![]() ![]() According to the 8th and 9th Generation Intel Core Processor Families Datasheet, Volume 1 of 2, Intel made eleven significant security enhancements to existing technologies, in addition to providing hardware fixes for Spectre and Meltdown. Intel also made significant security enhancements to the 8 th generation of Core processors. The chips that introduced those fixes were the 8 th Generation Core family, according to his post. While Variant 1 could be addressed via software fixes, Variants 2 and 3 required redesigning of the processor at the hardware level. This article specifically discussed Project Zero’s research and the three variants. This was further reinforced by a blog posting from former Intel CEO, Brian Krzanich, on March 15, 2018, Advancing Security at the Silicon Level. Anders Fogh’s article, Negative Result: Reading Kernel Memory From User Mode, discusses how this is possible and is directly referenced by in the Google article. Variant 3 abuses the speculative execution features of Intel processors to read kernel memory from unprivileged processes. That means that even highly protected information on a machine can be read. Variant 2 allows host kernel memory to be read at a rate of 1500 bytes a second, even from different security contexts. Variant 1 is a bounds check bypass, meaning that they were able to demonstrate arbitrarily reading memory from a 4GiB memory range. These are hardware issues in the CPUs themselves that have inherent security flaws. They were able to do this on AMD, ARM, and Intel processors. This disclosed how the Google Project Zero team was able to abuse CPU data cache timing to bypass security boundaries to leak information. On January 3, 2018, Jann Horn, from Google Project Zero, published the blog post Reading privileged memory with a side channel. Google Project Zero, Meltdown, and Spectre Our goals today are to give concrete reasons why Microsoft would choose to make this decision given past security events, demonstrate that it is not arbitrary, and give the people responsible for their architectures the tools they need to make decisions that will protect their customers’ information. Afterward, we’ll discuss what organizations can do to mitigate the effect of Windows 11 in their environment using newer technologies. For AMD, we’ll look at the CTS Labs vulnerabilities discovered in the first Ryzen 1000 series chips and their Spectre changes. In the case of Intel, and in some cases AMD, we’ll discuss the significant security changes made for both virtualization and Spectre/Meltdown. The purpose of today’s article is to explain what changes Intel and Advanced Micro Devices (AMD) made between their 7 th and 8 th generation Intel Core, and AMD Zen/Zen+ and Zen 2 processors. It also allows them to implement many of the security enhancements both Intel and AMD have made without breaking legacy environments. Moving the version number to 11 allows Microsoft to make a break from hardware that does not have mitigations for critical security vulnerabilities. This would have been a very bad business decision to do this while an operating system was current. Microsoft was not able to address the changes needed to implement the needed security changes without breaking backward compatibility. These discoveries came about during the release cycle of Windows 10. What is clear now, after doing some research, is that between the 7 th and 8 th generation of Intel Core architectures and Ryzen Zen/Zen+ and Zen 2 architectures is that both included significant hardware security enhancements due to Meltdown, Spectre, and other issues discovered by security researchers. These are machines that were released in late 2018 (Intel) and mid-2019 (AMD). The baseline CPU support for Windows 11 is an 8th generation Intel Core or AMD Zen 2 processor. Microsoft has not been very clear either. There has been outcry over the requirements, mainly focusing on Trusted Platform Management. These changes shut out a significant number of machines already in use from receiving this update. Since Microsoft has announced the new version of Windows, Windows 11, which has more onerous CPU requirements than its predecessors, there has been significant outcry.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |