AMD processors get optional Spectre exploit firmware update
15 January 2018 | 0
When Meltdown and Spectre were uncovered, AMD said that its CPUs were not vulnerable to Meltdown, the first Spectre flaw would be resolved via operating system and software updates, and “differences in AMD architecture mean there is a near zero risk of exploitation” of the Spectre second variant. Nevertheless, while AMD CTO Mark Papermaster says “we believe that AMD’s processor architectures make it difficult to exploit Variant 2,” AMD now plans to patch its CPUs against it.
AMD will start releasing “optional microcode updates” (emphasis ours) for Ryzen, Threadripper, and Epyc processors to its partners shortly, with firmware updates for older processors coming in the future. Like the Intel firmware updates, you will not get AMD’s directly from AMD itself. Instead, you will need to download them from the maker of your PC, laptop, or motherboard through their support pages.
But you might not want to be so quick to do that. When Microsoft said the Meltdown and Spectre fixes could slow down PCs, it specifically said Spectre’s second variant is the only one that requires a CPU microcode update—and that the fixes for the second Spectre variant are the ones that can affect your PC’s performance. Rushed firmware updates can be finicky too. Intel’s CPU fixes are making some Haswell and Broadwell-based computers reboot more often, for example.
If AMD says its processors have near-zero risk to the second Spectre variant and that these CPU updates are optional, you might want to hold off installing them until their potential performance impact has been tested and benchmarked in the wild, especially if you’re on an older PC or running Windows 7 or 8. Those systems suffer bigger performance hits with microcode patches, Microsoft says.
Radeon graphics cards are not vulnerable to the Meltdown and Spectre flaws, AMD clarified in response to questions, since, you know, they are not CPUs. But Spectre attacks could use your PC’s software to exploit the processor flaws. Given how deeply GPU drivers hook into operating system kernels, we’d expect to see AMD release Radeon drivers hardened against Spectre, much like Nvidia has done for GeForce cards.
IDG News Service