SoylentNews

chromas (from IRC) writes:

ZDNet [zdnet.com]:

Video: Intel's patches for Spectre variant 4 will slow your CPU.

Open-source champion Bruce Perens has called out Intel for adding a new restriction to its software license agreement along with its latest CPU security patches to prevent developers from publishing software benchmark results.

The new clause appears to be a move by Intel to legally gag developers from revealing performance degradation caused by its mitigations for Spectre and Foreshadow or 'L1 Terminal Fault' (L1FT) flaw speculative attacks.

"You will not, and will not allow any third party to ... publish or provide any software benchmark or comparison test results," Intel's new agreement states .

The new term appeared with the fixes for 'L1 Terminal Fault' that were recently delivered to Microsoft and Linux distributions .

Performance hits are a concern for users, and Intel is facing several lawsuits from investors over its handling of the matter .

The chip maker argued when it disclosed L1FT that "there has been no meaningful performance impact observed as a result of mitigations applied" to PCs or datacenter equipment.

Another section of the license blocking redistribution appears to have caused maintainers of Debian to withhold Intel's patch too , as reported by The Register .

But Perens thinks the bigger concern lies in Intel's requirement not to publish benchmarks.

"Since the microcode is running for every instruction, this seems to be a use restriction on the entire processor. Don't run your benchmarker at all, not even on your own software, if you 'provide' or publish the results," he notes .

"So, lots of people are interested in the speed penalty incurred in the microcode fixes, and Intel has now attempted to gag anyone who would collect information for reporting about those penalties, through a restriction in their license. Bad move."

Perens reckons Intel should rather own up to any damage caused by its patches.

"Silencing free speech by those who would merely publish benchmarks? Bad business. Customers can't trust your components when you do that."

ZDNet has sought a response from Intel and will update the story if it receives an answer.

Previous and related coverage

Researchers have broken Intel's Software Guard Extensions, System Management Mode, and x86-based virtual machines.

The patches, as expected, brought Linux's performance down, but their impact has not been as bad as feared.

Oracle has new fixes available for Spectre flaws affecting Linux systems on Intel and AMD chips.

Customers accuse the chip maker of charging premium prices for a faulty product.

Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.

Since the beginning of 2018, the number of cases has risen from three to 32.

Original Submission