Friday, January 12th, 2018
AMD has kept a low profile throughout the Spectre and Meltdown vulnerability crisis. It has maintained that Meltdown poses near zero risk because of the architecture of its processors, while a Spectre exploit would also be highly unlikely. However, that is not keeping the company from issuing firmware updates for its Ryzen and EPYC chips this week.
“We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat,” AMD’s Senior Vice President and Chief Technology Officer Mark Papermaster said in a blog post on the official site in reference to Spectre.
While continuing to maintain that Meltdown (Variant 3) presents no threat, he did go into some detail about how AMD is handling Spectre (Variants 1 and 2). For Variant 1:
- We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.
- Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.
- Linux vendors are also rolling out patches across AMD products now.
For Variant 2, he said that the company still believes that the chip architecture employed by AMD will make Branch Target Injection difficult to exploit. But the company sees benefit in continuing to work alongside the industry:
- AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
- Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.
In response to queries about the vulnerabilities affecting Radeon GPUs, Papermaster said that the chip architecture does not use speculative execution, which is the basis for the processor vulnerabilities, so there is no impact at all.
Rival Intel has been taking most of the chip heat, given that its chips are almost exclusively vulnerable to Meltdown. It has started issuing firmware updates, and expects to have 90% of its processors produced in the last five years “immune” to both vulnerabilities by January 15. The remaining 10% should be updated by the end of the month. CEO Brian Krzanich promised more transparency going forward on Intel updates and needs fixes.