AMD Will Release CPU Microcode Updates for Spectre Flaw This Week

Intel took a beating this month as reports of critical vulnerabilities in the operation of its processors going back two decades caused its stock price to go in a nosedive, and led to a massive erosion of confidence in the company's processors. For one of the variants of Spectre, which Google says proved to be a lot more problematic, its engineers came up with a technique called "Reptoline", which modifies programs to ensure that execution can not be influenced by an attacker. According to Google, the patch has a "negligible" impact on performance, especially compared to the Microsoft and Intel patches, which have been confirmed to slow down some systems.

Microsoft has quietly updated the support page with new information stating that the Meltdown and Spectre patch is once again available for some affected devices.

Not only did we see considerable slowdowns for many applications, we also noticed inconsistent performance, since the speed of one application could be impacted by the behavior of other applications running on the same core. While that would fix the issue, it would also require disabling "performance-boosting CPU features" that are at the core of Google's cloud services.

Then Google made a decision to attempt a "moonshot" solution, trying to find a way to solve the problems presented by Variant 2 without patching hardware.

"Retpoline sequences are a software construct which allows indirect branches to be isolated from speculative execution". In the letter, Krzanich expresses his thanks to other companies and groups involved in the detection, disclosure, and mitigation of the flaws, and explicitly names Google's Project Zero team.

"We believe that Retpoline-based protection is the best-performing solution for Variant 2 on current hardware", reads another excerpt. Retpoline fully protects against Variant 2 without impacting customer performance on all our platforms.

  • Latoya Cobb