Intel has come clean to Anandtech (opens in new tab) regarding the level of Spectre and Meltdown protection within its new 8th-generation Whiskey Lake U series Core processors and 8th-gen Amber Lake Y series processors, concluding that its hardware-based defenses against the security flaws aren’t as extensive as we might have expected when Intel promised these fixes earlier this year.
Update: Intel has provided TechRadar with the following statement on the matter:
"Laptops powered by the new mobile 8th Gen Intel Core processors announced today are expected to ship from OEM and system manufacturers with protections for the security vulnerabilities commonly referred to as 'Spectre', 'Meltdown' and 'L1TF'. These protections include a combination of the hardware design changes we announced earlier this year as well as software and microcode updates."
Anandtech created a helpful visual guide for exactly which Spectre and Meltdown defenses have been baked into the Whiskey Lake and Amber Lake hardware. Intel tells Anandtech that there are almost as many hardware fixes for the Whiskey Lake chips as there are in the upcoming Cascade Lake processors for servers.
However, those don’t amount to much when you list out the current known variants of both security flaws. At that point, Whiskey Lake processors are only protected against two variants of Meltdown at the hardware level, with all other fixes being based on firmware and software.
This means that it is possible for new workarounds to emerge that could circumvent Intel’s firmware and software-level fixes to these problems. And, if the nature of hackers has shown us anything, it’s only a matter of time before those we see those workarounds.
In this regard, the Amber Lake line of chips isn’t protected at the hardware level at all. This is because Amber Lake is essentially a rehashing of the recently-released Kaby Lake Refresh processors – just at a smaller power draw of 5 watts for fanless designs – whereas Whiskey Lake is a more updated design on the same 14-nanometer process, allowing for some hardware-grade fixes.
While the Spectre and Meltdown flaws aren’t widely targeting general consumers and more so businesses with servers hosting lots of data, it’s important for Intel to disclose vulnerabilities to attack and theft within their hardware regardless. That’s especially so considering how far we really are from true immunity to these security flaws.
- These are the best processors we’ve tested this past year