Intel Drops Security Patch Benchmark Ban After Public Outcry

Intel Drops Security Patch Benchmark Ban After Public Outcry

Intel hasn’t had a very good 2018. While the company’s quarterly performance has been excellent, it’s been repeatedly hammered by security flaws, some of which are baked into the fundamental structure of its microprocessors. While these flaws are not unique to Intel, the company has been uniquely exposed by its own market dominance and by certain design decisions it made years ago to enhance its CPU performance. To-date, the company has mostly reacted well, with good communication and prompt updates, but this week, it tried to gag anyone who applied a microcode patch under Linux to fix the Foreshadow flaw (the most recent major security problem). Specifically, it attempted to block anyone from discussing the performance impact of the security updates.

That’s a significant move by Intel, because most of the fixes that have been pushed out for Meltdown and Spectre have at least a small impact on performance in some scenarios. In some cases, particularly with older chips and in certain workloads, the performance penalty can be 10 percent or more. This is a serious problem in an industry where performance gains have been so small, often averaging just a few percent per year on a per-core basis. And Intel, apparently, didn’t want people to find that out.

Buried in the licensing document for the security patch was the following:

Unless expressly permitted under the Agreement, You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results. (Emphasis added)

When this blew up in the user community, as one might expect, Intel swiftly backpeddled. The new license reads:

Redistribution and use in binary form, without modification, are permitted, provided that the following conditions are met:

Redistributions must reproduce the above copyright notice and the following disclaimer in the documentation and/or other materials provided with the distribution.

Neither the name of Intel Corporation nor the names of its suppliers may be used to endorse or promote products derived from this software without specific prior written permission.

No reverse engineering, decompilation, or disassembly of this software is permitted.

“Binary form” includes any format that is commonly used for electronic conveyance that is a reversible, bit-exact translation of binary representation to ASCII or ISO text, for example “uuencode.”

It’s not uncommon to see these kinds of restrictions in enterprise deployments — it’s actually normal for large companies to claim the right to prohibit any benchmarking of their products — but in Intel’s case, these demands to not-publish data are taking place in an environment where the company’s previous insistence on a black-box approach only ensured that security vulnerabilities shipped for decades in some of its fundamental products.

Given that Intel is launching a new line of CPUs later this year with hardware repairs in place for some of these issues, it makes sense that it doesn’t want to talk too much about the performance hit its chips take from these fixes. An emphasis on any significant performance declines could be used to either hand AMD CPUs a representative advantage (which Intel obviously doesn’t want) or to argue that any “new” performance improvements delivered by Cascade Lake are nothing but a restoration of performance that Intel’s poor security practices removed. “Our new chips are 20% faster and contain new security features,” is a much more positive spin than “Our new chips improve performance by fixing the bits we broke in the last ones. Can we have $2500?”