Plundervolt Intel microcode update potentially killing undervolting for security?

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hfm, Dec 10, 2019.

  1. hfm

    hfm Notebook Prophet

    Reputations:
    1,994
    Messages:
    4,649
    Likes Received:
    2,363
    Trophy Points:
    231
    I just saw this story on Wired discussing a new vuln called Plundervolt that compromises SGX by timing an undervolt causing a fault writing to the secure enclave to expose secrets.

    https://www.wired.com/story/plundervolt-intel-chips-sgx-hack/

    Unfortunately there's potentially bad news in there which should be important for us notebook users that like to undervolt to manage temps better. Intel's microcode update locks voltages to their defaults.

    Not sure which Intel products are affected or which vendors they are talking about, but I do know these microcode updates are pushed through windows update.

    We should keep an eye out, or perhaps there's more detailed info available out there for the manner in which the microcode update will be deployed.
     
    Robbo99999, Mr. Fox, Vasudev and 5 others like this.
  2. hfm

    hfm Notebook Prophet

    Reputations:
    1,994
    Messages:
    4,649
    Likes Received:
    2,363
    Trophy Points:
    231
    This ZDNet article has more info, and thankfully maybe we can avoid the update or not enable the setting if we like having lower temps.

    https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/

     
    Mr. Fox, Vasudev, 0lok and 2 others like this.
  3. joluke

    joluke Notebook Deity

    Reputations:
    747
    Messages:
    1,485
    Likes Received:
    882
    Trophy Points:
    131
    Oh my god... These are such crap news for us notebook enthusiasts :(
     
    Vasudev, hfm and Dr. AMK like this.
  4. jotm

    jotm Notebook Evangelist

    Reputations:
    336
    Messages:
    465
    Likes Received:
    74
    Trophy Points:
    41
    Well that's bad news... Thanks for posting this.

    Wiki says SGX was introduced with Skylake, so Haswell is still safe (undervolted and overclocked it can keep up with even the latest chips, 10K Passmark EZ :D).

    With locked voltages you'll never get maximum performance because Intel chips always run hot and throttle under full load (thanks in big part to laptop manufacturers and their "good enough" cooling). Another nerf to Intel.

    I guess it's time to upgrade to AMD, hopefully Zen will come to mobile workstations.
     
    hfm and Dr. AMK like this.
  5. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,532
    Messages:
    2,122
    Likes Received:
    4,395
    Trophy Points:
    281
    This is really bad news, is this will effect our DTR's Laptops with Desktop CPU's?
     
    Vasudev and hfm like this.
  6. senso

    senso Notebook Deity

    Reputations:
    524
    Messages:
    1,589
    Likes Received:
    739
    Trophy Points:
    131
    It affects all CPU's after and including the Skylake family, it will only affect those that have SGX turned on(off by default), but given that the current "fix" is to disable undervolting at the BIOS/micro-code level...

    Thing is, its another glaring security hole, so Intel will pressure MS to bundle that micro-code into the windows micro-code DB so that Windows loads it before loading the OS, so, this will make us either live with that, or change the name of that file so that Windows wont update the micro-code during run time.

    Also, will this lead to Intel flat out disabling undervolting/locking the MSR registers a lot in newer CPU's?
    I would expect to see newer revisions of current models having this micro-code programmed at the factory and then nothing can be done to revert that..
     
    Ashtrix, joluke, hfm and 1 other person like this.
  7. hfm

    hfm Notebook Prophet

    Reputations:
    1,994
    Messages:
    4,649
    Likes Received:
    2,363
    Trophy Points:
    231
    Not to mention further future microcode updates that may fix other issues. We night be able to stop this particular one, but I do worry about the decision getting tougher down the road. Hopefully it's configurable somehow, but I'm not holding my breath. Especially for the windows microcode update side of the equation.

    Sent from my Pixel 3a XL using Tapatalk
     
    joluke likes this.
  8. Starlight5

    Starlight5 Yes, I'm a cat. What else is there to say, really?

    Reputations:
    687
    Messages:
    3,124
    Likes Received:
    1,509
    Trophy Points:
    231
    I received a BIOS update today and applied it to both my Skylake machines. On undervolted laptop, it seems to hold according to HWInfo... SGX is off. Maybe it's just a coincidence and this particular fix was not included...
     
    Vasudev likes this.
  9. senso

    senso Notebook Deity

    Reputations:
    524
    Messages:
    1,589
    Likes Received:
    739
    Trophy Points:
    131
    Check micro-code revision with hwinfo.
    Also, brand/model of the laptop?
     
    Vasudev likes this.
  10. Chastity

    Chastity Company Representative

    Reputations:
    1,295
    Messages:
    6,545
    Likes Received:
    336
    Trophy Points:
    251
    I'm on B4 for Kaby Lake-H after last update from MS.
     
Loading...

Share This Page