Resources and Response to Side Channel L1 Terminal Fault

Overview

On August 14, 2018, Intel and industry partners shared more details and mitigation information about a recently identified speculative execution side-channel method called L1 Terminal Fault (L1TF).

L1TF is a speculative execution side channel cache timing vulnerability. In this regard, it is similar to previously reported variants. There are three varieties of L1TF that have been identified. Each variety of L1TF could potentially allow unauthorized disclosure of information residing in the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next.

The microcode updates released earlier this year when coupled with operating system and hypervisor software available from our industry partners, ensure consumers, IT professionals and cloud service providers have access to the protections they need. Intel recommends people keep their systems up to date to protect against the evolving threat landscape.

For the latest Intel security news, please visit security newsroom.

For all others, visit the Intel Security Center for the latest security information.

L1TF is a highly sophisticated attack method, and today, Intel is not aware of any reported real-world exploits.

Protecting your Systems

Once systems are updated, the expected risk to consumer and enterprise users running non-virtualized operating systems will be low. This includes most of the data center installed base and the vast majority of PC clients. In these cases, there has been no meaningful performance impact observed as a result of mitigations applied. For a portion of the market – specifically a subset of those running traditional virtualization technology, and primarily in the data center – it may be advisable that customers or partners take additional steps to protect their systems.

This is principally to safeguard against situations where the IT admin or cloud provider cannot guarantee that all virtualized operating systems are protected. Deciding to take additional steps depends on the system software in use, the workload, and the customer’s assessment of the security threat model for their environment. 

Depending on the additional steps taken, performance or resource utilization on select workloads may be affected and vary accordingly. The following charts show the observed performance of numerous PC client and Data center configurations. See the charts below for details.

No Meaningful Performance Impact for the Majority of PC Clients

With non-virtualized operating systems.

No Meaningful Performance Impact on Many Data Center Workloads

For non-virtualized environments or where it can be guaranteed that all virtualized guest operating systems are trusted.

Performance Impacts on Some Data Center Workloads

For a specific subset of environments where it cannot be guaranteed that all virtualized guest operating systems are trusted.

Minimal Performance Impact from Enabling Windows Server 2016 Core Scheduler

For a specific subset of environments where it cannot be guaranteed that all virtualized guest operating systems are trusted.

Windows Client Configuration

  • Processor: Intel® Core™ i7-8700K Processor 95WTDP, 6C12T, Turbo up to 4.2GHz
    • Memory: 16GB DDR4-2667 2Rx8 Dual
    • Storage: Intel® 760p 512GB SSD NVMe* 
    • Display Resolution: 1920x1080
    • OS: Windows* 10 Build RS4 17663. Power policy set to AC/High Perf for all performance benchmarks except SYSmark* 2014 which is measured in AC/BAPCo* mode
    • Graphics: Intel® HD Graphics 630 300MHz/1200MHz
  • Date Tested: August 4, 2018
  • Tested By: Intel Corporation. Note: All the Client measurements used the same CFL-S desktop SKUs. For L1TF impact, changed only microcode and OS for various configurations
  • SPEC benchmark results based on Intel internal measurements; ratios provided as research usage

Server Configuration - RedHat Enterprise Linux* 7.4

  • Processor: Intel® Xeon® Platinum 8180 Processor (SKX), 2.5GHz, 28C, 205W TDP
  • Memory: 384GB DDR4-2666 (12x32GB, 1DIMM Per Channel)
  •  Storage: OS: 800GB Intel® S3700 Series SATA SSD; VHD: 4x 2TB Intel® p3700 Series SATA SSD
  • BIOS: Energy Perf BIAS set to Performance HT Enabled/Disabled as specified per measurement
    • PRE - SE5C620.86B.00.01.0009.101920170742 (ucode 0x43)
    • POST - SE5C620.86B.00.01.0009.101920170742 (ucode 0x4d)
  • OS: Redhat 7.4
    • Kernel Pre: 3.10.0-693.11.6.el7.x86_64
    • Kernel Post: 3.10.0-862.9.4.el7.x86_64
  • Date Tested: August 4, 2018
  • Tested By: Intel Corporation
  • SPEC benchmark results based on Intel internal measurements; ratios provided as research usage

Server Configuration – Windows Server* 2016

  • Windows Server* 2016 (SPECcpu2006)
  • Processor: Intel® Xeon® Platinum 8170 (SKX), 2.1GHz, 26C, 165W TDP
    • Memory: 192GB DDR4-2400 (6x32GB, 1DIMM Per Channel)
    • Storage: OS: 800GB Intel® S3700 Series SATA SSD; VHD: 6x 1.92TB Intel® S4600 Series SATA SSD
  • BIOS: Energy Perf BIAS set to Performance and I/O Sensitive. VMX Enabled. HT Enabled
    • SE5C620.86B.00.01.0012.021320180053, 2/13/2018 (ucode 0x43)
    • SE5C620.86B.00.01.0014.070920180847, 7/9/2018 (ucode (0x4D)
  • OS: Windows Server* 2016 with KB4343887 preview, including mitigation support for V1,v2,v3,v3a,v4 (default disabled), L1TF, Power policy set to High Performance, Hyper-V Enabled
  • Virtual Machine: 52 vCPU, 170GB Memory, 512GB VHDX storage.
  • Date Tested: August 7, 2018
  • Tested By: Intel Corporation
  • SPEC benchmark results based on Intel internal measurements; ratios provided as research usage

Windows Server 2016 (Web Server Workload)

  • Processor: 2x Intel® Xeon® Platinum 8170 (SKX), 2.1GHz, 26C, 165W TDP

    • Memory: 384GB DDR4-2400 (12x32GB, 1DIMM Per Channel)
    • Storage: OS: 800GB Intel® S3700 Series SATA SSD; VHD: 6x 1.92TB Intel® S4600 Series SATA SSD
  • BIOS: Energy Perf BIAS set to Performance and I/O Sensitive. VMX Enabled. HTEnabled
    • SE5C620.86B.00.01.0012.021320180053, 2/13/2018 (ucode 0x43)
    • SE5C620.86B.00.01.0014.070920180847, 7/9/2018 (ucode (0x4D)
  • OS: Windows Server* 2016 with KB4343887 preview, including mitigation support for V1,v2,v3,v3a,v4 (default disabled), L1TF, Power policy set to High Performance, Hyper-V Enabled.
  • Virtual Machines (26 VMs): 4vCPU, 7GB Memory, 40GB VHDX OS storage, 40GB VHDX content storage
  • Date Tested: August 8, 2018
  • Tested By: Intel Corporation

 

Notices & Disclaimers

  • Intel provides these materials as-is, with no express or implied warranties.
  • All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.
  • Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.
  • Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.au.
  • Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance. 
  • Benchmark results were obtained prior to implementation of recent software patches and firmware updates intended to address exploits referred to as "Spectre" and "Meltdown." Implementation of these updates may make these results inapplicable to your device or system.
  • Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors.
  • Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information about performance and benchmark results, visit http://www.intel.com.au/benchmarks.
  • Intel is a sponsor and member of the BenchmarkXPRT Development Community, and was the major developer of the XPRT family of benchmarks. Principled Technologies is the publisher of the XPRT family of benchmarks. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases.
  • Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit www.intel.com.au/benchmarks.
  •  Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at http://www.intel.com.au.
  • Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.
  • *Other names and brands may be claimed as the property of others.
  • Copyright © Intel Corporation 2018.

Resources

System manufacturers, operating system vendors, and others not listed here may have published information regarding this situation. You should check for updates or advisories from your system manufacturer or operating system vendor. This list is not comprehensive.

Intel Customer Support

Frequently Asked Questions

L1 Terminal Fault (L1TF) is a recently identified speculative execution side channel cache timing vulnerability, similar to previously reported variants. There are three varieties of L1TF that have been identified that could potentially allow unauthorized disclosure of information residing in the L1 data cache, a small pool of memory within each processor core. The three varieties include:

·         L1 Terminal Fault – SGX (aka “Foreshadow”) - may allow unauthorized disclosure of information residing in the L1 data cache from an Intel® SGX Enclave

·         L1 Terminal Fault – OS/ SMM - may allow unauthorized disclosure of information residing in the L1 data cache from the Operating System (OS) or System Management Mode (SMM)

·         L1 Terminal Fault – VMM - may allow unauthorized disclosure of information residing in the L1 data cache from a virtualized guest in Virtual Machine Monitor (VMM)

L1TF is a highly sophisticated attack method, and today Intel is not aware of any reported real-world usage of the new security issues. The best thing for people to do is to keep their systems up to date.

The microcode updates released earlier this year, when coupled with corresponding updates to operating system and hypervisor software available today from our industry partners, provide the vast majority of the Data center and PC Client installed base with the protections they need. Once systems are updated, the risk to most consumers and enterprise users is expected to be low. This includes most of the data center installed base and the vast majority of PC clients.

While these additional actions might be applicable to a relatively small portion of the market, we think it’s important to provide solutions for all our customers now, with future improvements available over time.

Yes. The microcode updates released earlier this year when coupled with operating system and hypervisor software updates available now from our industry partners, ensure consumers, IT professionals and cloud service providers have access to the protections they need.

For in-depth information, visit our Software Security website at software.intel.com/side-channel.

No. Today, Intel is not aware of any reported real-world usage of the new security issues.

Yes. L1TF vulnerabilities are addressed by the same changes in hardware that also mitigate GPZ Variant 3.

Intel has developed a method to detect L1TF-based exploits during system operation, applying mitigation only when necessary. Intel has provided pre-release microcode with this capability to some of our partners for evaluation, and hope to expand this offering over time.

L1TF-SGX was presented to Intel and other companies in January 2018. Further research by our security team identified two related varieties of L1TF with the potential to impact other microprocessors, operating systems and virtualization software. We and other companies worked together to develop and validate firmware, operating system and virtualization software updates for impacted technologies, and make them widely available as quickly as possible. Intel – and nearly the entire technology industry – follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed. (See CERT Guide to Coordinated Vulnerability Disclosure.) Intel is committed to coordinated disclosure as the industry standard.

No. The Microcode updates (MCUs) we released earlier this year are an important component of the mitigation strategy for all three varieties of L1TF. When coupled with corresponding updates to operating system and hypervisor software released by our industry partners and the open source community starting today, these updates help ensure consumers, IT professionals, and cloud service providers have access to the protections they need.

For a portion of the market – specifically a subset of those running traditional virtualization technology, and primarily in the datacenter – it may be advisable that customers or partners take additional steps to protect their systems. These additional steps will depend on the system software in use, the workload, and the customer’s assessment of the security threat model for their environment. In many of those cases, Intel Hyper-Threading will NOT need to be turned off in order to provide full mitigation. Consult with your hypervisor vendor for more guidance.

Coordinated disclosure (also referred to as “responsible disclosure”) is widely regarded as the best way to responsibly protect customers from security vulnerabilities. Coordinated disclosure is based on two foundational concepts: (1) when companies become aware of security vulnerabilities, they work as quickly, collaboratively, and effectively as possible to mitigate those vulnerabilities, and (2) the companies simultaneously take steps to minimize the risk that exploitable information becomes available before mitigations are available – through leaks or otherwise – to those who would use it for malicious purposes. 

These principles are perhaps best expressed by the Computer Emergency Response Team (CERT) at Carnegie Mellon’s Software Engineering Institute: 

“The public and especially users of vulnerable products deserve to be informed about issues with those products and how the vendor handles those issues. At the same time, disclosing such information without review and mitigation only opens the public up to exploitation. The ideal scenario occurs when everyone coordinates and cooperates to protect the public.” 

More information on coordinated disclosure and its importance can be found in the Guide to Coordinated Vulnerability Disclosure.”

Impacted Intel Platforms

Please check with your system vendor or equipment manufacturer (see links above) for more information regarding your system.