Intel has claimed its future processors – shipping as early as the second half of this year – will be free of the security design flaws it totally told you not to fret about.

Over the past couple of months, it has been incredible watching Chipzilla revise its position, in public and behind the scenes, over and over again.

In public statements and private briefings to reporters and analysts, it has shifted from claiming these bugs are overblown and not a problem, to admitting they are a problem but are easy to mitigate, to confessing they are not so easy to mitigate but at least there are no ill effects, to conceding there are some ill effects but it’s nothing to worry about, to finally confirming: the issues are so embarrassing, we’ve redesigned our processors to address the design blunders.

Today we’re told Intel’s upcoming desktop and server processors won’t be vulnerable to Meltdown and one of the two Spectre variants. Specifically, Meltdown and Spectre Variant 2 will be fixed in hardware, whereas Spectre Variant 1 will be fixed in software. Meltdown allows a software nasty to access kernel and thus other applications’ memory. Spectre Variant 2 can be exploited by malware to read kernel memory, and Spectre Variant 1 allows evil code to snoop on application memory – typically, JavaScript in one browser tab spying on another tab. Variant 1 can be fixed by patching programs to thwart Spectre-based attacks.

Chipzilla has, we’re told, redesigned its processor architecture to introduce “partitioning” to prevent malware from exploiting the data-leaking vulnerabilities to steal passwords and other sensitive information from applications, hypervisors, and operating systems.

Assuming the fixes work. Intel has cocked that up recently in its microcode workarounds for Spectre.

“These changes will begin with Intel’s next generation Xeon Scalable processors, as well as 8th Generation Intel Core processors expected to ship in the second half of 2018,” Intel said on Thursday.

In other words: patch your systems, or buy new chips to avoid that faff. There’s no word yet on whether or not the tweaks to the chip circuitry will affect performance, nor the technical details of the changes. Each chip generation introduces a modest speed-up over the previous generation: the upcoming chips may not offer much of a performance increase this time around due to these necessary redesigns.

“Think of this partitioning as additional ‘protective walls’ between applications and user privilege levels to create an obstacle for bad actors,” Intel chief exec Brian Krzanich said earlier today.

Krzanich added that Intel has now released microcode updates for all of its products launched in the past five years that require Spectre and Meltdown workarounds. These should be available from operating system and motherboard makers.

Infosec expert Professor Alan Woodward, of the University of Surrey in England, commented: “It looks as though Intel accept that whilst they can fix variant one with software updates, the other two remain a threat. They’re going to have to change their architecture but it’s a bit light in detail.

“They talk of partitioning, which is good as the whole problem was being able to access data to which your app was not supposed to have access. However, what’s not clear is quite how this will work and if it will completely defeat this type side channel attack.”

Prof Woodward added that it will be interesting to see what this hardware approach does to execution speed. CPU performance was impaired by earlier software patches, some of which proved problematic to apply.

“The unsaid part is of course that existing hardware will continue to have some vulnerability. Some of this might be mitigated but it’s not going to be removed,” he concluded. ®

Sponsored: Minds Mastering Machines – Call for papers now open