'

Intel 'gags' Linux distros from revealing performance hit from Spectre patches

You can test performance after using our patches, but don't publish the results, say Intel's new license terms.

Video: Intel's patches for Spectre variant 4 will slow your CPU.

Open-source champion Bruce Perens has called out Intel for adding a new restriction to its software license agreement along with its latest CPU security patches to prevent developers from publishing software benchmark results.

The new clause appears to be a move by Intel to legally gag developers from revealing performance degradation caused by its mitigations for Spectre and Foreshadow or 'L1 Terminal Fault' (L1TF) flaw speculative attacks.

"You will not, and will not allow any third party to ... publish or provide any software benchmark or comparison test results," Intel's new agreement states.

The new term appeared with the fixes for 'L1 Terminal Fault' that were recently delivered to Microsoft and Linux distributions.

Performance hits are a concern for users, and Intel is facing several lawsuits from investors over its handling of the matter.

SEE: Sensor'd enterprise: IoT, ML, and big data (ZDNet special report) | Download the report as a PDF (TechRepublic)

The chip maker argued when it disclosed L1TF that "there has been no meaningful performance impact observed as a result of mitigations applied" to PCs or datacenter equipment.

Another section of the license blocking redistribution appears to have caused maintainers of Debian to withhold Intel's patch too, as reported by The Register.

But Perens thinks the bigger concern lies in Intel's requirement not to publish benchmarks.

"Since the microcode is running for every instruction, this seems to be a use restriction on the entire processor. Don't run your benchmarker at all, not even on your own software, if you 'provide' or publish the results," he notes.

"So, lots of people are interested in the speed penalty incurred in the microcode fixes, and Intel has now attempted to gag anyone who would collect information for reporting about those penalties, through a restriction in their license. Bad move."

Perens reckons Intel should rather own up to any damage caused by its patches.

"Silencing free speech by those who would merely publish benchmarks? Bad business. Customers can't trust your components when you do that."

UPDATE 12:15pm ET, August 23 2018 - An Intel spokesperson responded: "We are updating the license now to address this and will have a new version available soon. As an active member of the open-source community, we continue to welcome all feedback."

Read about Intel's change of heart: Intel ditches Linux patch benchmark 'gag', offers 'innocuous' new license.

Previous and related coverage

Beyond Spectre: Foreshadow, a new Intel security problem

Researchers have broken Intel's Software Guard Extensions, System Management Mode, and x86-based virtual machines.

Linux performance before and after Meltdown and Spectre fixes

The patches, as expected, brought Linux's performance down, but their impact has not been as bad as feared.

Oracle's latest Linux fixes: New Spectre, Lazy FPU patches beef up defenses

Oracle has new fixes available for Spectre flaws affecting Linux systems on Intel and AMD chips.

First Intel, now AMD also faces multiple class-action suits over Spectre attacks

Customers accuse the chip maker of charging premium prices for a faulty product.

Got an old PC? Find out whether you will get Intel's latest Spectre patch TechRepublic

Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.

Class-action suits over Intel Spectre, Meltdown flaws surge CNET

Since the beginning of 2018, the number of cases has risen from three to 32.