Intel Wraps Up Spectre Patching, Partially Cancels Plans For 1st Gen Core & Core 2 Processors
by Ryan Smith on April 4, 2018 7:00 AM ESTIntel this week has published an update to their ongoing microcode guidance document. In the roughly 3 weeks since the last update, the company is offering some unexpectedly mixed news: some additional microcode updates have been finished and released to production, but the company is also aborting their previous plans for issuing updates for some early-generation Core processors.
Last month we reported on the state of Intel’s efforts to issue microcode updates for processors to mitigate the Spectre v2 vulnerability. As of mid-March Intel had finished developing microcode updates for architectures going back to 2nd generation Core (Sandy Bridge), and was in the middle of planning or pre-beta development of updates for processors going back to the Core 2 era. Instead, with this latest guidance, Intel is essentially putting an end to their microcode program, coming to a halt with microcode updates for about half of their 1st generation Core lineup. The end result is that no Core 2 CPUs will be receiving updates, and only some 1st gen Cores will.
Intel’s chip/architecture stack for these earlier generations is somewhat confusing due to a multitude of codenames, which doesn’t help matters here, but here’s the general breakdown of what processor families have been excised from Intel’s support plans.
Intel's Spectre v2 Microcode Updates | |||||
Microarchitecture | Core Generation | Product Lines | Status | ||
Penryn | 45nm Core 2 | Core 2 | Cancelled | ||
Nehalem | 1st (45nm Core) | Core i7-900 | Cancelled | ||
Core i7-800 | Released | ||||
Core i5-700 | |||||
Mobile Core i7-900/800/700 | Cancelled | ||||
Westmere | 1st (32nm Core) | Core i7-900 | Cancelled | ||
Core i5-600 | Released | ||||
Core i3-500 | |||||
Mobile Core i7-600 | |||||
Mobile Core i5-500/400 | |||||
Mobile Core i3-300 | |||||
Sandy Bridge | 2nd | Core 2000 | Released |
In short, no Core 2 processors will be receiving a microcode update. Updates for Penryn and all derivative processors have been cancelled.
As for the 1st generation Core family, what did and didn’t get updated is an odd mix. Ignoring the Xeon side of the equation, Intel has essentially opted to deliver updates for most of their mainstream 1st gen Core processors, but not updates for their high-end models. So the desktop Core 900 series is out, for example, while the Core 800 and below is in. Meanwhile on the mobile side of matters, the Core 900M, 800M, and 700M processors have been excluded, but the Core 600M and below are included.
Overall there isn’t an apparent rhyme or reason from an architectural standpoint for the split. The patched processors include both the newer 32nm models and older 45nm models, but it’s not a complete set from either the tick or the tock side. Which, if nothing else, makes it difficult to make blanket statements about patches for the 1st generation Core processors.
The good news here is that for those 1st gen Core processors that are going to be covered with those microcode updates, Intel has completed them and delivered them to production. So the usual disclaimers about distribution aside – and I’ll be surprised if virtually all of these updates in the consumer space don’t eventually have to be distributed by OS vendors – the necessary microcode updates are available. In fact with this latest release, Intel has now completed their microcode update plans according to their roadmap; there are no additional processor families slated to get the Spectre v2 mitigations.
As for Intel’s rationale for the change in plans, the microcode guidance update document includes a new production status, “stopped,” which covers the cancelled processor families. Under which, Intel states:
After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:
- Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
- Limited Commercially Available System Software support
- Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
Presumably the checkerboard nature of the 1st gen Core updates falls to business reasons. Though it would be interesting to hear what micro-architectural characteristics are presumably preventing deploying patches on Intel’s 45nm Core 2 processors.
Overall this is an unsatisfying (but not upsetting) end to Intel’s microcode update program. After a rough start, Intel has essentially updated 8 years’ worth of processors, an important distinction since it means they’ve covered the Sandy Bridge generation and beyond, which remain in service and reasonably popular to this day (ed: not that I’d know anything about that). And while it was always clear that Intel wouldn’t continue going backwards forever, stopping halfway through the 1st gen Core family after previously scheduling it for support ends things on a disjointed note. Meanwhile for Core 2 owners, the bell is finally tolling, it seems. The processor family that reinvigorated Intel after the Pentium 4 era is finally being left behind.
Update: Intel sent over the following statement this afternoon in response to all of the articles today about the change in microcode update plans.
We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.”
Source: Intel (via Tom's Hardware)
27 Comments
View All Comments
PeachNCream - Thursday, April 5, 2018 - link
If you don't mind spending a little money, the Dell e-Series port replicators have a parallel port and you can use them on fairly affordable used Latitude notebooks including the e6x20 Sandy Bridge series and the e6x30 Ivy Bridge ones (where x = 2, 3, 4, or 5 to denote 12.5 inch to 15 inch screens) or comparable generation Precision laptops. Haswell laptops will work on those port replicators will work too. Those can be had as second hand or refurb systems starting at ~100 and going up to about ~300. Something like that or a comparable retired business laptop from another brand with a docking station (not sure if HP or Lenovo's port replicators are as universal across generations of laptops, but maybe someone more familiar with other brands could offer some insight) may do the job too.gerz1219 - Tuesday, April 10, 2018 - link
We all have fond memories of the Q6600, but it's over a decade old. That CPU was probably the biggest bargain ever offered to PC builders. I think I kept mine through three different GPU upgrades. Can't complain that it's hit the end of its long life.nathanddrews - Wednesday, April 4, 2018 - link
RIP in peace, Q6600.So why does Lynnfield get the update, but not Bloomfield? Northbridge?
DanNeely - Wednesday, April 4, 2018 - link
On the desktop side at least the split for Nehalem/Westmere appears to be LGA1156 yes, LGA1366 no. It's arbitrary but not much more than if they'd done all Westmre's and no Nehalems.The mobile side is not quite packaging aligned. All of the non-patched chips use socket G1, all of the patched ones are BGA1288. The interesting bit is the I7-620M/640M were available in both BGA1288 and G1 versions. I'm really curious of both variants of those got patched or just the BGA1288 ones.
Samus - Wednesday, April 4, 2018 - link
Sucks for Socket 1366 Xeon owners. Lots of servers and workstations out there still running these...A5 - Wednesday, April 4, 2018 - link
Any professional environment still running Westmere Xeons probably wasn't going to apply the patch even if it came out.Samus - Wednesday, April 4, 2018 - link
So this means the Westmere and Nahalem-based Xeon's are not getting microcode updates?Samus - Wednesday, April 4, 2018 - link
Like the X5650 and E5450?Samus - Wednesday, April 4, 2018 - link
Opps those are Core2 based, I meant W35xx series. They are Bloomfields but still Nehalem architecture based on the Core i7-9xx parts.Ryan Smith - Wednesday, April 4, 2018 - link
It's an odd mix. The W3000 series didn't make the cut, but the Nehalem-ES/EX did, so the various E/W/L/X 5000 series Xeons did get microcode. Be sure to check the Intel document linked at the bottom of the article if you need more details.