羅納克·辛格爾是芯片制造商英特爾公司的一名高管，他在英特爾已經(jīng)干了20多年。幾周前，他和同事們相聚在以色列的海法，在地中海邊他最喜歡的海倫娜餐廳定了位子，打算在這家高檔餐廳里慶祝自己升職。但是還沒開席，他就接到了公司的軟件合伙人打來的電話，讓他解釋英特爾針對(duì)“幽靈”和“熔斷”兩大漏洞開發(fā)的補(bǔ)丁到底出了什么問題。

辛格爾負(fù)責(zé)英特爾所有處理器架構(gòu)的研發(fā)工作。當(dāng)天晚上的問題出在補(bǔ)丁上。全世界有數(shù)以億計(jì)的電腦使用英特爾的CPU，但英特爾針對(duì)“幽靈”漏洞開發(fā)的一個(gè)補(bǔ)丁卻導(dǎo)致了部分電腦出現(xiàn)死機(jī)和重啟。雖然受影響的電腦只占市場(chǎng)的一小部分，但卻足以引起PC生產(chǎn)商的恐慌，微軟也只得緊急召回了這個(gè)補(bǔ)丁。（Linux的發(fā)明者林納斯·托瓦茲基至稱英特爾開發(fā)的這個(gè)補(bǔ)丁是“純粹的垃圾”。）

辛格爾解釋道，由于英特爾在該補(bǔ)丁中使用了一些以前從沒用過的技術(shù)，因而“或許有補(bǔ)丁未按預(yù)期方式運(yùn)行的情況”。他花了一個(gè)多小時(shí)才平息了這位合伙人的怒氣，辛格爾的同事見他遲遲未到，只得先行開席。辛格爾回憶道：“他們還以為我迷路了，或者是被綁架了。”直到快散席，他才匆匆趕到，吃了一碟海倫娜餐廳最著名的炸魷魚。

這次補(bǔ)丁事件堪稱計(jì)算機(jī)史上最嚴(yán)重的安全事故之一。幾周后，英特爾發(fā)布了修正補(bǔ)丁，才算修復(fù)了這個(gè)問題。不久前，英特爾公司宣布，它的修正補(bǔ)丁已經(jīng)覆蓋了過去五年它所生產(chǎn)的所有芯片。

辛格爾表示，下一步，針對(duì)相關(guān)漏洞的修正程序?qū)⒅苯忧度氲叫酒布小＝衲晗掳肽昙磳⑼瞥龅牡?代酷睿處理器以及即將于四季度推出的代號(hào)“Cascade Lake”的新一代至強(qiáng)服務(wù)器芯片都將采取這種全新設(shè)計(jì)。直接在硬件上寫入保護(hù)程序，能有效避免軟件補(bǔ)丁對(duì)性能的影響。

英特爾公司CEO布萊恩·科再奇對(duì)《財(cái)富》表示：“我們已經(jīng)攻克了第一層的軟件修正問題。我們已經(jīng)把五年內(nèi)生產(chǎn)的所有芯片的問題都解決了，現(xiàn)在我們正在部署硬件修正，它將直接嵌入在我們的芯片硬件上?！?

“幽靈”和“熔斷”漏洞的變體

過去幾十年間，包括英特爾在內(nèi)的幾乎所有芯片生產(chǎn)商都存在這兩個(gè)嚴(yán)重的安全漏洞，然而這個(gè)問題直到去年夏天才露出端倪。去年6月，谷歌的一支系統(tǒng)安全研究團(tuán)隊(duì)報(bào)稱，英特爾芯片的一個(gè)關(guān)鍵部分在設(shè)計(jì)上存在重大安全隱患。

現(xiàn)在的芯片通常擁有相當(dāng)程度的空閑處理能力，因此當(dāng)系統(tǒng)監(jiān)測(cè)到一個(gè)程序出現(xiàn)問題時(shí)，它可以根據(jù)當(dāng)前掌握的信息預(yù)測(cè)某個(gè)條件判斷的結(jié)果，然后選擇對(duì)應(yīng)的分支提前執(zhí)行。這種執(zhí)行方法又叫“預(yù)測(cè)執(zhí)行”，是一種能夠有效提升性能的策略。

然而谷歌的研究人員以及學(xué)術(shù)界的多支團(tuán)隊(duì)已經(jīng)發(fā)現(xiàn)了幾種利用預(yù)測(cè)執(zhí)行機(jī)制，欺騙芯片使其暴露密碼和加密密鑰等重要信息的方法。研究人員將該漏洞的兩種變體命名為“幽靈”（靈感來自與“007”作對(duì)的神秘組織“幽靈黨”），將第三種變體命名為“熔斷”，因?yàn)樗苡行蹟喟踩琳?。該漏洞?duì)于云服務(wù)器的威脅尤其嚴(yán)重，因?yàn)槎鄠€(gè)客戶的程序往往會(huì)在同一塊芯片上運(yùn)行。其次是網(wǎng)頁游覽器，因?yàn)樗赡軙?huì)在不知情的情況下執(zhí)行來自網(wǎng)站的代碼。

到去年的7月初，英特爾等芯片制造商已經(jīng)意識(shí)到這個(gè)問題的影響范疇之大，并組成了專門團(tuán)隊(duì)制定解決方案。辛格爾每天早上都會(huì)主持電話會(huì)議，有時(shí)會(huì)議一開就是兩個(gè)小時(shí)，以協(xié)調(diào)俄勒岡、加州、德州和以色列等地的技術(shù)部門拿出方案。來自幾個(gè)不同時(shí)區(qū)的員工同時(shí)撲在這個(gè)項(xiàng)目上，可以說他們是在24小時(shí)馬不停蹄地解決問題。

最終，英特爾的方案是先采取軟件修正，然后在以后的芯片設(shè)計(jì)中嵌入保護(hù)措施。軟件補(bǔ)丁的代價(jià)是對(duì)CPU的性能有影響，影響的程度則有輕有重，具體要看使用的是哪個(gè)型號(hào)的芯片，以及芯片上運(yùn)行的是什么程序。經(jīng)過在一臺(tái)搭載了Kaby Lake酪睿i7處理器的電腦上實(shí)測(cè)，大多數(shù)應(yīng)用程序的減速在10%以內(nèi)，在現(xiàn)實(shí)生活中的使用場(chǎng)景中幾乎不會(huì)被察覺。不過微軟公司也警告道，運(yùn)行Windows 7、Windows 8系統(tǒng)或搭載五年前生產(chǎn)的英特爾Haswell第四代處理器的電腦可能受影響較大。

英特爾的最新安全舉措

補(bǔ)丁風(fēng)波告一段落后，英特爾CEIO科再奇成立了一個(gè)名叫英特爾產(chǎn)品保障與安全部（IPAS）的新部門。該部門不僅致力于修復(fù)“幽靈”和“熔斷”漏洞，同時(shí)也致力于更有效地解決未來有可能出現(xiàn)的各種安全問題。IPAS的負(fù)責(zé)人是早在1979年便已加盟英特爾的老將萊斯利·卡伯特森。

“這是一個(gè)全新的研究領(lǐng)域，同時(shí)也是一個(gè)全新的安全知識(shí)領(lǐng)域，需要英特爾的長期投資?！笨ú厣硎荆琁PAS的重點(diǎn)是發(fā)現(xiàn)未來有可能出現(xiàn)的漏洞，同時(shí)也要考慮如何讓芯片總體上更加安全?！拔覀儗⒃谶@一領(lǐng)域持續(xù)進(jìn)步——這就是這支團(tuán)隊(duì)將要思考的事情。”

辛格爾表示：“我們知道，故事到這里還沒結(jié)束。對(duì)于我們中的很多人來說，這將是一場(chǎng)持久戰(zhàn)?！?

1月初關(guān)于“幽靈”和“熔斷”漏洞的消息首次泄露時(shí)，由于投資者擔(dān)心英特爾的芯片銷量被拖緩，英特爾的股價(jià)因此遭到了不小的打擊。不過最近有些分析師表示，隨著英特爾的新一代芯片將采取嵌入式保護(hù)程序，一些希望升級(jí)到更安全的硬件的企業(yè)或?qū)⒓娂姴少徯乱淮⑻貭栃酒?，從而刺激該公司的銷量更快增長。年初至今，英特爾的股價(jià)已經(jīng)上漲了12%，大幅超過了標(biāo)普500指數(shù)3%的漲幅。

科再奇對(duì)各種積極和消極的推測(cè)都不太在意，他表示：“一開始我們就說過，我們認(rèn)為它的影響是可以忽略的，哪怕是從積極的方面。分析師界應(yīng)該意識(shí)到，我們其實(shí)一直在做安全性和性能方面的改進(jìn)，并且不斷添加新功能以促進(jìn)更新周期?！保ㄘ?cái)富中文網(wǎng)）

（更新：本文3月15日有更新，澄清了英特爾的硬件修正對(duì)性能的影響是“重大”的。）

譯者：樸成奎

Ronak Singhal, a senior executive and 20-year veteran of chipmaker Intel, was trying to get to dinner at Helena, his favorite restaurant in Israel, a few weeks ago. But before he could join colleagues celebrating a promotion at the high-end eatery poised on the shores of the Mediterranean Sea south of Haifa, he had to explain to one of the company’s software partners what was going on with Intel’s patches for the notorious Spectre and Meltdown security problems.

The problem that night for Singhal, who oversees the development of the architecture for all of Intel’s processors, was that something was wrong with the patches. Among all the millions and millions of computers in use around the world running Intel CPUs, one of the patches for Spectre was causing some computers to freeze up or spontaneously reboot. Though only affecting a tiny proportion of the market, the problems were widespread enough to spook PC makers and prompt a temporary recall of the updated software. (And even stirred Linux creator Linus Torvalds to publicly proclaim Intel’s work was “pure garbage.”)

Relying on some techniques that Intel had never used previously in its software, “there were cases where the patches didn’t work as intended,” Singhal explained. It took more than an hour to assuage the contractor—Singhal’s co-workers started eating without him. “They thought I’d gotten lost or kidnapped or something,” he jokes recalling the incident. He did get to join the party and eat a dish of Helena’s famed calamari.

A few weeks later, Intel issued corrected patches and the fixes for one of the most serious security incidents in computing history have gone smoothly since then. On Thursday, Intel declared that it had fully deployed patches covering all of the chips it had made in the past five years.

Up next for Singhal are fixes that will be embedded directly in the silicon of upcoming products. The revamped chip designs will be ready for 8th generation Core processors released in the second half of the year and a line of Xeon server chips expected in the fourth quarter known by the code name “Cascade Lake.” Building the protections into the hardware eliminates a significant amount of the impact on performance seen with the software patches, Singhal says.

“We’ve made it through the first set of software mitigations,” Intel CEO Brian Krzanich tells Fortune. “We’ve got everything five years and newer completed and we’re now starting to implement hardware mitigations where it’s actually built into our silicon.”

Spectre and Meltdown Variants 1, 2, and 3

The whole mess that revealed such serious security vulnerabilities in nearly every chip made for the past few decades, by Intel and its competitors, started small last summer. Researchers at a special security vulnerability search team at Google reported to Intel’s security section in June that they’d uncovered a problem with a key part of CPU design.

Modern chips typically have so much idle processing power that it makes sense for programs to calculate several options to solve a problem even before earlier steps in the program have completed. Known as speculative execution, the performance enhancing strategy then throws out the answers that don’t match the results of the earlier steps.

But the Google researchers, followed by several teams in academia, had found ways to trick chips into revealing data like passwords and encryption keys as the secrets were used in the speculative execution calculations. The researchers dubbed two variants of the trick Spectre, after the fictitious evil organization that pursues James Bond, and a third variant was called Meltdown because it effectively melted security barriers. The danger was especially acute for cloud servers, where programs from multiple customers would be running on the same chip, and in web browsers, which can execute code from a web site unknowingly.

By early July, Intel and other chipmakers had realized the vast scope of the problem and convened groups to craft solutions. Singhal held a daily morning conference call, sometimes lasting for two hours, to coordinate Intel’s response across offices in Oregon, California, Texas, and Israel. With people in different time zones working on the problem, the effort could operate around the clock.

All along, the plan was to issue software fixes first and then build the protections into future chip designs. The software patches had a cost in reducing the performance of the affected CPUs. The hit varied widely depending on the type of Intel chip involved and the programs being run. One test on a PC with a Kaby Lake Core i7 processor found most apps slowed less than 10%, which would be barely noticeable in real life usage. But Microsoft warned that PCs running its older Windows 7 or 8 and Intel’s five-year-old Haswell processors would take a big hit.

Intel’s New Security Effort

As a result of the experience, Intel CEO Krzanich set up a new group, dubbed the IPAS or Intel Product Assurance and Security, to not only work on the Spectre and Meltdown fixes but to address future security problems more effectively. Longtime Intel executive Leslie Culbertson, who joined the company in 1979, heads the IPAS group.

“This was going to be a whole new area of research and a whole new area of security understanding that required a long-term investment by Intel,” Krzanich says. The focus will be on uncovering future vulnerabilities, but also thinking about how to make its chips more secure in general. “You’re going to see a constant progression–that’s what this team will be thinking about.”

“We know this isn’t the end of the story,” Singhal adds. “This is going to be an ongoing activity probably for many of us.”

When news of Spectre and Meltdown first leaked out in early January, Intel’s stock took a hit, as investors feared the security problems might slow chip sales. More recently, some analysts have argued that Intel’s new chips with built-in protection might spur more rapid sales from companies wanting to upgrade to safer hardware. Intel’s shares are up 12% so far this year, outpacing the 3% gain in the S&P 500 Index.

Krzanich is dismissive of both the positive and negative scenarios. “We’ve said since the beginning of this that we think the impact will be negligible, even on the positive side,” the CEO says. “The analyst community needs to realize that we’re constantly doing these kinds of improvements—improvements in security, improvements in performance, and adding new features to drive refresh cycles.”

(Update: This story was updated on March 15 to clarify that the impact on performance from Intel’s hardware fixes would be “a significant amount.”)