Last march of the Penryns: Intel cuts Spectre fixes for some older chips

As part of its ongoing efforts to patch its systems against the Meltdown and Spectre chip flaws, Intel indicated last month that it would be issuing fixes as far back as 2005’s Yorkfield processors. But in a new guidance document the company announces that many of these older platforms will not receive fixes after all.

Specifically, work has been stopped on Spectre Variant 2 mitigations for the chip generations known as Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, Penryn, SoFIA 3GR, Wolfdale and Yorkfield. (You can find more specifics at this great list of Intel codenames on Wikipedia.)

Variant 2 is the toughest of the chip flaws to block or work around, so the creation of fixes is nontrivial — Intel isn’t just copying and pasting stuff into a microcode update for each of these.

In the guidance document (PDF), Intel cited several reasons for stopping development on the fixes:

  • Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2
  • Limited Commercially Available System Software support
  • Based on Customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.

In other words: it’s super hard, they’re barely supported and few people are using them where the bugs could be exploited.

It’s a reasonable walkback of the scope of Intel’s mitigation efforts, especially when you look at the size of the list of platforms that are having the problems addressed. Still, system administrators may want to cast an eye over their inventory to make sure no chips of these generations get exposed to the untamed wilds of userland.

And for users, the Penryns (Core 2 Duos in particular) were very popular and I wouldn’t be surprised if a few people were still running an old laptop with one — they were in all kinds of things back in ’08. If you’re one of those sentimental types like me that keeps these things around, you should probably avoid doing anything critical on them.

Intel sent along a statement to accompany the guidance, which seems rather redundant with the above, but just in case:

We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.