Intel CEO KR Qiqi recently announced that the Intel processors released in the past five years have all repaired the first variant of the Spectre Ghost Vulnerability, and will redesign the hardware in the next generation of processors, the second variant of the fully immune Ghost Vulnerability and Meltdown melts the hole.
As the world's leading processor in the x86 processor market, Intel is facing such a serious vulnerability crisis. How exactly do we deal with it? What behind-the-scenes stories are there?
Fortunately, “Fortune” magazine recently wrote an article to interpret the loophole from another perspective.How Intel Is Moving From Software Fixes to Hardware Redesigns to Combat Spectre and Meltdown ' (How Intel Turns Strategies from Software Repair to Hardware Redesign in Response to 'Ghost' and 'Missing' Vulnerabilities).
The original compilation is as follows:
A few weeks ago, Ronak Singhal, a senior executive who worked at chip maker Intel for 20 years, was preparing to go to Helena, his favorite restaurant in Israel, but he went to a fine restaurant on the southern Mediterranean coast of Haifa. Before co-workers celebrated his promotion, he had to explain to a company’s software partner how Intel patched the 'ghost' and 'fuse' security issues.
That night, the problems Singhal was responsible for developing all of Intel's processor architectures were: Patches had problems.
In millions of computers running Intel CPUs around the world, a patch of 'ghost' can cause some computers to crash or restart automatically. Although this has only affected a small part of the market, it has spread enough to panic PC makers. At the level of mischief, they immediately recalled the updated software.
Linus Torvalds, the father of Linux, was even overtly declared that Intel's job was 'junk'.
Singhal explained that The patch uses some technology that Intel has never used before in its software, and in some cases it has not achieved the desired results.
It took him more than an hour to dispel the contractor’s concerns—Singhal’s colleagues had to eat before they could wait for him.
'They also got lost or kidnapped for me.' He recalled this with a joke.
He finally did participate in the party and ate a plate of squid in Helena Restaurant.
A few weeks later, Intel issued an amendment, and since then, the repair work for one of the most serious security incidents in computing history has progressed smoothly. Late at night on March 15, Beijing time, Intel announced that it has produced all chips for the past five years. Fully deployed patches.
For Singhal, the next step is to directly incorporate the remedial measures into the upcoming processor hardware. The improved hardware design will be the eighth-generation Core processor released in the second half of this year and the code name expected to be released in the fourth quarter. Prepare for Xeon's server chips for Cascade Lake.
Singhal said: 'Breaking protection into the hardware eliminates the huge impact of software patches on performance.'
Intel CEO Kozic told Fortune Magazine: "Our first software defense measures have already worked. We have completed the repair of the latest five years and the latest release of the product. Now start implementing hardware defense measures, the latter will Implant our chip. '
Variants of 'ghost' and 'blown' 1, 2, 3
These serious security flaws exist in almost all the chips that Intel and its competitors have manufactured in the past decades. These vulnerabilities were not obvious when they were discovered last summer.
Researchers from Google’s special security vulnerability research team informed Intel Security in June last year that they had found a problem in the critical part of CPU design.
Modern chips usually have a lot of idle processing power. Therefore, before the execution of the early steps, the program calculates several options for solving the problem. This is reasonable. This kind of performance growth strategy called predictive execution will be followed by Discard answers that do not meet the results of the earlier steps.
However, Google researchers, and several subsequent academic teams, have found ways to trick the chip into revealing data such as passwords and encryption keys, because of the predictions used to perform calculations.
Researchers called two variants of this deception method 'ghosts'. This is the name of the evil organization in the "007" movie that confronts James Bond, and calls the third variant 'fuse'. Because it can effectively 'blown' safety barriers.
This danger is especially serious for cloud servers because programs from multiple clients may run on the same chip and in a web browser, and web browsers may unknowingly execute code from a website.
At the beginning of July 2017, Intel and other chip makers realized that the problem has a huge scope of influence, and called multiple teams to develop solutions.
Singhal called a morning meeting, sometimes for two hours, to coordinate Intel's emergency response offices in Oregon, California, Texas, and Israel. People from different time zones are constantly working around the issue around the clock. .
From beginning to end, the plan is to first release software patches, and then incorporate protection measures into future chip designs.
The cost of a software patch is to reduce the performance of the affected CPU, and the degree of degradation depends on the type of Intel chip and the program that is running.
Tests on a PC equipped with the Kaby Lake Core i7 processor show that most applications are reduced by less than 10%, which is difficult to detect in everyday use.
Microsoft warned that PCs running Windows 7/8 systems and the Intel Haswell processor 5 years ago would be significantly affected.
Intel's latest security measures
To this end, Intel CEO Koziqi set up a new group IPAS (Intel Product Assurance and Security) to not only fix the 'ghost' and 'fuse' loopholes, but also respond more effectively to future security issues. Joined Intel in 1979. Executives led by Leslie Culbertson lead the IPAS team.
Ke Zaiqi said, 'This is a brand-new research field and a new area of security understanding that requires Intel's long-term investment'. The focus will be on discovering future loopholes. There is a general problem of how to make chips more secure. 'You will see To continuous progress - this is the work of this team.
Singhal said: 'We know this is not the end of the story. For many of us, this may be a continuous job.'
When the news media reported on the news about 'ghosts' and 'fuse' in early January of this year, Intel's share price suffered a blow because investors fear that security problems will slow chip sales.
Recently, some analysts believe that the new Intel chips with built-in protection measures may stimulate more sales because companies want to upgrade to more secure hardware.
Intel’s stock price has so far increased by 12% this year, exceeding the 3% increase of the S&P 500 Index.
Koziqi said: 'We said from the beginning, we think the impact is insignificant. Analysts need to realize that we continue to make such improvements - to improve security and performance and add new features to promote the upgrade.'
