Ask HN: Intel Kernel Vulnerability fix: why software not microcode
Could someone please explain why the mitigations for the Intel CPU bug are having to be implemented in the OS rather than Microcode?
As it only seems to effect Intel and not AMD processors, and as the issue seems to be with the CPU not invalidating cache after a failed OP, this seems like something that would be best fixed actually on the CPU itself.
I assume there's good reasons why not; if anyone could explain it would be greatly appreciated.
3 comments
[ 3.2 ms ] story [ 15.5 ms ] threadIt is best fixed on the CPU, but it will require the CPU to be physically changed (just a new mask if Intel is lucky) to fix it at the CPU level.
I have noticed that there is actually a microcode update published today (through centos/rhel at least) so it looks like there's some firmware mitigation on the go.
It makes sense that the features can be enabled and disabled via microcode.