Mitigations: There are two ways to deploy CPU microcode updates. One is through UEFI during early boot stages, where the CPU will load the latest microcode version stored in the UEFI, or by the operating system bootloader later in the booting process, though this is a temporary patch that needs to be constantly reapplied.For Spectre v2 there is also a software-based mitigation proposed by Google called retpoline that replaces indirect jumps and calls in code with returns because returns are not predicted as indirect branches. The ETH Zurich researchers have developed a similar software-based mitigation for their new BPI attack that combines retpoline with the disabling of alternate return target prediction in supervisor mode.”For preventing harmful indirect branch prediction, we propose deactivating all indirect branch predictions in supervisor mode,” the researchers wrote in their paper. “While only supported on newer processors, this approach results in a lower overhead of up to 1.7 % in UnixBench and 6.4 % in lmbench.”Meanwhile the microcode patch developed by Intel introduces a performance degradation of up to 2.7% on Alder Lake family CPUs when the researchers tested it. Since these attacks exploit a performance enhancing feature of the CPU, branch prediction and speculative execution, it is expected that any mitigation would have an impact on the CPU’s baseline performance. Measuring this impact is important, especially for servers and datacenter workloads.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3984497/researchers-bypass-intels-spectre-fixes-six-years-of-cpus-at-risk.html
