For systems that use Intel’s Software Guard Extensions (SGX) memory encryption, Intel’s microcode fix must be loaded via firmware; for systems without SGX, the new microcode fix can be loaded via firmware or at the OS level.
Moghimi has published a white paper (PDF) along with the Downfall website (and its DALL-E 2-generated logo). He says he disclosed the bug to Intel about a year ago and describes Downfall as a “successor” to previous speculative-execution bugs like Meltdown and Fallout.
According to Intel’s support pages—one here for the Downfall bug, one here that lays out the status of multiple CVEs across Intel’s CPU lineup—Downfall affects all processors based on the Skylake, Kaby Lake, Whiskey Lake, Ice Lake, Comet Lake, Coffee Lake, Rocket Lake, and Tiger Lake architectures, along with a handful of others.
For those of you who can’t keep your lakes straight, that means most CPUs in Intel’s 6th through 11th-generation Core lineups for consumer PCs, sold starting in 2015 and still available in some new systems today. Downfall also affects Xeon server and workstation processors and any Pentium and Celeron processors based on those same architectures.
Not affected are Intel’s newer 12th- and 13th-generation CPU architectures (aka Alder Lake and Raptor Lake), low-end CPUs in the Atom, Pentium, and Celeron families (Apollo Lake, Jasper Lake, Gemini Lake, and others), or older CPU architectures like Haswell and Broadwell (currently only officially supported in servers, but also used in 4th- and 5th-generation Core CPUs for consumer PCs).
Intel says that mitigations for downfall can reduce performance for workloads that rely on the Gather instruction by up to 50 percent. There is “an opt-out mechanism” that can disable the fix to restore full speeds, though Moghimi doesn’t recommend using it.