April 4, 2018 // 11:31 a.m.
Intel has officially announced that it will not be releasing microcode updates to protect against the Spectre speculative execution vulnerability in its older processor families, including the three-year-old SoFIA Atom platform.
Publicly announced earlier this year, Spectre is a family of security vulnerabilities taking advantage of baked-in-hardware speculative execution capabilities in most modern processors to access memory locations which should otherwise be off limits. It's also been a cause of quite some headaches for Intel, between chief executive Brian Krzanich being investigated for dumping the maximum amount of stock permissible by law after Intel was notified of the issue but before it went public to faulty patches causing such instability the company told people to remain vulnerable instead.
While fixed patches have now been released for most of Intel's modern processors, and the first chips with fixes for the majority - but not all - of the vulnerabilities scheduled for release later this year, Intel has some bad news for those still running older hardware: It has abandoned plans to release microcode updates for anything but its most recent processor families.
In an announcement first spotted by Tom's Hardware, Intel confirmed that it had stopped development on Spectre-related microcode updates for its SoFIA Atom, Kasper Forest, Clarksfield, Bloomfield, Wolfdale, Yorkfield, and Penryn processor families, which had currently be marked as in-development. The majority of these chip families date from 2007 through to 2010, while the SoFIA Atom is the outlier having been released only three years ago in 2015. All had been on the roadmap as due to receive patches against the Spectre vulnerabilities prior to the roadmap update this week.
In explanation for their abandonment, Intel cited limited commercial system support - meaning that even if the company itself developed microcode updates, vendors are unlikely to integrate them into firmware updates and release them to their users - and the fact that most 2007-2010-era hardware still in active use is used in 'closed systems' such as industrial and embedded environments with a significantly reduced attack surface.
The company's final excuse, though, gets to the heart of the matter: Patching against Spectre is really, really difficult. Having crashed systems globally with its faulty patch for modern hardware, Intel has decided not to take the risk for its older stuff and has blamed 'micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2'.
Intel rival AMD, meanwhile, has yet to release any microcode updates for Spectre whatsoever, relying instead on third-party protections such as the use of a return-trampoline (retpoline) aware compiler for kernel compilation.