The microcode update for the Intel “Security Advisory” Intel-SA-00464 (CVE-2020-24512) from June 8, 2021 is meanwhile automatically imported from Ubuntu 20.04. The software performance expert Travis Downs notes that the microcode update has a significant braking effect on certain memory accesses. He measured this with Intel processors of the Skylake (Core i-6000 from 2015) and Ice Lake (Core i-10000 from 2020) generations.
However, since it is only about a very special function, Downs estimates the reduction in system performance as “on average tiny”. In addition, only the mentioned processor series are likely to be affected.
Questioning security patches
In this context, it is interesting that Travis Downs doubts that sealing all potential weak points in modern processors makes sense. In the specific case of the Intel SA-00464, a “timing side channel” is involved, ie a side channel attack that draws conclusions about the processed data from typical changes in the processing speed of the processor.
According to Downs, the microcode update switches off the “Hardware Zero Store” functionthat overwrites memory areas with zeros very quickly. However, Downs himself had found that this acceleration function is firstly only available with Skylake and Ice Lake processors and secondly (logically) leads to different execution speeds, depending on whether zeros are to be written or not.
However, this in turn allows rough conclusions to be drawn about the data that the processor is currently processing. Intel classified the behavior as a potential “timing” side channel that could be used for attacks, albeit with a “low” risk.
Not every side channel can be sealed
This is where Downs hooks: “Practically every function of a modern processor can show fluctuations in latency and performance depending on its internal (operating) state. […] I am not convinced that it makes sense to remove any optimizations that can be abused on timing side channels “.
Travis Downs came across the Hardware Zero Store function in May 2020when he was experimenting with micro-benchmarks to investigate the acceleration effect of certain code optimizations.
(queue)
