MP 6,1 Current Security Status of 6,1 CPUs

[MisterAndrew]

More good news from Intel Customer Support for servers. They say Intel will release new microcodes for these processors if necessary and the two recent vulnerabilities either don’t affect these processors or systems running macOS.

“Regarding your question about future microcode updates; the processors are mature, retired but, they are still under support. If a new firmware update is necessary for security reasons, Intel will release it.

I want to clarify some aspects of the vulnerabilities such as CVE-2020-0550 (Snoop-assisted L1 Data Sampling) - INTEL-SA-00330 and CVE-2020-0551 (Load Value Injection) - INTEL-SA-00334.

The first vulnerability: CVE-2020-0550 - INTEL-SA-00330 is related to Intel® RAID Web Console 2. This remote software has been discontinued; we already have version 3 and none of them supported by Mac Server operating system.


Summary: A potential security vulnerability in Intel® RAID Web Console 2 (RWC2) may allow the escalation of privilege.
This potential vulnerability is mitigated by using Virtual Machine Manager with the L1 Terminal Fault mitigations applied. See INTEL-SA-00329 for more information on L1TF. Intel is not recommending any new or additional mitigations for Operating Systems.



The second vulnerability CVE-2020-0551 (Load Value Injection) / INTEL-SA-00334


Summary: Potential security vulnerabilities in some Intel® Processors may allow information disclosure.

Only Intel® Xeon® Processor E3 v5 Family and Intel® Xeon® Processor E3 v6 Family have the issue; the v2 family does not have the problem.

Resolution:
Ensure the latest Intel SGX PSW 2.7.100.2 or above for Windows and 2.9.100.2 or above for Linux is installed.

The issue is not happening on Mac OS operating systems.”

 

[bsbeamer]

Did they give a date when these will be cut off from microcode updates? It is becoming an issue when they do not guarantee "X" number of years of updates for a CPU/class after initial release.

 

[MisterAndrew]

Did they give a date when these will be cut off from microcode updates? It is becoming an issue when they do not guarantee "X" number of years of updates for a CPU/class after initial release.

No, they didn't. I'll report back if I hear anything regarding that.

I asked them if microcode updates would still be issued after the end of support date (today).

They said:

"Yes, Intel will release firmware updates if any security vulnerability is discovered in the near future and affects the processor. They are distributed to the server motherboard manufacturers for the distribution of it.

Regarding the processor support; Intel will continue providing documentation and drivers through the support websites for self-support. Technical support (customer-agent) is stopping today."

 

[MisterAndrew]

I received further clarification from Intel regarding the end support date for microcode updates. Apparently there is no set date. It is based on demand and therefore may be requested by Apple. So it appears as long as Apple supports this system Intel will provide support to them.

Intel customer service agent:
"The production and support life-cycle on the products is determined by how much demand they have. In this case, we are talking about the extra support on discontinuing products in third party systems (MAC computers). The period will be determined by MAC necessity; they are the owners of the system and give the warranty and support in all the hardware, including the processor.

Intel has excellent lifetime support and warranty on its Retail products (Box, 3 or more years) and optionally provides extended warranty on them, and processors included on third party systems (known as Tray) benefit of this support (warranty is support by OEM only). I wish to be able to give you a date however, there are many factors involved."

 

[konqerror]

A big +1 to this.

If Intel hadn’t sold the processors since 2013, I would understand ending microcode support. But something sold within the past year?

Support dates, including companies like Microsoft, are often based on the date of product release, not on the date of last sale.

Otherwise, this incentivizes the company to discontinue the product the moment the next version comes out, regardless of the need for people to maintain existing systems.

This allows the company to basically say, "we'll still sell you old parts to support your customers, but you know you need to redesign your system very soon".

Everybody who bought an Ivy Bridge system last year knew it was a 8 year old design.

In many industries, particularly semiconductors, they have a state "not recommended for new designs" which indicates that you're not getting a full support lifecycle at this point.

 

[MisterAndrew]

Based on the information from Intel, Apple hasn't discontinued supporting Macs with new OS releases based on Intel's end of support for the processors because Intel will provide Apple with microcode updates regardless of Intel's end support date for the CPUs. So for example, support for the 5,1 wasn't ended because of Intel. Likewise, support for the 6,1 won't end because of Intel.

 

[bsbeamer]

Related indirectly - still is not 100% clear why Intel EOL’d all MP5,1 CPUs without prior notice, or at least without giving Apple notice. They scrambled with a workaround for the security vulnerability and then left those machines/CPUs unpatched. Would not exactly expect anything different from MP6,1 at some random point in time without prior notice. Really would be great on Intel to say they’ll support a specific CPU with microcode updates for at least “X” number of years.

 

[MisterAndrew]

Related indirectly - still is not 100% clear why Intel EOL’d all MP5,1 CPUs without prior notice, or at least without giving Apple notice. They scrambled with a workaround for the security vulnerability and then left those machines/CPUs unpatched. Would not exactly expect anything different from MP6,1 at some random point in time without prior notice. Really would be great on Intel to say they’ll support a specific CPU with microcode updates for at least “X” number of years.

How do you know Intel wasn’t in communication with Apple? I’m sure they were. I think Apple intended to discontinue support for the 5,1 regardless of any situation with Intel with the launch of the 7,1. Apple also hadn’t sold the 5,1 since 2013. They discontinued it entirely in Europe as of 1 March 2013 due to regulatory changes. The 6,1 is in a different situation since it was discontinued last year. Apple won’t add it to their vintage list until late 2024 and it will become obsolete in late 2026. Of course it’s hard to say if it’ll receive OS updates that long, but it will be eligible for hardware repairs.

 

[bsbeamer]

Not that it matters to many, but the 2012 MP5,1 was sold as new retail from Apple into 2013 and at least until 2014 through Apple Business in the USA. Intel EOL’d the MP5,1 CPUs (not Apple) in 2019. Apple cannot even provide full mitigation for vulnerabilities within Mojave updates because of the lack of microcode updates.

I get the timing sucks for all the releases (mostly due to lack of update from Apple) but this is entirely directed by Intel’s lack of schedule or transparency around how many years they will support a CPU. Several people with MP5,1’s only got 2013/2014 through 2019 before Intel pulled the plug on updates. Would not automatically expect Intel to support MP6,1 with patches much beyond 2022 unless they explicitly state they will.

 

[MisterAndrew]

Not that it matters to many, but the 2012 MP5,1 was sold as new retail from Apple into 2013 and at least until 2014 through Apple Business in the USA. Intel EOL’d the MP5,1 CPUs (not Apple) in 2019. Apple cannot even provide full mitigation for vulnerabilities within Mojave updates because of the lack of microcode updates.

I get the timing sucks for all the releases (mostly due to lack of update from Apple) but this is entirely directed by Intel’s lack of schedule or transparency around how many years they will support a CPU. Several people with MP5,1’s only got 2013/2014 through 2019 before Intel pulled the plug on updates. Would not automatically expect Intel to support MP6,1 with patches much beyond 2022 unless they explicitly state they will.

Well according to Intel microcode updates can be requested by Apple. The microcode updates are delivered via firmware updates. There have been several Mojave security updates that new firmware could have been delivered with. We can only speculate why Apple has not requested the extended support for those processors from Intel.