Intel CEO Brian Krzanich has penned an open letter to the rest of the technology industry, addressing concerns over the two major CPU security flaws. Intel has been issuing cleverly-worded statements, and altering its guidance on performance issues related to security fixes, but the company now says it’s ready to be transparent. “As we roll out software and firmware patches, we are learning a great deal,” admits Krzanich. “We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique.”
Intel is committing to providing updates for at least 90 percent of CPUs produced in the last five years by January 15th, and the rest by the end of January. Whether end users will get those updates is another story, as most PC makers have poor update systems in place for firmware updates. While Microsoft chooses to distributes Surface firmware updates through Windows Update, most PC makers use their own separate software rather than Windows Update.
Intel is now planning to provide “frequent progress reports of patch progress, performance data, and other information” over at Intel’s dedicated Spectre and Meltdown site. Intel’s pledge of “transparent and timely communications” is exactly what is required right now, providing the company follows through. Intel has faced growing criticism since Microsoft revealed the extent of potential performance impacts after security patches are applied to protect against a variant of the Spectre flaw. Microsoft revealed the following:
Windows 10 running on Skylake, Kaby Lake or newer CPU show benchmarks show “single-digit slowdowns”, but most users shouldn’t expect to see noticeable slowdowns
Windows 10 running on Haswell or older CPUs “show more significant slowdowns” and “some users will notice a decrease in system performance”
Windows 7 or Windows 8 running on Haswell or older CPUs means “most users will notice a decrease in system performance”
Essentially, if you have a Skylake or newer processor running Windows 10 then you shouldn’t be noticeably impacted by the firmware updates. Intel released new benchmarksyesterday, but they only covered Skylake or newer machines, and no server workloads. These are still the mysteries right now, especially given Microsoft is warning workloads could be significantly impacted in server scenarios, and that companies might have to pick between performance and security.
Going forwards, Intel is also committing to publicly identify future security vulnerabilities and “share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks.” All of these commitments will be what server admins and IT admins want to hear right now, and hopefully a clearer picture around performance impacts will emerge in the coming weeks.