Intel CEO Brian Krzanich made the comments during the company's Q4 2017 earnings call yesterday, explaining that "silicon-based" fixes for Spectre and Meltdown would arrive by the end of 2018. This means that we will likely see later variants of 10nm Cannon Lake. as well as upcoming Ice Lake processors, that are already "inoculated" against both vulnerabilities.
Krzanich went on to add, "Security is a top priority for Intel, foundational to our products and it's critical to the success of our data-centric strategy. Our near-term focus is on delivering high quality mitigations to protect our customers infrastructure from these exploits.
"We're working to incorporate silicon-based changed to future products that will directly address the Spectre and Meltdown threats in hardware. And those products will begin appearing later this year."
Krzanich goes on to touch on a point that recent critic Linus Torvalds leveled at Intel. "I'm sure there is some lawyer there who says 'We'll have to go through motions to protect against a lawsuit.' But legal reasons do not make for good technology, or good patches that I should apply," said Torvalds earlier this week.
Krzanich acknowledged that possibility for legal action, adding that "These circumstances are highly dynamic and we updated our risk factors to reflect both the evolving nature of these specific threats and litigation as well as the security challenge more broadly."
We have the feeling that these hardware fixes will be most effective against Meltdown, which affects Intel and ARM processors (AMD processors are unaffected). Given the deep architectural changes that would need to be implemented to completely protect against both variants of Spectre, we don't know how effective Intel's mitigation techniques will be on that front.
There is also the question of how performance will be affected with these hardware fixes. We've already seen that BIOS/microcode updates and OS patches can have a profound effect on performance, but we'll have to "stay tuned" to see how an actual fix at the hardware level will affect performance (if there's any negative performance impact at all).
Finally, we'll add that while it's good that Intel is being proactive by ensuring that its future processors will be safe from exploits based around Spectre and Meltdown, where does that leave the tens of millions of customers that have vulnerable processors right now? As we noted, OS patches have resulted in significant performance hits on some systems. In addition, Intel's first round of BIOS updates have resulted in unexpected reboots for systems. Dell has already pulled its BIOS updates based on the Intel fixes, and Intel vows to work with its partners to deliver an updated patch.
And even if Intel can deliver a fully-functional patch, it will never reach 100 percent penetration with Intel's install base. While competent IT managers and enthusiasts will no doubt be quick to install the patches (after proper vetting), there is still a large swatch of everyday consumers and business that will never even attempt to apply the BIOS updates to protect their systems.
In the end, Intel has a big mess on its hands with regards to fully resolving the Spectre/Meltdown madness, but we can at least take solace in the fact that Intel's next generation of processors "should" be protected.