[TC] [Updated] New secret-spilling flaw affects almost every Intel chip since 2011 - Page 5 - Overclock.net - An Overclocking Community

Forum Jump: 

[TC] [Updated] New secret-spilling flaw affects almost every Intel chip since 2011

Reply
 
Thread Tools
post #41 of 117 (permalink) Old 05-15-2019, 08:05 AM
I dunno what I'm doing.
 
Blze001's Avatar
 
Join Date: Mar 2013
Posts: 1,412
Rep: 63 (Unique: 45)
Well, RIP my Docker shenanigans, but at least disabling hyperthreading won't nuke my gaming performance too :/

It is what it is.
Waterworld
(21 items)
CPU
i7-8700k
Motherboard
ASRock Fatal1ty Z370 Gaming-ITX/ac
GPU
GTX-1080ti Founder's Edition
RAM
Kingston HyperX
Hard Drive
Samsung M.2 950 PRO
Hard Drive
SanDisk Ultra II
Power Supply
Corsair RM650x
Cooling
Optimus V1 LGA-1151 Waterblock
Cooling
Nemesis GTS240
Cooling
Nemesis 120GTS
Cooling
EK D5 Revo
Cooling
Singularity Protium Pump Top/Case
Cooling
EKWB 10x0 Waterblock
Cooling
SavantPCs 240mm Reservoir
Cooling
Noctua NF-A12x25
Case
Fractal Nano S
Operating System
Windows 10 Pro
Monitor
Alienware AW3418DW
Keyboard
GMMK TKL
Mouse
Logitech G602
Audio
Creative X7
▲ hide details ▲
Blze001 is offline  
Sponsored Links
Advertisement
 
post #42 of 117 (permalink) Old 05-15-2019, 08:07 AM
Waiting for 10 and 7nm
 
tpi2007's Avatar
 
Join Date: Nov 2010
Posts: 10,924
Rep: 874 (Unique: 496)
Quote: Originally Posted by rdr09 View Post
You answered it. About Spectre not needing physical access. Thanks.

BTW, intel installed hardware fixes as well, I believe on 9th gen except for Foreshadow and Spoiler.

The so-called "hardware fixes" on 9th gen Intel CPUs are seemingly the same firmware / microcode updates applied to the 8th gen, except that they come baked in from the factory on the chip. Intel does not appear to have redesigned the hardware to incorporate the fixes at a deeper level to claim back some of the performance losses, they perform the same as the 8th gen (see below). The Fallout paper does seem to suggest that they did something in addition though ("the hardware change in exception creation and suppression introduced by Intel in the latest Coffee Lake Refresh architecture", from the Fallout paper), as it seems that the 9th gen CPUs are more vulnerable to that type of attack.

https://www.anandtech.com/show/13659...re-mitigations

Quote:
Click image for larger version

Name:	Smelt_575px.png
Views:	5
Size:	30.3 KB
ID:	269682

In all cases, performance was within the margin of error between both processors. The biggest single CPU test gain was 4.0% (in LuxMark C++) and the worst was -2.7% (in Agisoft). The usual culprits for this sort of test, DigiCortex and WinRAR, were both within the margin of error. As a result, this hardware fix appears to essentially be a hardware implementation of the fixes already rolled out via microcode for the current Coffee Lake processors.

Is your CPU bottlenecking your GPU ? Find out: CPU and GPU usage along with FPS in-game
Read my reviews here.
Clubs (founder): The rare / unusual CPU club
Clubs (member): Corsair Professional HX / AX Series PSU Owners Club || The Official Cooler Master HAF X/932/922/912(+) Club
CPU
Core i7-3820
Motherboard
Asus Sabertooth X79
GPU
MSI GTX 1060 6 GB Gaming X
RAM
16 GB Corsair DDR3 1866 Mhz Dominator
Hard Drive
Samsung SSD 830 128GB + WD Caviar Black 2TB
Optical Drive
Sony Optiarc DVD-RW
Power Supply
Corsair AX750 Professional Modular 80 Plus Gold
Cooling
Corsair A70 + Noiseblocker M12-P
Case
Cooler Master HAF 912 Plus
Operating System
Windows 7 Home Premium 64-bit
Monitor
BenQ RL2455HM
Keyboard
Cooler Master Octane
Mouse
Cooler Master Octane
▲ hide details ▲



Last edited by tpi2007; 05-15-2019 at 08:22 AM.
tpi2007 is offline  
post #43 of 117 (permalink) Old 05-15-2019, 08:24 AM
sudo apt install sl
 
WannaBeOCer's Avatar
 
Join Date: Dec 2009
Posts: 4,381
Rep: 150 (Unique: 108)
Quote: Originally Posted by tpi2007 View Post
The so-called "hardware fixes" on 9th gen Intel CPUs are seemingly the same firmware / microcode updates applied to the 8th gen, except that they come baked in from the factory on the chip. Intel does not appear to have redesigned the hardware to incorporate the fixes at a deeper level to claim back some of the performance losses, they perform the same as the 8th gen (see below). The Fallout paper does seem to suggest that they did something in addition though, as it seems that the 9th gen CPUs are more vulnerable to that type of attack.

https://www.anandtech.com/show/13659...re-mitigations
Cascade Lake has a few hardware fixes.
Attached Thumbnails
Click image for larger version

Name:	Screen Shot 2019-05-15 at 8.21.07 AM.png
Views:	10
Size:	60.3 KB
ID:	269688  


Maximus
(20 items)
CPU
Core i7 6700K 4.8Ghz @ 1.4v
Motherboard
Maximus VIII Formula
GPU
Radeon VII @ 2100Mhz/1200Mhz w/ 1150mV
RAM
G-Skill 32GB 3200Mhz
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 500GB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is offline  
Sponsored Links
Advertisement
 
post #44 of 117 (permalink) Old 05-15-2019, 08:34 AM
Waiting for 10 and 7nm
 
tpi2007's Avatar
 
Join Date: Nov 2010
Posts: 10,924
Rep: 874 (Unique: 496)
Quote: Originally Posted by WannaBeOCer View Post
Cascade Lake has a few hardware fixes.

Without hardware on hand, it's difficult to prove, but on the schedule that they are on since learning of these vulnerabilities, I'd wager that those common to Coffee Lake are of the same type of "hardware" implementation. With so many holes, they need a thorough hardware redesign, maybe it's what that Next Gen for 2022 in the new roadmap slide alludes to.


https://www.anandtech.com/show/14314...-lake-sampling

Click image for larger version

Name:	intel-xeon-roadmap_575px.png
Views:	6
Size:	287.4 KB
ID:	269690

Is your CPU bottlenecking your GPU ? Find out: CPU and GPU usage along with FPS in-game
Read my reviews here.
Clubs (founder): The rare / unusual CPU club
Clubs (member): Corsair Professional HX / AX Series PSU Owners Club || The Official Cooler Master HAF X/932/922/912(+) Club
CPU
Core i7-3820
Motherboard
Asus Sabertooth X79
GPU
MSI GTX 1060 6 GB Gaming X
RAM
16 GB Corsair DDR3 1866 Mhz Dominator
Hard Drive
Samsung SSD 830 128GB + WD Caviar Black 2TB
Optical Drive
Sony Optiarc DVD-RW
Power Supply
Corsair AX750 Professional Modular 80 Plus Gold
Cooling
Corsair A70 + Noiseblocker M12-P
Case
Cooler Master HAF 912 Plus
Operating System
Windows 7 Home Premium 64-bit
Monitor
BenQ RL2455HM
Keyboard
Cooler Master Octane
Mouse
Cooler Master Octane
▲ hide details ▲



Last edited by tpi2007; 05-15-2019 at 08:38 AM.
tpi2007 is offline  
post #45 of 117 (permalink) Old 05-15-2019, 09:11 AM
It's a me
 
Jayjr1105's Avatar
 
Join Date: Sep 2010
Location: Central Pennsylvania
Posts: 2,869
Rep: 134 (Unique: 111)
(dutch)Apparently Intel attempted to play down Zombieload by trying to award the researchers with the 40,000 dollar tier reward and a separate 80,000 dollar reward as a "gift" (which the researchers kindly denied) instead of the maximum 100,000 reward for finding a critical vulnerability

https://www.nrc.nl/nieuws/2019/05/14...-hart-a3960208

Official Delidded Crewman
The Ivy STABLE Club
Nvida GTX960 Owners Club
Raspberry Pi Owners Club
I <3 Mechanical KeyboardCPU Journey (Click to show)
Celeron 333MHz > Pentium 4 2.4GHz > Athlon XP 2800+ > Athlon 64 3400+ > Athlon II X2 250 > Athlon II X4 640 > Phenom II X4 840 > i5 2500K > i7 3770K
Jayjr1105 is offline  
post #46 of 117 (permalink) Old 05-15-2019, 09:22 AM
Kill Confirmed
 
speed_demon's Avatar
 
Join Date: Nov 2006
Posts: 1,120
Rep: 65 (Unique: 55)
It does look like Intel was trying to buy some "privacy" on the matter.


speed_demon is offline  
post #47 of 117 (permalink) Old 05-15-2019, 09:27 AM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 9,191
Rep: 767 (Unique: 444)
researchers turning down money?

my god, cats are mating w/dogs!

"Name as many uses for a brick as you can in one minute." - interview at graphics-chip maker Nvidia for a campaign-manager job
Fermi: it's better to burn out than fade away.
Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
"The more you buy, the more you save." - Jensen Huang GTC 2018
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
post #48 of 117 (permalink) Old 05-15-2019, 09:29 AM - Thread Starter
Retired Staff
 
JedixJarf's Avatar
 
Join Date: Dec 2010
Location: Coruscant
Posts: 9,361
Rep: 304 (Unique: 243)
Quote: Originally Posted by Imouto View Post
Apple being savage about it:



https://support.apple.com/en-us/HT210107
They claim 40% hit to performance because part of the fix is disabling HT.


JedixJarf is offline  
post #49 of 117 (permalink) Old 05-15-2019, 09:46 AM
New to Overclock.net
 
dj_tokyu's Avatar
 
Join Date: Sep 2008
Location: Kobe, Japan
Posts: 88
Rep: 4 (Unique: 4)
Whew... I'm glad I bought my notebook with a 7300hq instead of the 7700hq. Losing TONS of performance in order to maintain security is a joke.

Intel should be facing boatloads of lawsuits regarding this.

It is what it is...
(16 items)
CPU
Ryzen 5 1600x
Motherboard
MSI X370 Gaming plus
GPU
Asus GTX 1070
RAM
G.Skill DDR4 3000mhz
Hard Drive
Sandisk Pro 512GB
Hard Drive
Seagate 4gb 7200rpm
Hard Drive
Seagate 4gb 7200rpm
Optical Drive
Pioneer BDR-211XJBK/WS Blu Ray drive
Power Supply
Keian 600w 80plus Gold KT-AP600-AXG HC
Cooling
Enermax ELC-LMR120S-BS AIO liquid cooler
Case
Fractal Design Focus G FD-CA-FOCUS-BK-W
Operating System
Windows 10 64-bit
Monitor
2x HP 23er
Keyboard
Logitech G710+
Mouse
Logitech G602 Wireless mouse
Mouse
Steelseries QCK+
CPU
Intel i5-7300hq
GPU
NVidia GTX 1050ti 4GB
RAM
16gb (2 x 8gb) DDR4 2400mhz CL17 memory
Hard Drive
Intel 600p 256gb NVMe SSD
Hard Drive
Seagate Firecuda 2tb 5400rpm HDD
Operating System
Windows 10 professional 64-bit
Monitor
AUO B156HAN06.1
▲ hide details ▲
dj_tokyu is offline  
post #50 of 117 (permalink) Old 05-15-2019, 11:51 AM
Old to Overclock.net
 
xJumper's Avatar
 
Join Date: Jan 2008
Posts: 1,990
Rep: 109 (Unique: 96)
Quote: Originally Posted by PhotonFanatic View Post
There's no way you're safer. You have to understand, there wasn't any mistake. ALL of the chip companies were told by the government, what they were going to do. They can't break encryption, it stays too far ahead of them. So they've stopped trying. Instead they just put in back doors, and bypass it entirely. Not only were all of these chipmakers told what to do, they were told if they talk about it, they're in big trouble. Not like it really matters because the information is out there (just like in this thread) but still, it would make the government look real bad if big tech was always talking about how they got told to put in security vulnerabilities. The good news is, there are some states that seem to be getting tired of this. There are some new bills coming up in Texas and California that are pretty pro privacy and anti scumbag when it comes to big tech and their constant spying. Hopefully they pass into law.

iirc there have been a few companies who have bypassed the gag order given to them by the government. I think apple was one of them. They had a web page where it said something like "Days passed since we were told help the government spy on our users: 0". Something like that, where they weren't technically breaking the law that was put into place to force them to comply with the government's spying wishes.
I wouldn't put it past them, and I really keep an open mind on this type of stuff but I am not at the level yet where I am ready to confidently say or go under the assumption that ALL major hardware companies likely have hardware backdoors; I just haven't seen enough proof yet. The government uses the same hardware we do for the most part, and as history has shown backdoors are exploitable by good guys or bad guys, I find it unlikely that they would want backdoors in all the hardware they use. That being said, I think that the day that hardware backdoors will be implemented into everything could be coming very soon. Like you said, the government seems to have given up on directly cracking encryption, now they use more direct methods.

Quote: Originally Posted by PhotonFanatic View Post
Anyway if AMD is any "safer" its just because the particular backdoors haven't been found out yet. You can count on them being there, every bit as bad as intel. They're not going to go to such lengths with intel and the others, and then just conveniently forget about, and leave out AMD.
Well if AMD has any similar backdoors (which they very well could), they aren't known in the wild yet so baring any state actors I can rest assured that I am relatively safe of normal hackers from those attack vectors.

As far as Apple being backdoor free, I wouldn't trust them one bit. They have done shady stuff in the past to comply with anti-freedom governments just to make a quick buck. Realistically, there's probably less than 100 or so employees directly involved with the low level programming in the iPhone or similar products, it's not beyond the realm of possibility for the government to serve them all an NSL with a gag order saying something to the affect of "do this, implement this backdoor and if you talk about it you will go to jail for a very long time". The attack surface of their devices is massive as well. They make one device, one config for millions of users and they have every government and anti-freedom security research companies actively looking, creating and/or paying hundreds of thousands of dollars for known exploits. On the Android front, I expect that a few governments have Qualcom in their back pocket and have ring zero access to phones using Qualcom chips. There's a few articles I've read about just how vulnerable phones are due to being extremely insecure on the modem/firmware front. There's only a handful of people in the world that know/fully understand the code for the radio telephony/firmware used by cellphone base band modems, apparently according to experts some of this stuff uses 1980's technology and is ripe for exploitation.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲



Last edited by xJumper; 05-15-2019 at 12:04 PM.
xJumper is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off