Here’s a histrionic quote for you: “AMD must cease the sale of Ryzen and EPYC chips in the interest of public safety.”
That’s a real quote from Viceroy Research’s deranged, apoplectic report on CTS Labs’ security allegations against AMD’s Ryzen architecture. The big story today seemed to mirror Meltdown, except for AMD: CTS Labs, a research company supposedly started in 2017, has launched a report declaring glaring security flaws for AMD’s processors. By and large, the biggest flaw revolves around the user installing bad microcode.
There are roots in legitimacy here, but as we dug deep into the origins of the companies involved in this new hit piece on AMD, we found peculiar financial connections that make us question the motive behind the reportage.
The goal here is to research whether the hysterical whitepapers -- hysterical as in “crazy,” not “funny” -- have any weight to them, and where these previously unknown companies come from.
This hardware news round-up covers the past week in PC hardware, including information on AMD's Ryzen+Vega amalgam, CPU "shortage" sensationalism, Newegg commission changes, and more. As usual, our HW News series is written as a video, but we publish show notes alongside the video. We'll leave those below the embed.
The big news for the week was AMD's 2400G & 2200G APUs, which are due out on Monday of next week. The higher-end APU will be priced around $170, and will primarily compete with low-end CPU+GPU combinations (e.g. GT 1030 and low-end R3). Of course, the APUs also carve an interesting niche in a market with limited dGPU supply. Strategically, this is a good launch window for AMD APUs.
It’s been nearly a month since news broke on Meltdown and Spectre, but the tech industry is still swarming like an upturned anthill as patches have been tumultuous, hurting performance, causing reboots, and then getting halted and replaced, while major manufacturers try to downplay the problem. Yes, that sentence was almost entirely about Intel, but they aren’t the only ones affected. We now return to the scene of the crime, looking at the Meltdown and Spectre exploits with the assistance of several research teams behind the discovery of these attacks.
To summarize the summary of our previous article: Meltdown is generally agreed to be more severe, but limited to Intel, while Spectre has to do with a fundamental aspect of CPUs made in the past 20 years. They involve an important technique used by modern CPUs to increase efficiency, called “speculative execution,” which is allows a CPU to preemptively queue-up tasks it speculates will next occur. Sometimes, these cycles are wasted, as the actions never occur as predicted; however, most of the time, speculating on incoming jobs will greatly improve efficiency of the processor by preemptively computing the inbound instructions. That’s not the focus of this article, but this Medium article provides a good intermediate-level explanation of the mechanics, as do the Spectre and Meltdown whitepapers themselves. For now, it’s important to know that although “speculative execution” is a buzzword being tossed around a lot, it isn’t in itself an exploit--the exploits just take advantage of it.
The most comprehensive hub of information on Meltdown and Spectre is the website hosted by Graz University of Technology in Austria, home of one of the research teams that discovered and reported them to Intel. That’s “one of” because there are no fewer than three other teams acknowledged by Graz that independently discovered and reported these vulnerabilities over the past few months. We’ve assembled a rough timeline of events, with the aid of WIRED’s research:
Intel has released its own internal testing of architectures dated from Skylake to Coffee Lake, using Windows 10 and Windows 7, in A/B testing between the Meltdown kernel patch. We’ve done some of our own testing (but need to do more), but not with the applications Intel has tested. As usual, exercise grain-of-salt-mining for first-party numbers, but it’s a starting point.
Intel claims that it’s found its CPUs largely retain 95-100% of their original performance (from pre-patch, with some worst-case scenarios showing 79% of original performance – Skylake in SYSMark 2014 SE Responsiveness, namely. On average, it would appear that Intel is retaining roughly 96% of its performance, based on its own internal, first-party data.
Here’s the full chart from the company:
This content piece was highly requested by the audience, although there is presently limited point to its findings. Following the confluence of the Meltdown and Spectre exploits last week, Microsoft pushed a Windows security software update that sought to fill some of the security gaps, something which has been speculated as causing a performance dip between 5% and 30%. As of now, today, Intel has not yet released its microcode update, which means that it is largely folly to undertake the benchmarks we’re undertaking in this content piece – that said, there is merit to it, but the task must be looked at from the right perspective.
From the perspective of advancing knowledge and building a baseline for the next round of tests – those which will, unlike today’s, factor-in microcode patches – we must eventually run the tests being run today. This will give us a baseline for performance, and will grant us two critical opportunities: (1) We may benchmark baseline, per-Windows-patch performance, and (2) we can benchmark post-patch performance, pre-microcode. Both will allow us to see the isolated impact from Intel’s firmware update versus Microsoft’s software update. This is important, and alone makes the endeavor worthwhile – particularly because our CPU suite is automated, anyway, so no big time loss, despite CES looming.
Speaking of, we only had time to run one CPU through the suite, and only with a few games, as, again, CES is looming. This is enough for now, though, and should sate some demand and interest.
We moderate comments on a ~24~48 hour cycle. There will be some delay after submitting a comment.