Intel details side-channel attack hardware-based mitigation in Cascade Lake

Over at last week's Hot Chips conference, Intel revealed technical details about the hardware-based mitigation for side-channel attacks in the new Cascade Lake architecture. At the moment, Spectre and Meltdown are mitigated via software-based techniques, but the downside of these remedies is a loss of performance that can be 3-10 percent, depending on the workload.

The hardware-based mitigations will not be entirely without a performance impact, but Intel says this is more like an apples-to-orange comparison due to the new platform, and likes to point out that the fixes will "put performance back on track".

Interestingly, not all side-channel attacks will get hardware-based mitigation with Cascade Lake. The hardware fixes apply only to Variants 2, 3, and 5. Variant 1 will still need operating system level mitigation, variant 3a has firmware mitigation, and variant 4 requires a firmware plus operating system fix.

So while the new processors have fixes in place, not all of them will be hardware fixes. The firmware fixes might as well be hardware, given that the system will launch with these by default, but the OS fixes will have to be pushed before platforms are released. The non-hardware fixes have the potential for performance regression, however as stated above, the platform as a whole should be at a higher performance level than Skylake.

Full details at AnandTech. Besides the fixes for the CPU vulnerabilities, Intel also talked about new machine learning instructions that use AVX-512, the new Optane DIMMs, and Apache Pass.