Hardware-based Protection Coming to Data Center and PC Products Later this Year: Intel CEO

Editor: Helan　　 Update Time :2018/03/16 16:24

Intel CEO Brian Krzanich penned (or signed) a blog post today where we went on to describe all of the steps his company took after knowing of the disclosed vulnerabilities by Google Project Zero (which gave Intel more than 24H notice). In the blog post, he acknowledges there's still much work to be done, but assures customers of security's importance to Intel. For one, 73 days after the vulnerabilities were made public, Intel is now done with software mitigations: all of Intel's last five years worth of CPUs now have in production patches.

The CEO also vowed that hardware solutions will be deployed on newly produced Intel processors by the end of 2018 - these will hit the company's next iteration of Xeon scalable processors (Cascade Lake) and will be deployed to 8th Gen Coffee Lake processors as soon as the second half of this year. The blog post follows.

In addressing the vulnerabilities reported by Google Project Zero earlier this year, Intel and the technology industry have faced a significant challenge. Thousands of people across the industry have worked tirelessly to make sure we delivered on our collective priority: protecting customers and their data. I am humbled and thankful for the commitment and effort shown by so many people around the globe. And, I am reassured that when the need is great, companies - and even competitors - will work together to address that need.

But there is still work to do. The security landscape is constantly evolving and we know that there will always be new threats. This was the impetus for the Security-First Pledge I penned in January. Intel has a long history of focusing on security, and now, more than ever, we are committed to the principles I outlined in that pledge: customer-first urgency, transparent and timely communications, and ongoing security assurance.

Today, I want to provide several updates that show continued progress to fulfill that pledge. First, we have now released microcode updates for 100 percent of Intel products launched in the past five years that require protection against the side-channel method vulnerabilities discovered by Google. As part of this, I want to recognize and express my appreciation to all of the industry partners who worked closely with us to develop and test these updates, and make sure they were ready for production.

With these updates now available, I encourage everyone to make sure they are always keeping their systems up-to-date. It's one of the easiest ways to stay protected. I also want to take the opportunity to share more details of what we are doing at the hardware level to protect against these vulnerabilities in the future. This was something I committed to during our most recent earnings call.

While Variant 1 will continue to be addressed via software mitigations, we are making changes to our hardware design to further address the other two. We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3. Think of this partitioning as additional "protective walls" between applications and user privilege levels to create an obstacle for bad actors.

These changes will begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake) as well as 8th Generation Intel Core processors expected to ship in the second half of 2018. As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical. Our goal is to offer not only the best performance, but also the best secure performance.

But again, our work is not done. This is not a singular event; it is a long-term commitment. One that we take very seriously. Customer-first urgency, transparent and timely communications, and ongoing security assurance. This is our pledge and it's what you can count on from me, and from all of Intel.