This post is more than 5 years old
2 Posts
0
1607
Any bugs yet with Intel "Foreshadow" L1TF BIOS updates?
Dear Dell Community,
Intel recently released a security advisory bulletin (INTEL-SA-00161, 8/14/2018) regarding a new class of speculative execution side-channel bugs it discovered known as L1 Terminal Fault (L1TF), and has said that vendors will be releasing BIOS patches in the forthcoming weeks.
It appears that Dell is aware of this issue and has already released BIOS patches for a number of Optiplex machines:
(Reference: Microprocessor Side-Channel Vulnerabilities (CVE-2018-3639 and CVE-2018-3640): Impact on Dell PCs and Thin Client Products
Here is my concern. Last time Dell released BIOS updates for the original Spectre/Meltdown bugs in January 2018, Intel soon discovered a system reboot issue for Haswell and Broadwell-based systems, and re-released the BIOS patches a few weeks later (Source: Intel Security Issue Update: Addressing Reboot Issues)
My question is this - Has anyone experienced any bugs on their Dell desktop systems after installing these latest Foreshadow BIOS patches for August 2018? I have been advised to test BIOS updates on a small number of machines before deploying them around the workplace. Thanks.
speedstep
9 Legend
9 Legend
•
47K Posts
0
August 29th, 2018 08:00
I have not had bugs but there is a noticeable performance hit with the newer bios. Dubbed Foreshadow, alternatively called L1 Terminal Fault or L1TF, the new attacks include three new speculative execution side-channel vulnerabilities affecting Intel processors. Open-source champion Bruce Perens has called out Intel for adding a new restriction to its software license agreement along with its latest CPU security patches to prevent developers from publishing software benchmark results. The new clause appears to be a move by Intel to legally gag developers from revealing performance degradation caused by its mitigations for Spectre and Foreshadow or 'L1 Terminal Fault' (L1TF) flaw speculative attacks. Intel recently said these patches could cause computers using older Broadwell and Haswell processors to reboot more often than normal. Intel has also said they will NOT update older chips with Spectre vulnerabilities. The latest microcode revisions are “stopped” for CPUs based on the Penryn (2007), Yorkfield (2007), Wolfdale (2007), Bloomfield (2008), Clarksfield (2009), Jasper Forest (2010), and Atom “SoFIA” (2015).
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
BIOS updates are available for some Dell desktop, notebook, and server products.
Foreshadow (PDF) targets a new technology originally designed to protect select code and users' data from disclosure or modification, even if the entire system falls under attack:
The new attack against SGX enclaves, which is resilient to Meltdown and Spectre attacks, may allow an unauthorized attacker to steal information residing in the L1 data cache—a protected portion of a chip's core memory that holds things like passwords and encryption keys—via side-channel analysis.