Intel has released to OEMs a new set of Spectre firmware updates. They include microcode for Kaby Lake, Coffee Lake, and Skylake processors.
“This represents our 6th, 7th, and 8th Generation Intel Core product lines as well as our latest Intel Core X-series processor family. It also includes our recently announced Intel Xeon Scalable and Intel Xeon D processors for data center systems,” Navin Shenoy, general manager of the Data Center Group at Intel Corporation, pointed out.
The release follows that of microcode updates for some Skylake-based platforms in early February, and Intel’s January advice to stop deploying initial firmware updates that addressed Spectre (variant 2) due to a higher than expected incidence of reboots and other unpredictable system behavior.
Shenoy advised users to implement OEM firmware updates as the OEMs release them.
Intel also offers a constantly updated document that offers insight into the current situation regarding Spectre patches, i.e., released microcode. As can be seen, the status of the various updates varies from “planning” and “pre-beta” to “production.”
Microsode updates for older processors using the Broadwell and Haswell cores are still in “beta”.
Mitigation instead of an update?
Shenoy also noted the existence of a Google-developed mitigation technique for Variant 2 called Retpoline.
“‘Retpoline’ sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches,” Google explains.
“The name ‘retpoline’ is a portmanteau of ‘return’ and ‘trampoline.’ It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will ‘bounce’ endlessly.”
Intel has provided more information on Retpoline in a newly published white paper.