Sandra Platinum (2017) SP4 – Updates for ‘Meltdown’ and ‘Spectre’

Update Wizard

NB: SP4 has been refreshed to version 24.61 vs. the original 24.55 a day later.

We are pleased to release SP4 (Service Pack 4 – version 24.61) update for Sandra Platinum (2017) with the following updates:

Sandra Platinum (2017) Press Release

  • Reporting of Operating System (Windows) speculation control settings for the recently discovered vulnerabilities:
  • Reporting of latest CPU microcode update availability
    • Hardware mitigation for BTI/’Spectre’
  • Reporting of CPU features for branch control
    • Hardware enumeration and control for speculation and predictors
      • Indirect branch restricted speculation (IBRS) and Indirect branch predictor barrier (IBPB)
      • Single thread indirect branch predictors (STIBP)
      • Architecture Capabilities (affected by IB or not)
  • Reporting of CPU support for Context ID / Indirect CID
    • Hardware acceleration for context switching thus mitigating performance loss when KVA (Kernel’s Virtual Address) Shadowing is enabled.

Windows speculation control settings reporting:

Recommended Settings (Windows and CPU updated)
Operating System Mitigation: Enabled (Windows updated)

BTI Mitigation: Enabled, CPU indirect branch-control enumeration support (microcode updated)

RDCL Mitigation: KVA Shadowing enabled, Windows/CPU context-ID support

OK Settings (Windows updated, but CPU not updated)
Operating System Mitigation: Enabled (Windows updated)

BTI Mitigation: Not enabled, no CPU support (e.g. firmware not updated – check for BIOS update)

RDCL Mitigation: KVA Shadowing enabled, Windows/CPU context-ID support

OK Settings (Windows updated, but CPU not updated, no CID)
Operating System Mitigation: Enabled (Windows updated)

BTI Mitigation: Not enabled, no CPU support (e.g. firmware not updated – check for BIOS update)

RDCL Mitigation: KVA Shadowing not enabled, no context-ID support (either CPU or Windows obsolete)

Not Recommended (Windows not updated)
Operating System Mitigation: Not enabled, Windows has not been updated – install the OS update)

Processor features and microcode updates:

CPU microcode not latest
CPU has not been updated with the latest microcode update: check for an updated BIOS/firmware from the OEM/computer manufacturer.
CPU microcode w/speculation support
CPU supports IBRS/PB (indirect branch restricted speculation/predictor barrier) ennumeration as well as STIBP (single thread indirect branch predictors).
CPU supports CID or InvPCID
CPU supports either CID (Context ID) or InvPCID (Process Context ID) for faster context switch – thus mitigating performance loss.

 

Microcode Updates for Intel processors (non-exhaustive list):

 

 

Generation Old Microcode Updated Microcode
IvyBridge 3rd Gen (IVB C0) 28 2a
Haswell 4th Gen (HSW-U/Y Cx/Dx) 20 21
Haswell-X 4th Gen (HSX C0) 3a 3b
Haswell-EX 4th Gen (HSW-EX E0) 0f 10
Broadwell 5th Gen (BDW-U/Y E/F) 25 28
Crystalwell 5th Gen (CRW CX) 17 18
Broadwell 5th Gen (BDW-H E/G) 17 1b
Broadwell 5th Gen (BDX-DE V0/V1) 0f 14
Broadwell 5th Gen (BDX-DE V2) 0d 11
SkyLake 6th Gen (SKL-U/Y D0/R0) ba c2
SkyLake-X 6th Gen (SKX H0) 35 3c
KabyLake 7th Gen (KBL-U/Y H0) 62 80
KabyLake 7th Gen (KBL Y0 / CFL D0) 70 80
KabyLake 7th Gen (KBL-H/S B0) 5e 80
CofeeLake 8th Gen (CFL U0/B0) 70 80

 

Note: Due to some unexplained crashes, resume from sleep issues, etc. the current (January 2018) microcode updates have been suspended by Intel. They are scheduled to be resumed in March 2018.

In preliminary benchmarking, we have observed no or very minor performance impact to CPU, GPGPU and memory scores; disk performance for small transfers is impacted when KVA shadowing is enabled.

Commercial version customers can download the free updates from their software distributor; Lite users please download from your favourite download site.

Download Sandra Lite