Hardware news this past week has only partially slowed, with an uptick in security notices responsible for most of the coverage we've found interesting. Researchers at Eclypsium have identified vulnerabilities in more than 40 drivers from 20 different vendors, something we'll talk about in today's coverage. We also talk about Ryzen 3000 binning statistics posted by Silicon Lottery, the CPU binning company.
Show notes continue after the embedded video.
This hardware news update looks into our original CTS Labs story, adding to the research by attempting to communicate with CTS Labs via their PR firm, Bevel PR. We also talk about leaked specifications for the R5 2600X, accidentally posted early to Amazon, and some other leaks on ASUS ROG X470 motherboards.
Minor news items include the loss of power at a Samsung plant, killing 60,000 wafers in the process, and nVidia’s real-time ray-tracing (RTX) demo from GDC.
Show notes below the video.
Here’s a histrionic quote for you: “AMD must cease the sale of Ryzen and EPYC chips in the interest of public safety.”
That’s a real quote from Viceroy Research’s deranged, apoplectic report on CTS Labs’ security allegations against AMD’s Ryzen architecture. The big story today seemed to mirror Meltdown, except for AMD: CTS Labs, a research company supposedly started in 2017, has launched a report declaring glaring security flaws for AMD’s processors. By and large, the biggest flaw revolves around the user installing bad microcode.
There are roots in legitimacy here, but as we dug deep into the origins of the companies involved in this new hit piece on AMD, we found peculiar financial connections that make us question the motive behind the reportage.
The goal here is to research whether the hysterical whitepapers -- hysterical as in “crazy,” not “funny” -- have any weight to them, and where these previously unknown companies come from.
Intel has released its own internal testing of architectures dated from Skylake to Coffee Lake, using Windows 10 and Windows 7, in A/B testing between the Meltdown kernel patch. We’ve done some of our own testing (but need to do more), but not with the applications Intel has tested. As usual, exercise grain-of-salt-mining for first-party numbers, but it’s a starting point.
Intel claims that it’s found its CPUs largely retain 95-100% of their original performance (from pre-patch, with some worst-case scenarios showing 79% of original performance – Skylake in SYSMark 2014 SE Responsiveness, namely. On average, it would appear that Intel is retaining roughly 96% of its performance, based on its own internal, first-party data.
Here’s the full chart from the company:
This content piece was highly requested by the audience, although there is presently limited point to its findings. Following the confluence of the Meltdown and Spectre exploits last week, Microsoft pushed a Windows security software update that sought to fill some of the security gaps, something which has been speculated as causing a performance dip between 5% and 30%. As of now, today, Intel has not yet released its microcode update, which means that it is largely folly to undertake the benchmarks we’re undertaking in this content piece – that said, there is merit to it, but the task must be looked at from the right perspective.
From the perspective of advancing knowledge and building a baseline for the next round of tests – those which will, unlike today’s, factor-in microcode patches – we must eventually run the tests being run today. This will give us a baseline for performance, and will grant us two critical opportunities: (1) We may benchmark baseline, per-Windows-patch performance, and (2) we can benchmark post-patch performance, pre-microcode. Both will allow us to see the isolated impact from Intel’s firmware update versus Microsoft’s software update. This is important, and alone makes the endeavor worthwhile – particularly because our CPU suite is automated, anyway, so no big time loss, despite CES looming.
Speaking of, we only had time to run one CPU through the suite, and only with a few games, as, again, CES is looming. This is enough for now, though, and should sate some demand and interest.
There’s been a lot of talk of an “Intel bug” lately, to which we paid close attention upon the explosion of our Twitter, email, and YouTube accounts. The “bug” that has been discussed most commonly refers to a new attack vector that can break the bounding boxes of virtual environments, including virtual machines and virtual memory, that has been named “Meltdown.” This attack is known primarily to affect Intel at this time, with indeterminate effect on AMD and ARM. Another attack, “Spectre,” attacks through side channels in speculative execution and branch prediction, and is capable of fetching sensitive user information that is stored in physical memory. Both attacks are severe, and between the two of them, nearly every CPU on the market is affected in at least some capacity. The severity of the impact remains to be seen, and will be largely unveiled upon embargo lift, January 9th, at which time the companies will all be discussing solutions and shortcomings.
For this content piece, we’re focusing on coverage from a strict journalism and reporting perspective, as security and low-level processor exploits are far outside of our area of expertise. That said, a lot of you wanted to know our opinions or thoughts on the matter, so we decided to compile a report of research from around the web. Note that we are not providing opinion here, just facts, as we are not knowledgeable enough in the subject matter to hold strong opinions (well, outside of “this is bad”).
MSI has updated BIOS versions for their Intel 100, 200, and 300 series motherboards. They’re the latest of several manufacturers, including Gigabyte a week ago, to address security vulnerabilities in Intel’s TXE (Trusted Execution Engine). Intel says they have “provided system and motherboard manufacturers with the necessary firmware and software updates,” so it’s now up to those manufacturers to implement them. An Intel tool that detects whether systems are vulnerable is available here, as well as a list of vendors that have already released updates.
Owners of affected MSI motherboards should visit and find their model. BIOS and other downloads can be found under the “service” tab for each board. Instructions are similar for most other manufacturers.
Intel has released a detection tool to determine whether the host system’s CPU is vulnerable to the security exploit defined in Intel’s Management Engine. The company launched a Management Engine “critical firmware update” (SA-00086, available here, alongside the tool) with a utility that checks 6th, 7th, and 8th Generation Core series CPUs – everything dating back to Skylake, basically – for vulnerabilities exposed through the integrated MINIX operating system. Intel’s version of the Minix OS, originally built for educational purposes by Andrew Tanenbaum, operates on Ring level -3 (negative, as in: you have no access) on the CPU, with the vulnerability present on all Skylake, Kaby Lake, and Coffee Lake PCHs.
Intel’s firmware update addresses the following CPU families, and should be installed immediately:
Cloudflare has disclosed a bug within their code that has resulted in a massive memory leak, dumping user data into the wild. For those unaware, Cloudflare is an internet proxy and web performance service aimed at protecting websites and associated user data from malicious activity—making a security disaster like this acutely ironic.
AMD's Gaming Evolved software application – a partnership with Raptr – has been compromised in a security exploit and is encouraging users to change passwords. The utility is used for game video capture (similar to ShadowPlay, but web-enabled), but also enables easier drive management and game-hardware integration (settings optimization for video cards, similar to GeForce Experience).
We moderate comments on a ~24~48 hour cycle. There will be some delay after submitting a comment.