Hardware|
|Variant 3a / Rogue System Register Read||Firmware and OS||Firmware|
|Variant 4 / Speculative Store Bypass||Firmware and OS||Firmware + OS and VMM|
|Variant 5 / L1 Terminal Fault (L1TF)||Hardware||Hardware|
Information sourced from Tom’s Hardware and Intel