While Intel has always been a pioneer in technology security, and has been publishing security technical collateral for decades, in recent years Intel’s Security First Pledge committed us to producing transparent and timely industry communications and providing ongoing security assurance for our products. As a result, Intel has accelerated our security documentation and mitigation efforts in order to enable secure computing solutions and mitigate known security issues.
As part of Intel’s commitment to transparency, we strive to document the architectural and microarchitectural origins of security issues affecting our processors, and then develop, describe, and deploy mitigations in software and/or hardware. This transparency allows researchers, industry experts, developers, and customers to understand the root cause of security issues, whether and how an issue affects their computing environment, and what actions they need to take to address it. Researchers may use this information to better focus their work and build upon Intel’s mitigations. Customers can also use our documentation to understand the potential tradeoffs and implications of mitigations on their environments and workloads.
Intel goes beyond simply documenting known security issues and their mitigations by continuously working to provide the industry with guidance on how to write more secure code, implement best known methods to secure existing products, and to develop defense-in-depth for their systems. We also provide fine-grained controls for the security and performance features included in our products to allow customers to adjust their system configurations to meet varying security and performance requirements.
Intel goes beyond simply documenting known security issues and their mitigations by continuously working to provide the industry with guidance on how to write more secure code, implement best known methods to secure existing products, and to develop defense-in-depth for their systems. We also provide fine-grained controls for the security and performance features included in our products to allow customers to adjust their system configurations to meet varying security and performance requirements.
We also publish research papers that study and evaluate the effectiveness of different potential mitigation options for various security issues. These papers typically examine both mitigations Intel has considered or implemented as well as mitigations deployed on non-Intel platforms. This ecosystem-based approach provides our customers and partners more information regarding Intel’s analysis and mitigation choices and demonstrates the due diligence we perform before making our security recommendations.
Often, Intel’s work in mitigating an issue goes beyond just the updated products and security documentation that Intel releases. For example, Intel engineers also work with the software ecosystem to develop and release mitigations to some of these issues in the Linux* kernel. Over the years, Intel engineers have submitted the initial patches for multiple issues and have collaborated with kernel maintainers and other subject matter experts to refine the code and deliver security mitigations. Intel’s technical documentation represents the foundation on which these discussions and technical fixes can take place. This shared foundation enables the ecosystem to accurately evaluate research which may exaggerate claims of an issue's novelty or impact out of a desire to improve the researchers' prestige or publishing credentials. Intel's robust and detailed documentation allows the industry to refute misinformation and fear while allowing developers and researchers to focus on relevant and practical issues.
In support of these tenets of Intel’s Security-First Pledge, in 2022 Intel has published a total of 25 technical security papers for major CVEs, as well as 17 software security guidance papers, six papers to explain new Intel features and hardware behavior, and several mitigation research papers.
For more information, check out the current list of content on our software security guidance website at Intel.com.
| Software Security Guidance Best Practices | Year Published |
|---|---|
| CPUID Enumeration and Architecture MSRs | 2022 |
| Frequency Throttling Side Channel Guidance | 2022 |
| Securing Workloads Against Side Channel Methods | 2022 |
| Refined Speculative Execution Terminology | 2021 |
| Xucode: An Innovative Technology for Implementing Complex Instructions | 2021 |
| Spectre/Meltdown Checker Script | 2021 |
| Microcode Update Guidance | 2020 |
| SRBDS Mitigation Impact on Secure Key | 2020 |
| Guidance for System Administrators to Mitigate Transient Execution Side Channel Issues | 2020 |
| Loading Microcode from the OS | 2020 |
| An Optimized Mitigation Approach for Load Value Injection | 2020 |
| Guidance for Enabling FSGSBASE | 2019 |
| Mitigation Strategies for JCC Microcode | 2019 |
| Security Best Practices for Side Channel Resistance | 2019 |
| Intel Security Features and Technologies Related to Transient Execution Attacks | 2018 |
| Hardware Features and Controls | Year Published |
|---|---|
| Data Operand Independent Timing ISA Guidance | 2022 |
| Fast Store Forwarding Predictor | 2022 |
| Data Dependent Prefetcher | 2022 |
| Indirect Branch Restricted Speculation | 2018 |
| Indirect Branch Predictor Barrier | 2018 |
| Single Thread Indirect Branch Predictors | 2018 |
| Mitigation Research | Year Published |
|---|---|
| You Cannot Always Win the Race: Analyzing the LFENCE/JMP Mitigation for Branch Target Injection | 2022 |
| Intel Research on Disclosure Gadgets at Indirect Branch Targets in the Linux Kernel | 2022 |