security board image

AMD Processors: Google Project Zero, Spectre and Meltdown

AMD 處理器安全性更新

1/11/2018

The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.

At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.

  • Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
    • We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.  
    • Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.
    • Linux vendors are also rolling out patches across AMD products now.
  • GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
    • While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat.  We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
    • AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
    • Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.
  • GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
    • We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.

There have also been questions about GPU architectures. AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats. 

We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.

Mark Papermaster,
Senior Vice President and Chief Technology Officer

資訊安全對 AMD 至關重要

1/03/2018

目前有一些關於現代微處理器和推測執行的潛在安全性問題的報導。資訊安全對 AMD 至關重要,我們的安全性架構緊密貼近技術生態系統,以防範最新的威脅。

除了必須瞭解 AMD 產品相關研究中所陳述的推測執行漏洞外,還必須謹記:

  • 這些研究是在受控制的專屬實驗室環境下,由具備充份知識的團隊運用有關目標處理器的詳細非公開的資訊執行。
  • 研究中所述的威脅尚未在公眾領域中出現。

當 AMD 得知研究人員已發現目前有一種新的 CPU 攻擊,專門針對多家晶片公司產品採用的推測執行功能時,我們立即進行跨生態系統合作,來解決該團隊發現的威脅。

研究團隊指出推測執行研究中的三種類型。下表詳細說明研究中指出的特定類型以及 AMD 的詳細回應。

類型/AMD 回應表格

  Google Project Zero (GPZ) 研究標題 詳細資料
類型一 繞過邊界檢查 透過系統商和製造商提供軟體/OS 更新來解決問題。預期會出現可忽略不計的效能影響。
類型二 分支目標注入 AMD 架構中的差異意味著利用此類漏洞的風險幾乎為零。截至目前為止,AMD 處理器尚無出現類型 2 漏洞。
類型三 未管理資料快取載入 基於 AMD 架構差異,未出現 AMD 漏洞。

隨著安全性版圖不斷演化,業界內資訊分享共同合作是最強大的防禦力量。

目前提供防範各種可能攻擊的全方位保護仍是難以達成的目標,然而,最新的實例展現了業界合作所帶來的威力有多大。

AMD 一貫強烈鼓勵客戶採取電腦安全使用措施,例如:不要按下無法識別的超連結、遵循高強度密碼協定、使用安全的網路,以及接受定期軟體更新。