Intel this week has published an update to their ongoing microcode guidance document. In the roughly 3 weeks since the last update, the company is offering some unexpectedly mixed news: some additional microcode updates have been finished and released to production, but the company is also aborting their previous plans for issuing updates for some early-generation Core processors.

Last month we reported on the state of Intel’s efforts to issue microcode updates for processors to mitigate the Spectre v2 vulnerability. As of mid-March Intel had finished developing microcode updates for architectures going back to 2nd generation Core (Sandy Bridge), and was in the middle of planning or pre-beta development of updates for processors going back to the Core 2 era. Instead, with this latest guidance, Intel is essentially putting an end to their microcode program, coming to a halt with microcode updates for about half of their 1st generation Core lineup. The end result is that no Core 2 CPUs will be receiving updates, and only some 1st gen Cores will.

Intel’s chip/architecture stack for these earlier generations is somewhat confusing due to a multitude of codenames, which doesn’t help matters here, but here’s the general breakdown of what processor families have been excised from Intel’s support plans.

Intel's Spectre v2 Microcode Updates Microarchitecture Core Generation Product Lines Status Penryn 45nm Core 2 Core 2 Cancelled Nehalem 1st (45nm Core) Core i7-900 Cancelled Core i7-800 Released Core i5-700 Mobile Core i7-900/800/700 Cancelled Westmere 1st (32nm Core) Core i7-900 Cancelled Core i5-600 Released Core i3-500 Mobile Core i7-600 Mobile Core i5-500/400 Mobile Core i3-300 Sandy Bridge 2nd Core 2000 Released

In short, no Core 2 processors will be receiving a microcode update. Updates for Penryn and all derivative processors have been cancelled.

As for the 1st generation Core family, what did and didn’t get updated is an odd mix. Ignoring the Xeon side of the equation, Intel has essentially opted to deliver updates for most of their mainstream 1st gen Core processors, but not updates for their high-end models. So the desktop Core 900 series is out, for example, while the Core 800 and below is in. Meanwhile on the mobile side of matters, the Core 900M, 800M, and 700M processors have been excluded, but the Core 600M and below are included.

Overall there isn’t an apparent rhyme or reason from an architectural standpoint for the split. The patched processors include both the newer 32nm models and older 45nm models, but it’s not a complete set from either the tick or the tock side. Which, if nothing else, makes it difficult to make blanket statements about patches for the 1st generation Core processors.

The good news here is that for those 1st gen Core processors that are going to be covered with those microcode updates, Intel has completed them and delivered them to production. So the usual disclaimers about distribution aside – and I’ll be surprised if virtually all of these updates in the consumer space don’t eventually have to be distributed by OS vendors – the necessary microcode updates are available. In fact with this latest release, Intel has now completed their microcode update plans according to their roadmap; there are no additional processor families slated to get the Spectre v2 mitigations.

As for Intel’s rationale for the change in plans, the microcode guidance update document includes a new production status, “stopped,” which covers the cancelled processor families. Under which, Intel states:

After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following: Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)

Limited Commercially Available System Software support

Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.

Presumably the checkerboard nature of the 1st gen Core updates falls to business reasons. Though it would be interesting to hear what micro-architectural characteristics are presumably preventing deploying patches on Intel’s 45nm Core 2 processors.

Overall this is an unsatisfying (but not upsetting) end to Intel’s microcode update program. After a rough start, Intel has essentially updated 8 years’ worth of processors, an important distinction since it means they’ve covered the Sandy Bridge generation and beyond, which remain in service and reasonably popular to this day (ed: not that I’d know anything about that). And while it was always clear that Intel wouldn’t continue going backwards forever, stopping halfway through the 1st gen Core family after previously scheduling it for support ends things on a disjointed note. Meanwhile for Core 2 owners, the bell is finally tolling, it seems. The processor family that reinvigorated Intel after the Pentium 4 era is finally being left behind.

Update: Intel sent over the following statement this afternoon in response to all of the articles today about the change in microcode update plans.