cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
planetjumper
Punch Card
Posts: 13
Registered: ‎10-14-2017
Location: AT
Views: 981
Message 1 of 5

Intel Management Engine critical issue - Performance loss

According to this article "Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign" there's a fundamental design flaw in Intel's processor chips, which can only be fixed by changing the hardware or patching the system. However, patching might lead to a performance loss of 30% (depending on the task and the processor model).

 

My question is: How is Lenovo going to deal with it and is there a way to completely deactivate the Intel Management Engine?, I don't see any option in the Bios (I have a Thinkpad P51, FW: 1.17). I have already the newest IME security patch.

 

PS: I could have also posted this subject in all other sections, since all new Intel x86-64 hardware is affected by it.

Community SeniorMod
Community SeniorMod
Posts: 3,260
Registered: ‎12-01-2007
Location: US
Views: 709
Message 2 of 5

Re: Intel Management Engine critical issue - Performance loss

Hello,

 

Lenovo's PSIRT (Product Security Incident Response Team) has already issued an advisory on it:

 

Name: Lenovo Security Advisory #LEN-18282, "Reading Privileged Memory with a Side Channel"

URL: https://support.lenovo.com/us/en/solutions/LEN-18282

 

Lenovo is in the process of releasing updates for affected products and is continuously updating the advisory with the latest information, so I would suggest periodically checking it.  I noticed several models already have some updates available; an update for the P51 is targeted for January 9th.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

de.gif Deutsche Community es.gif Comunidad en Español ru.gif Русскоязычное Сообщество pt.gif Communidade Portugues
planetjumper
Punch Card
Posts: 13
Registered: ‎10-14-2017
Location: AT
Views: 669
Message 3 of 5

Re: Intel Management Engine critical issue - Performance loss (Meltdown / Spectre)

As far as I see, Lenovo already adresses the CVE-2017-5715 spectre vulerabilty with the bios version 1.17. However, I've also noted a performance loss with my Samsung SM961 NVMe PCIe M.2 512GB (see picture).. video encoding etc. also takes a bit longer, that's not satisfying to be honest. I hope it's possible to improve the patches and mitigate the performance loss. Obviously, Intel knew about the problem since at least summer. I'm pretty sure that if customers had known about the problem, some of them would have posponed the purchase of new hardware - or buy an AMD instead, where the performance loss is negligible. 

Community SeniorMod
Community SeniorMod
Posts: 3,260
Registered: ‎12-01-2007
Location: US
Views: 635
Message 4 of 5

Re: Intel Management Engine critical issue - Performance loss (Meltdown / Spectre)

Hello,

 

Given the rapid speed at which announcements and updates about the Meltdown and Spectre vulnerabilities are appearing, I suspect you are right on target:  First, CPU manufacturers are going to fix-test-verify in order to validate that they have closed the vulnerability without introducing further problems, and then they are going to work on performance optimizations. 

 

Since we are still in the very early stages of what's known and being done, I feel it's important to take a wait-and-see approach as it may take a while for fully-optimized patches to appear.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

de.gif Deutsche Community es.gif Comunidad en Español ru.gif Русскоязычное Сообщество pt.gif Communidade Portugues
Steve2018
What's DOS?
Posts: 1
Registered: ‎04-30-2018
Location: US
Views: 272
Message 5 of 5

Re: Intel Management Engine critical issue - Performance loss

If you are referring to the Meltdown & Spectre vulnerabilities, then I think you might be confused. From what I understand, Intel Mgt Engine does have/had significant security vulnerabilities (one of which requires physical access to the targeted PC), but these are not related to Meltdown or Spectre, and it's those two vulnerabilities which have led to performance-lowering patches, esp for Intel machines (due to 'speculative execution' resulting in Meltdown vulnerability).

Check out current deals!


Shop current deals

Top Kudoed Authors