Open source proponent Bruce Perens had a look at the latest open source patch notes from an Intel microcode update to fix new issues on Debian based Linux distributions that stem from the Meltdown and Spectre vulnerabilities announced earlier in the year.
No benchmarks for you
He noted the following new license term that was added:
You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results.
Whoa! Looks like Intel is really worried about the performance hit its CPUs are going to take when this microcode gets applied. So much so that they plan to inhibit journalists who try to show benchmark differences between machines with and without the patch. Bruce Perens goes on to state:
Since the microcode is running for every instruction, this seems to be a use restriction on the entire processor. Don't run your benchmarker at all, not even on your own software, if you "provide" or publish the results. The security fixes are known to significantly slow down Intel processors, which won't just disappoint customers and reduce the public regard of Intel, it will probably lead to lawsuits (if it hasn't already). Suddenly having processors that are perhaps 5% to 10% slower, if they are to be secure, is a significant damage to many companies that run server farms or provide cloud services. I'm not blaming Intel for this, I don't know if Intel could have forseen the problem. Since some similar exploits have been discovered for AMD and ARM CPUs, the answer is probably "no". But certainly customers are upset.
How this new microcode patch and new license term will affect macOS or Windows PCs has yet to be be determined. However, this fix will have to be applied for all OSs since the vulnerability is a hardware issue on the CPUs themselves.
Final comments
What do you think about Intel trying to suppress benchmark data after applying this vulnerability fix? Let us know in the comments!
Update: Intel has announced that it will be changing the license terms and will be removing the "no benchmark" portion.
