12 votes

Intel Publishes Microcode Security Patches, No Benchmarking Or Comparison Allowed!

4 comments

  1. [2]
    Luna
    (edited )
    Link
    For those not in the loop, this particular microcode update is yet another in Intel's attempts to patch speculative execution vulnerabilities in their CPUs. From an article on The Register:...

    For those not in the loop, this particular microcode update is yet another in Intel's attempts to patch speculative execution vulnerabilities in their CPUs. From an article on The Register:

    Specifically, the patch is Chipzilla's processor microcode update emitted this month to stop malware stealing sensitive data from memory by exploiting the L1 Terminal Fault vulnerability in Intel's silicon. The biz had released microcode in July that corrected the underlying problem mostly for server-grade CPUs; this latest fix now covers desktop processors.

    However, this patch comes with a catch:

    You will not, and will not allow any third party to (i) ...; or (v) publish or provide any Software benchmark or comparison test results.

    You are not allowed to publish any benchmarks with the new microcode update installed. The logical explanation is that this patch is severely reducing performance and Intel is attempting to strongarm people into not showing how bad it is. Of course, not all countries would uphold this (some people in this r/Linux thread are saying that you'd get laughed out of court trying to enforce this in Germany), but considering how many tech reviewers are in countries that would enforce this (the US), this will put a major dent in peoples' awareness of the performance impact. It could also effectively bar any future benchmarks if the microcode update had already been applied at the factory.

    I will be looking forward to seeing the benchmarks from posters on reddit who don't care about the EULA and countries where this is unenforceable.

    Edit: @Deimos mentioned below that Intel has responded. Their new license is very short, and does not prohibit benchmarking.

    Edit 2: Oof, some of these benchmarks are REALLY bad. Some are negligible but others are taking 30% performance hit.

    10 votes
    1. teaearlgraycold
      Link Parent
      I'd like to see them try to enforce this in the US.

      I'd like to see them try to enforce this in the US.

  2. [2]
    Deimos
    Link
    Intel's responded some to this now: https://www.tomshardware.com/news/intel-cpu-microcode-benchmark-mitigation,37684.html
    2 votes
    1. balooga
      Link Parent
      Thanks for posting that, looks like they rescinded that part of the agreement. Good news!

      Thanks for posting that, looks like they rescinded that part of the agreement. Good news!

      2 votes