Is there any security difference between Intel and AMD desktop CPUs? If not, I would still like to hear why you would prefer one over the other.
In terms of speculative execution, I think the risk is similar.
I currently prefer Intel, because it’s possible to use Coreboot with current gen Intel. I would probably use AMD if it had the same option, but I don’t think it’s going to happen any time soon.
Not really, it is all about usage for me.
When i build a workstation PC i choose Intel and when i build a gaming PC i choose AMD.
Both AMD and Intel have faced security vulnerabilities in the past. Intel has had more high-profile vulnerabilities like Spectre and Meltdown, which affected a wide range of their processors. AMD has generally had fewer vulnerabilities, but they are not immune to security issues either
Also Intel has technologies like Intel Software Guard Extensions (SGX) and Intel Trusted Execution Technology (TXT). AMD has features like AMD Secure Technology and AMD Memory Guard.
That’s all I can say about differences, but I usually buy Intel out of habit.
Spectre affected Intel and AMD, as well as some ARM and POWER processors.
I understand that it was primarily aimed at Intel, but a quick Brave search confirmed that some AMD processors were also found to be vulnerable to Spectre.
Thanks for the clarification!
With the Ryzen slowly overtaking Intel, I think we can expect to see AMD specific vulnerability that may apply to Intel as well.
It shouldn’t be significantly different in the end.
Yeah, I’d agree that Intel having more discovered vulnerabilities is probably incidental, like how Windows has by far the most vulnerabilities of any OS ever (and is also like, 80% market share lol).
The simple reality is that security just isn’t a priority for Intel nor AMD. Security has never sold a chip, speed number go up sells chips.
While not a priority, it certainly is still important to Intel. x86_64 CPUs support microcode updates, and Intel and AMD regularly ship microcode updates on Windows and Linux which mitigate some exploits :
$ lscpu | grep Microcode
Vulnerability Gather data sampling: Mitigation; Microcode
Vulnerability Srbds: Mitigation; Microcode
Sure, in the same way things like warranties are “important” to companies. Of course they have to do the bare minimum, you can’t make the customers too angry.
Intel vPro and AMD PRO are both dedicated lineups of their respective CPU brands with a focus on security. Security does sell CPUs for them, and therefore there is an interest from their side to maintain proper security.
One could say that it is not targeted at consumers but some laptop manufacturers will sell laptops with these CPUs to individuals too.
I was choosing between 7800X3D and 13600K/14600K and decided to go with Intel.
Both Intel options support Total Memory Encryption and the 7800X3D doesn’t.
Intel Boot Guard is far more available and saner than AMD Platform Secure Boot.
13600K/14600K are also more balanced between gaming and productivity, etc., while 7800X3D is better suited for gaming.
Quick question, isn’t SGX gone since 11th gen?
Yeah, it seems to be deprecated since 12th gen.
Ok, got it. Yeah, I saw it mentioned a couple of times in different threads and wasn’t following why this is coming to the surface since is something that is deprecated. I don’t even know if Intel ME still relevant in Intel discussions to be honest.
re Linux: Intel does not provide all microcode and AMD no longer provides microcode for consumer systems
please see my real-ucode project which worksaround this
TSME works just fine on my 7950X (ie. non Ryzen Pro) system.
You can even verify it through the PSP with fwupd security
It’s not deprecated in the only place it is ever actually used (Xeon processors in the cloud). SGX has never had a valid use-case on client computers anyways, so it’s good to shed that weight in the Core series.
Consider buying multiple devices: One really locked down, low power Intel for serious work and a permissive and performant one from AMD for fun and play.