Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Intel Security

Intel Says Some CPU Models Will Never Receive Microcode Updates (bleepingcomputer.com) 213

Posted by msmash from the how-about-that dept.
An anonymous reader writes: Intel released an update to the Meltdown and Spectre mitigation guide, revealing that it stopped working on mitigations for some processor series. The Meltdown and Spectre mitigation guide is a PDF document that Intel published in February. The file contains information on the status of microcode updates for each of Intel's CPU models released in the past years. Intel has constantly updated the document in the past weeks with new information about processor series and the microcode firmware version number that includes patches for the Meltdown and Spectre flaws.

An update published on Monday includes for the first time a "Stopped" production status. Intel says that processors with a "Stopped" status will not receive microcode updates. The reasons basically vary from "redesigning the CPU micro-architecture is impossible or not worth the effort" to "it's an old CPU" and "customers said they don't need it." The following Intel processor products received a "Stopped" status marker: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, Wolfdale M0, Wolfdale E0, Wolfdale R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield, and Yorkfield Xeon.
This discussion has been archived. No new comments can be posted.

Intel Says Some CPU Models Will Never Receive Microcode Updates More

Intel Says Some CPU Models Will Never Receive Microcode Updates

Comments Filter:

  • This is BS. (Score:5, Insightful)

    by Joey Vegetables ( 686525 ) on Wednesday April 04, 2018 @10:09AM (#56380135) Journal
    I'm sorry, but if I'm investing in a high-end, server-class CPU, I expect it to be supported for as long as is reasonably possible. If they said they weren't updating 10 year old Celerons or Atoms, that might be understandable. But Xeons? Let's just say I don't plan to every buy one again, at least so long as AMD represents a reasonable alternative. In fact, I will always stick with AMD (as I long have, for other reasons) until and unless Intel makes some kind of definite, enforceable support commitment.

    • I'm sorry, but if I'm investing in a high-end, server-class CPU, I expect it to be supported for as long as is reasonably possible. If they said they weren't updating 10 year old Celerons or Atoms, that might be understandable. But Xeons? Let's just say I don't plan to every buy one again, at least so long as AMD represents a reasonable alternative. In fact, I will always stick with AMD (as I long have, for other reasons) until and unless Intel makes some kind of definite, enforceable support commitment.

      Look at the release dates for the specific Xeons on their list. For example, the W3520. It was released 9 years ago. I don't blame them one bit for not updating ancient chips like that. If it was a chip released in 2016 I think owners could reasonably be upset. Intel only provides 3 year warranties on Xeon processors. If they were feeling generous, they might provide updates for chips 5 years out...

      • Re:This is BS. (Score:5, Interesting)

        by Joey Vegetables ( 686525 ) on Wednesday April 04, 2018 @10:29AM (#56380279) Journal
        None of this makes me feel any more inclined to favor Intel over AMD. This isn't their first "brown paper bag" bug and I doubt it will be their last. If only a 3 year warranty is even offered on some of the highest-end chips they made at the time, when some new cars are warrantied for 10, I think that says something really awful about even Intel's own assessment of whether its products can be supported in the long term. AMD may or may not be drastically better, but Intel has set a very low bar, and it is going to take them serious time to earn back my business, assuming they ever do.

        • For what it's worth, AMD also has only a 3-year warranty.

          • Yeah. Shame on them too for that. But then I haven't needed to have an AMD chip re-microcoded, much less replaced. The Honda I drive has a much shorter factory warranty than the Hyundai I don't, but that doesn't bother me so much because I know from much experience (mine plus that of countless others) that a well-maintained Honda will typically last a very long time and the warranty won't likely be needed.

        • None of this makes me feel any more inclined to favor Intel over AMD. This isn't their first "brown paper bag" bug and I doubt it will be their last.

          AMD has bugs in their chips too. They're vulnerable to Spectre as well.

          If only a 3 year warranty is even offered on some of the highest-end chips they made at the time, when some new cars are warrantied for 10

          You only see a 10 year warranty on powertrains (which seldom break) and even then it isn't a 10 year warranty, It's typically a 10 year OR 100,000 mile warranty, whichever comes first. The comprehensive warranties are 3-5 years OR 30-50K miles.

          I think that says something really awful about even Intel's own assessment of whether its products can be supported in the long term.

          Find me ANY large chip maker offering support on a ten year old chip. Why would they offer support on chips that by computer industry standards are ancient when none of their competitors do eithe

          • I'll admit a certain amount of distrust of Intel right now. They did not behave as I expected them to. AMD may one day prove to be just as bad, or even worse, but, as of right now, I consider them as having by far the better track record, and I will give them the benefit of the doubt for as long as there is doubt to give them the benefit of.

            • I'll admit a certain amount of distrust of Intel right now. They did not behave as I expected them to.

              Seriously not meaning to sound snide but perhaps your expectations are unrealistic? I think there is no reasonable basis to expect AMD would have behaved any differently than Intel in the same situation. Intel has done pretty much exactly what I expected them or any rational profit seeking company to do.

        • Re:This is BS. (Score:5, Insightful)

          by blind biker ( 1066130 ) on Wednesday April 04, 2018 @04:58PM (#56383549) Journal

          AMD may or may not be drastically better,

          Seeing as though AMD CPUs are not susceptible to Meltdown, I would say they have an enormous advantage over intel's. The fact is that Meltdown, unlike Spectre, is very easily exploitable in practical terms, and is the one people should be actually worried about.

      • Re: (Score:2)

        by epine ( 68316 )

        Intel only provides 3 year warranties on Xeon processors. If they were feeling generous, they might provide updates for chips 5 years out...

        What does warranty have to do with this?

        If a baby seat kills babies because it's defective by design, this is not a warranty issue. Not even if the baby seat only kills babies when combined with other safety systems that weren't invented yet at the time the baby seat was originally sold.

        Both of these ends of the telescope are too extreme for the matter at hand, but at

    • I'm as upset as you are, but let's face it, we're dealing with 8-10 year old processors here. Yes, for many applications still way more than good enough, but still. I think it's asking a bit much to expect patches for hardware that is about 3-4 generations old.

      Price isn't a deciding factor here, unless of course part of that price was the promise of support above and beyond what could reasonably be expected.

      • Not the OP here, but I don't expect a fix. what I do expect in the absence of a fix, is pin compatible replacements made with today's technology. Failing that, compensation:
        • to me, for having to replace my entire system including embroidery machine, ATE system, yacht navigation system,
        • the world at large for huge numbers of large, complex systems going to landfill

        Intel are causing massive disruption to people who are not nerdy games players trapped in their parents basement, or cloud providers, and don't

      • Re: (Score:2)

        by arth1 ( 260657 )

        I'm as upset as you are, but let's face it, we're dealing with 8-10 year old processors here. Yes, for many applications still way more than good enough, but still. I think it's asking a bit much to expect patches for hardware that is about 3-4 generations old.

        When companies like Red Hat and Microsoft offer extended OS service plans so you can keep the OS updated with security patches for 10 years, it would be nice if the firmware on those machines certified for that OS could also receive security updates. Even for a price, because the price of migrating large software systems can be very high, and companies want to avoid doing it when it doesn't buy anything extra for as long as possible.
        So yes, you will find 10 year old systems in many companies, going on doin

    • Re:This is BS. (Score:5, Informative)

      by Aaden42 ( 198257 ) on Wednesday April 04, 2018 @10:46AM (#56380423) Homepage

      Realistically most enterprise customers use hardware for 3 to a MAXIMUM of 5 years, then it's out the door. Even high-end Xeon CPU's. It's entirely plausible that the bulk of actual enterprise customers(*) don't care.

      (*) Note: actual enterprise customers, not nerds who buy surplus servers off eBay to run in their basements.

      Disclaimer: I am one such nerd.

      • I wish! We still have SPARC machines.

      • Hah, Most enterprises are using computers for a minimum of 5 years now because the hardware isn't improving at a fast enough rate. As an example, Anandtech recommended that with the most recent Kaby Lake processors it was finally worth it to replace Sandy Bridge processors as KL finally represented a 20 percent increase in performance over SB. KL and SB are more than 10 year apart (KL is generation 8 Core Microarchitecture, and SB is generation 2 Core Microarchitecture) that means it took 6 revisions before

      • Well, as example one of our customers has following servers in their server room doing variety of tasks:

        -One is brand new and is the primary server running a bunch of virtual machines.
        -A second is the four or five year old server that it replaced and is retained as backup to run the virtual machines if needed.
        -The main production management system has 2 servers (main and backup), both were bought in 2007/2008. (so approx 10 years).
        -There is the exchange server from about 2011(so about 7 years). Will be remo

      • The law of diminishing returns, fairly reasonable quality components says you're off a bit there.

        The innovations in performance nowadays has slowed down so much that a beast server built 7 or 8 years ago, is still perfectly acceptable at performing some tasks for customers. It's chewing a bit more power but the amount of performance they gain by replacing said server isn't that wildly different.

        I would say the oldest I've seen is 10 but 7 was certainly still common in the last place I was at. Over 3000 s

    • Query: Do these servers connect directly to the Internet w/o any sort of firewall, DMZ rigging, load balancer, or similar? If not, the odds are fairly low. If so, you got bigger problems than anything Intel does or doesn't do.

      • The advent of laptops, thumb drives and mobile devices long ago rendered life inside the firewall or DMZ just as scary as life outside it. Yes, my experience is that servers are left running as long as they can be, and they are often very vulnerable. Companies typically value stability over security; in their view, a security upgrade is as likely to cause them inconvenience as would an overt security breach. And not to turn this into a yet another Windows versus Linux debate, but Windows servers are typi

    • As long as "Full generic retpoline" is reported in the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file, Spectre (and likely Meltdown) are not a concern.

      The best was to accomplish that for Red Hat environments is to install Oracle's kernel RPM [linuxjournal.com] for the "Unbreakable Enterprise Kernel" (UEK).

      • Still waiting for Spectre patches to hit stable gentoo-sources. Meltdown wasn't a concern for AMD. Also, don't the retpoline patches depend on patched CPU microcode?

        • Re: (Score:2)

          by emil ( 695 )

          As I understand it, only Skylake and later CPUs are not completely addressed by retpolines.

          Ubuntu released a kernel that reported this around 2/15.

          Red Hat released one with partial support that seemed to require microcode around 3/8.

          Oracle implemented the Full generic support starting 3/14.

    • processors do not identify to an operating system as "FurTongue Hyper," they identify with some alphanumeric code. so it does no good to say FurTongue45 is supported and DirtyTail6 is not. the whole thing is a load of nonsense that hides what's under the hood. a pox on all chipmakers' houses.

    • I wouldn't at all be surprised if part of the strategy here is to scare people into dumping older systems and buying new ones so they're 'protected'.

    • Re: (Score:2)

      by ddtmm ( 549094 )
      Or until AMD does something similar...

  • PDF ends with "Intel - Experience what's inside" (Score:5, Funny)

    by JoeyRox ( 2711699 ) on Wednesday April 04, 2018 @10:11AM (#56380149)
    Apparently what's inside is the experience of abandonment.
  • Please note, that just because it receives a microcode update, doesn't mean it's secure. The processors are still buggy as hell [marc.info].

  • Code names (Score:4, Interesting)

    by H3lldr0p ( 40304 ) on Wednesday April 04, 2018 @10:24AM (#56380243) Homepage

    Can we get a run down of the retail names for these CPUs? I feel like Intel is running a fast one on us through these code names.

    Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, Wolfdale M0, Wolfdale E0, Wolfdale R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield, and Yorkfield Xeon

    Are these 2012 or 2014 i5s or i7s? Xeons, are they the server or high end desktop kinds. Did HP or IBM use them in their products? Where should I be looking for more information guys?

  • Admission of inadequacy (Score:3)

    by Archtech ( 159117 ) on Wednesday April 04, 2018 @10:29AM (#56380273)

    'Intel says that processors with a "Stopped" status will not receive microcode updates. The reasons basically vary from "redesigning the CPU micro-architecture is impossible or not worth the effort" to "it's an old CPU" and "customers said they don't need it."'

    Well, I am writing this on an Intel Core i-7 940, and I *do* need it. I paid quite a lot for this PC (although a while ago) and I don't see why I should not expect it to work reliably.

    In general, moreover, it seems axiomatic that anyone who owns and is using one of those processors marked "Stopped" does need a fix.

    It seems that Intel is ready to admit that it was (and may be still) unable to design and build processors that were dependably secure in normal operation.

    Also that it is willing to let its customers down without compensation.

    • This is not entirely fair. (Score:4, Informative)

      by emil ( 695 ) on Wednesday April 04, 2018 @11:17AM (#56380729)

      AMD isn't pushing a Spectre fix for older CPUs. Nor is Qualcomm for Snapdragon. Nor is Samsung for Exynos. We could go on for quite a long time with such a list.

      If you need the fix for your i7 which Intel has abandoned (just like all the vendors above), run a modern Linux kernel where you see the file /sys/devices/system/cpu/vulnerabilities/spectre_v2. If this file contains the word "Full" then your kernel is protected, and you don't need microcode.

      The microcode is only required on Skylake and newer for full remediation.

    • Well, I am writing this on an Intel Core i-7 940, and I *do* need it. I paid quite a lot for this PC (although a while ago)

      Do you know that you can pickup a Xeon X5670 for $30 on eBay?

    • and I don't see why I should not expect it to work reliably.

      I don't see what reliability has to do with it. Is something not working reliably right now? I'll tell you what didn't work reliably, the last microcode update. If reliability is your concern you should probably prevent any microcode update from being installed given what happened last time it was released.

      It seems that Intel is ready to admit that it was (and may be still) unable to design and build processors that were dependably secure in normal operation.

      No. The only thing that you can seemingly imply from this situation is that Intel was unable to design and build a processor which allows this specific bug to be patched via microcode. And if you think th

  • Comment removed (Score:3)

    by account_deleted ( 4530225 ) on Wednesday April 04, 2018 @10:34AM (#56380329)
    Comment removed based on user account deletion

  • Intel has so many CPUs that they can't even keep track of all of them.

    They listed the old Core 2 Duo of my Mac mini as STOPPED (shocking, I know), but I can't even find the i5-4660 of my gaming PC in the document.

  • Are the new i5, i7 and i9 CPUs also vulnerable to these flaws?

  • You can still buy parts for a 1955 Chevy or a 1964 Ford Mustang so why not an old computer?

    For all the noise about "The Environment" you can do more by just using things as long as possible.

    • Re:RL Support Timelines (Score:4, Informative)

      by mckwant ( 65143 ) on Wednesday April 04, 2018 @12:17PM (#56381261)

      I hear you, but there are valid reasons for driving a '55 Chevy. I'm a 2000 Civic guy myself, but old cars are pretty, and if mechanic-ing is your thing, Godspeed.

      Less confident that's the case here, though. I haven't tracked Intel names for a while now, but got bored/curious, data Wikipedia except for one:

      Bloomfield / Bloomfield Xeon: 4c/8t, running 2.4-3.3GHz, produced '08-'11.
      Clarksfield: Mobile Quad i7, 1.6-2.0GHz base, 3.2 turbo. 45W TDP, produced '08-11.
      Gulftown: 6 cores running 3.2-3.4GHz, production started in '11
      Harpertown: Quad core, 2-3.4GHz, produced '07-present
      Jasper Forest: Quad core, 1.7-2.4GHz, produced '10-present
      Penryn: Mobile C2D, 2-4 cores, 1.2-3GHz, produced '07-'11
      SoFIA 3GR: (Intel page) 2W TDP, 1.1GHz Atoms, and that's enough about that
      Wolfdale: 2 cores, 2.5-3.5GHz, produced '07-'11
      Yorkfield: Quad core, 2.3-3.2GHz, produced '07-'11

      What in there is worth the time to refurbish? Bloomfield/Gulftown, we'll talk, maybe, but it would literally have to drop into my lap, come in a fully functioning box, and I'd have to invent a task for it. Even then, finding memory/cards/etc. would be problematic, and you're definitely stuck on USB 2.0. At best. No, I'm not doing the research.

      I can see why folks are getting their shorts in a bind, but let's pump the brakes a little bit, anyway. I dunno. Probably just another "Yeah, you're officially old now" moment.

    • Re: (Score:2)

      by Teun ( 17872 )
      Sure, manufacturing has an environmental impact but only once.
      Running outdated CPU's has an energy impact every day. (Cycles per Watt)
      Remember modern GPU's are also large energy sponges.
    • Cos CPU manufacturers own more congress-critters than the entire motor industry, and its easier to form/hide a cartel of two or three than a cartel of seven or more?

  • Baby I'm Amazed (Score:4, Insightful)

    by jonesy16 ( 595988 ) on Wednesday April 04, 2018 @12:06PM (#56381143)

    The sheer number of insults being thrown at Intel over this issue is pure amazement. Comparisons to cars (#causeSlashdot) and of course to AMD (#flameon), but it seems to me that there are far too great of expectations for the level of support a company should provide, especially given the sheer complexity of a processor and how it relates to security threats. To expect the design of something like a general purpose CPU to be perfect out of the door and error-free for the next several decades seems ridiculous to me. The claims that people now have to throw away their hardware because of this seem equally ridiculous.

    At some point, ANY for-profit company is going to stop supporting an old product, especially in a low-margin environment. The sheer rate of technological advancement almost necessitates that. Let's stop blaming Intel for what is effectively an industry-normal rate of support. Consider that 10 years ago:

    We were on the 2.4 Linux Kernel (no longer supported with updates)
    Intel Processors were running on LGA775 sockets (NewEgg sells only 2 compatible motherboards directly, both from ASRock. ASUS/Gigabyte/ETC all don't sell compatible motherboards anymore)
    We were running RHEL 2/3/4, all of which are no longer supported

    But I don't see anyone griping that these other entities are engaged in the practice of forced upgrades, leaving their trusted and loyal customers hanging in the face of growing security concerns. So maybe all the Intel bashing should either subside or should be expanded to the entire industry, but I think the latter is a bit naive. Security threats evolve, new ones are created, old ones forgotten or mitigated. If it were easy, there wouldn't be a dozen new packages to update my OS every day. Remember that Intel can't just push all updates to these older architectures by themselves either, some require BIOS updates and now you're expecting motherboard companies to update a product they haven't touched in a decade as well.

    • Re: (Score:2)

      by dmpot ( 1708950 )

      Consider that 10 years ago:

      We were on the 2.4 Linux Kernel (no longer supported with updates)

      Linux 2.6 was released in December 2003.

    • We were on the 2.4 Linux Kernel (no longer supported with updates)

      And the absurdity of that is if you did apply the microcode update, and did enable KPTI you would still get a net increase in speed simply by upgrading the kernel to something more modern.

    • you talk like an Intel shill, do you own stock?

      The flaws have existed for 2 decades.

      Intel's first reaction was to say the OS vendors would have to make software fixes for their garbage design.

      • Seems irrelevant, but yes, I do own Intel stock (it has more than doubled the performance of AMD's stock over 10 years, but again I fail the see the relevance of that to this conversation). I also own Intel processors and have owned processors from Apple (iPhone), Digital (DEC Alpha), AMD (Opteron), IBM (PowerPC), and I'm sure others I can't remember right now. And the funny thing is ... they all worked and probably would still today if all of the supporting hardware was still around. I'm also pretty sure t

  • How else is Intel going to get even richer? Users that run old hardware, simply because it is still good enough are a plague in Intel's profits! This is a perfectly fine opportunity to force them to upgrade and should not be missed.

    In completely unrelated news, I am currently planning to get a nice new Ryzen 2 system when they become available.

  • So that's just a few weeks from (an of course premature and ill-conceived) "oh, my server's CPU doesn't seem to be affected" (because in the beginning of the spectre/meltdown aftermath it wasn't even on Intel's official list) to "oh, my server's CPU not only is very much affected indeed, it won't even get the necessary microcode anymore". And no, that server is definitely not being used in a closed environment. And no, it is neither uncommon nor unreasonable to use ten-year-old servers for purposes which ne

  • In the first generation mobile Core i processors (i7-xxx and i5-xxx), the low end ones (i7-6xx, i5-4xx, i3-3xx) are fixed, but the higher end ones (i7-7xx, i7-8xx, i7-9xx) are being stopped. Same is true with the desktop processors.

    I suspect that's a matter of what's architecturally viable to fix as opposed to *ahem* marketing considerations. Perhaps the processor in question has more aggressive speculative execution baked into the hardware that's difficult (if possible at all) to mitigate.

  • Running a old Dell T5400 with the dual Harpertowns that I picked up used. No microcode patch to slow me down, no sir!

    Dual quad cores running at 3Ghz. That's like 24Ghz right?

  • These are the Core 2 and very first Core I series processors from 8 to 10 years ago.

    Hour long are they expected to keep updating microcode? Especially when apparently their customers that pretty for support don't want too bother with these old CPUs

    • 10 year old computers are useful for all mainstream serious activities: word processing, spreadsheets, email, browsing

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close