In early 2018, Intel suddenly dropped a shock and the CPU was confirmed to contain a serious security hole. Various CPU makers were involved in the process starting from Intel, and even NVIDIA announced the availability of a new graphics driver to fix the vulnerability.
Due to the wide spread of vulnerability events and strong attack ability, software, operating system and even CPU firmware must be updated.
At present, the remedial measures have basically reached the initial perfection level. Therefore, a more detailed test on the impact of the existing remedial measures on the loopholes is carried out.
Intel Vulnerability Gate Description:
First of all, a brief introduction to this loophole incident.
- Vulnerability classification The loopholes in the gate created two major loopholes in Meltdown and Specter.
- Affected manufacturers : Intel (almost full line of products since 1995), AMD, ARM CPU mostly affected by varying degrees, NVIDIA also claimed that graphics cards need to update the driver.
- Vulnerability : Vulnerability Gate Causes Specially Designed Virus Software to Read Any Part of Device Memory Directly, All Sandboxes for System Kernel Protection and Security Software Will Fail Directly.
- Vulnerability fixes : Vulnerability patch is mainly divided into four parts, browser kernel update, system patch installation, CPU microcode upgrade (brush BIOS), graphics driver update (NV)
- Vulnerability patch classification : Software updates such as browsers and system patches are mainly aimed at 'blown'; CPU microcode and graphics drivers are mainly targeted at 'ghosts'.
- The consequences of patching : After the patch will significantly reduce the performance of the CPU, in accordance with the CPU iteration, the more ancient products affected by the more obvious.Cpu daily use of power consumption will be significantly increased.
- Confirmation of the repair effect : The software 'inspectre' released on the GRC can help you quickly diagnose the extent of bug fixes, and a green 'NO' indicates that the corresponding bug is immune.
Affected by various vendors and countermeasures (for the PC market):
First of all, talk about the progress of the software patch, the current browser and operating system have provided targeted updates, the following will not be mentioned repeatedly.
Intel:
- Degree of spread : Intel is the most affected (because it is out of order execution of the most determined fans), 'blown' and 'ghost' are in the trick.
- Mending method : All updates are required for browser kernel update, system patch installation, CPU microcode upgrade (brush BIOS).
- BIOS progress : Currently 115X mainstream level, from the sixth generation and above there will be BIOS updates; X series, there will be BIOS updates from the X99 platform and above. Need to pay attention to the motherboard manufacturers BIOS repair progress is not the same, or even appear in the BIOS part Microcode update is not in place.
- Performance changes:
At the same time to do the software and BIOS repair case, the impact on performance is the largest.At present, for the Intel part of my test data is relatively complete, so a detailed decomposition.Required that no matter what the repair method, the disk performance will Obviously affected, the main discussion here is the actual use of performance changes.
Eighth Generation Core Duo: Eight generations of Core Duo better offset by overclocking the performance loss, the overall change is relatively small.
Sixth and seventh generation: The performance loss is not obvious in the case of software repair only, and the cache compensation is less, so the multi-core performance has obvious performance loss when the software and hardware are repaired at the same time.
Fourth, fifth generation: There is no BIOS release, only for software updates, it is known to 5820K, for example, full transcoding performance loss of about 8% is expected in the fourth and fifth generations of products will be greater than the impact of the sixth and seventh On behalf of the product.
Older products: Pure software patching is expected to have significant performance penalties due to larger updates to the fourth generation of caching mechanisms (Microsoft officials say users clearly perceive loss of performance)
- Power consumption changes:
After the repair CPU load will be higher than before, the corresponding power consumption will increase.Especially in the office, watching movies, surfing the Internet and other scene changes are particularly evident.Eighth generation of core rely mainly on overclocked L2 to offset the performance loss of repair, Therefore, in low load scenarios, the maximum power consumption will be increased by 30%.
- Fix suggestions:
Due to the vulnerabilities in the JS code easier to be attacked, it is estimated that the browser will be the main attack vector, so no matter what the circumstances, we must update the browser, the domestic browser users recommend using the appropriate browser back to the official browser Domestic browser kernel update is certainly very slag).
It is recommended that the sixth generation and later CPU users should update Microsoft's system patches, so performance loss will not be too noticeable.
The fourth and fifth generations of CPU users, the update patch is expected to decline fully loaded with performance, but for security reasons it is recommended to update the BIOS is temporarily not on, want to update can not update.
Older users of the product, CPU performance is expected to have a greater impact, is not to update the system patch I said it is very painful, but in any case, the browser must use the latest version of the kernel, otherwise it will die miserable.
- Precautions:
At present, the CPU microcode of Intel is determined to cause the computer to crash and reboot, and the DELL, HP and ASRock have announced the BIOS related to the shelf. If the BIOS update appears relevant, it is suggested to try to roll back the BIOS version.
Even get the CPU microcode, or do not recommend that you modify the BIOS to update, may generate additional BUG.
As some vendors made Intel microcode rollback withdrawal processing, so do not rule out subsequent Intel microcode update, the performance of the possibility of change again.
At present, Intel has let Microsoft once again release a patch that shields the Intel BIOS vulnerability repair patch (TM launcher). Compared with the system patch method, the individual still further recommends that you directly roll back the BIOS.
AMD:
- Degree of spread : AMD 'blown' is immune, but 'ghost' is still on the move.
- Mending method : All updates are required for browser kernel update, system patch installation, CPU microcode upgrade (brush BIOS).
- BIOS progress : Currently AMD has announced the availability of microcode to motherboard makers, but for the time being no specific BIOS updates have been seen.
- Performance changes : The actual performance impact is unknown due to the fact that the BIOS is not yet released, but from all sources, the impact should be less than Intel's.
- Power consumption changes : Not sure yet.
- Fix suggestions : For now, as long as the browser and operating system can be updated, the motherboard BIOS also need to wait.
- Precautions : Microsoft's first version of the system patch on AMD earlier CPU products (Athlon, Opteron, etc.) support there will be problems, leading to the first version of Microsoft to recover the patch. At present as long as the Microsoft automatically update the patch can be used normally, it is recommended Download offline package, pay attention to confirm the patch code.
NVIDIA:
- Degree of spread : 'Fuse' is to confirm the immune, but the 'ghost' or will recruit.
- Mending method : Update graphics driver can be.
- BIOS progress : nonexistent.
- Performance changes : According to a preliminary rough test, performance is not affected.
- Power consumption changes : Not sure yet.
- Fix suggestions : For now, as long as the browser and operating system can be updated, the motherboard BIOS also need to wait.
- Precautions No