6

I know there are software fixes in macOS, but I want to know when the hardware is fixed. I'd like to buy a new Macbook Pro, but only after the hardware is completely fixed.

The 2018 Macbook Pros have "Coffee Lake" Intel chips.

https://en.wikipedia.org/wiki/MacBook_Pro#Technical_specifications_4

Various articles say that Intel would release fixed chips in mid 2018, but I don't see specifics.

Did a hardware fix make it into the chips in these 2018 Macbook Pros?

Rob N
  • 1,660

2 Answers2

8

Intel announced via press release that the patched CPUs will be integrated into their hardware in the 8th generation chips shipping the second half of 2018:

These changes will begin with our next-generation Intel® Xeon® Scalable processors (code-named Cascade Lake) as well as 8th Generation Intel® Core™ processors expected to ship in the second half of 2018.

Anything manufactured prior to 2H 2018 will be updated via microcode software patch:

First, we have now released microcode updates for 100 percent of Intel products launched in the past five years that require protection against the side-channel method vulnerabilities

Which Chips?

The three new chips that were released in Q3 2018 are (all mobile):

  • Kaby Lake G (9706G)
  • Whiskey Lake (8565U)
  • Amber Lake (8500Y)

Whiskey Lake is the only CPU line to have the actual fixes in hardware where as Amber Lake and Kaby Lake G are both "Kaby Lake" based CPUs.

The situation with Amber Lake is a little different. Intel confirmed to us that Amber Lake is still Kaby Lake – including being built on the 14+ process node – making it identical to Kaby Lake Refresh as far as the CPU die is concerned. In essence, these parts are binned to go within the 5W TDP at base frequency. But as a result, Amber Lake shares the same situation as Kaby Lake Refresh: all side channel attacks and mitigations are done in firmware and operating system fixes. Nothing in Amber Lake is protected against in hardware.

Emphasis Mine

Bottom line, unless you're running a Whiskey Lake CPU, mitigations are still done in the OS and in firmware microcode.

Get Your CPU Identifier

To find which CPU your system currently configured with, issue this command:

$ sysctl -n machdep.cpu.brand_string

It will output something similar to the following:

Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Community
  • 1
Allan
  • 101,432
  • 2
    How do we check these "chances"? – LаngLаngС Sep 30 '18 at 18:50
  • 3
    The microcode updates (and likely hardware updates) only protect against some of the sidechannel attacks and not all. They’re still finding new variants of Spectre every few weeks/months. – Steve Sep 30 '18 at 23:45
  • @LangLangC - added info on CPU identification – Allan Oct 01 '18 at 10:32
  • Thx. But it still means trust. And that should not be blind in this case. Both Intel & Apple are not transparent enough about this. – About SW-fix: Apple says this https://support.apple.com/en-us/HT208394 without disclosing what exactly in a row of holes got filled (and how, how deep…) – LаngLаngС Oct 01 '18 at 12:25
4

Fixing all timing side-channel attacks on systems which use aggressive speculation is still a research topic. But there are reportedly fixes in Intel processor microcode (some in cooperation with some OS fixes) which make some of these side-channel attacks more difficult and/or slower.

hotpaw2
  • 5,463
  • 3
    Do they slow down the attacks or the chips overall or in general? Fixes for old chips via microcode are reported to slow down everything. If you have numbers concerning this tradeoff… or what/how much was fixed? (And delivered by Apple to users) – LаngLаngС Sep 30 '18 at 18:49