5 Questions About Intel's Hardware Fix For Spectre And Meltdown
Securing Intel's Chips
While Intel has been scrambling to provide software patches for the Spectre and Meltdown processor vulnerabilities -- with mixed results -- the company is acknowledging that it will ultimately take a hardware fix to fully solve the issue. On Thursday, Intel CEO Brian Krzanich (pictured) told analysts that the company is now "working to incorporate silicon-based changes to future products that will directly address the Spectre and Meltdown threats in hardware." The Spectre and Meltdown exploits were revealed at the beginning of January and affect chips from multiple vendors, including AMD and ARM. The flaws, which account for three variants of a side-channel analysis security issue in server and PC processors, could potentially enable hackers to access protected data. While Intel partners praised the comments by Krzanich Thursday, a number of questions remain unanswered. What follows are five key questions about Intel's planned hardware fix for the Spectre and Meltdown vulnerabilities.
When will the new chips appear?
Krzanich initially said during the quarterly earnings call Thursday that the new products "will begin appearing later this year" -- leaving the timing pretty vague. In an interview with CNBC Friday, Intel CFO Bob Swan got slightly more specific: "We expect to begin rolling out products in the latter part of this year that bakes the [vulnerability] solution into the hardware." Since we're not yet even out of January, that means it could be awhile before Intel's hardware fix is ready for prime time.
What products are planned?
Krzanich didn't offer any details -- even generally speaking -- on which processors will be receiving a silicon-based fix to address Spectre and Meltdown. He did say that Intel began shipping its first 10-nanometer chips during the fourth quarter of 2017, and said the company will be scaling up 10-nanometer production throughout the year. With 10-nanometer as the focus for Intel, the Spectre and Meltodwn hardware fixes are likely coming there first. However, Intel isn't abandoning 14-nanometer, with executives saying that new processors are in the works for 14-nanometer as well for this year -- raising the possibility of silicon fixes in that group too.
Will there be supply constraints?
Demand could be unprecedented for the new processors, with every IT vendor on the planet anxious to provide their own customers with products that are secured against Spectre and Meltdown. (Swan's prediction that the processors will be available "in the latter part of this year" may only raise the anxiety level.) A major question is whether Intel is in a position to meet the demand -- and if not, which customers might take precedence in receiving the limited supply. According to Intel's annual 10-K filing for 2016 (the 2017 filing isn't available yet), Intel's three largest customers are Dell (accounting for 15 percent of Intel's net revenue), Lenovo (13 percent) and HP Inc. (10 percent).
Will there be a financial impact on Intel?
Customer demand will almost certainly be strong for the new processors, but it's hard to imagine that the technical efforts will not cost a lot to pull off. Krzanich said during the quarterly earnings call that he's assigned "some of the very best minds at Intel" to work on the silicon-based fixes, and Swan later added that there will be "lots of time and energy" spent addressing the issue this year at the company. "I can't imagine what it is costing Intel to make this fix in silicon," said Michael Goldstein, CEO of Intel partner LAN Infotech, in a CRN interview Thursday. And yet, Krzanich also said he doesn't expect "any material impact" of the security exploit on Intel's financial results. "At the highest level, we're not seeing much of a change in [our] forecasts as a result of this," he said. Time will tell.
Will there be a reduction in performance?
Paired with the concerns about security from Spectre and Meltdown is a related issue: that removing the vulnerabilities can result in a hit to computing performance. This is because fixing the issue means putting limitations on something called "speculative execution" -- a feature that modern processors use to maximize performance, but that has turned out to be responsible for the Spectre and Meltdown vulnerabilities. Intel reports that it is working on ways to mitigate these performance impacts, but the question remains whether the next generation of Intel processors may actually end up being slower than the current generation.