Do you remember when we told you that Intel was preparing Spectre mitigations for chips as old as 45-nm Core 2 Duo hardware? It turns out that's no longer happening. Intel just published another update to its Microcode Update Guidance document—a list of chips that have gotten, are getting, or will get Spectre-mitigating microcode updates. The new version lists Core 2 Duo processors among a number of models that are no longer slated to get updates.
Specifically, no Core 2 chips are getting Spectre mitigations. Intel also canceled updates for the Bloomfield, Clarksfield, Gulftown, and Jasper Forest families. Those chips are primarily higher-end processors from the original Core i-series that includes the entire Core i7-900 series as well as their Xeon relatives. Jasper Forest is a family of embedded Xeons from the same era, and Clarksfield chips are the high-end mobile Core chips from that period.
The rest of the first-generation Core stuff is protected, though. That covers the mainstream desktop and laptop chips from that period, such as Lynnfield, Clarkdale, and Arrandale. There doesn't seem to be much rhyme or reason to why Intel chose these specific delineations to decline updates given that the Core chips being left out in the cold are presumably quite similar to some of those that received updates.
Intel posted its reasoning for not releasing updates for chips in the "Stopped" status, but doesn't elaborate on which reasons apply to which CPUs. From the company's document:
• Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
• Limited commercially-available system software support
• Based on customer inputs, most of these products are implemented as "closed systems" and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
After this update, there are no more processors in the Planning, Pre-beta, or Beta stages. That would seem to imply that Intel is done producing Spectre mitigations. While the company's decision to stop updates for some of the announced CPUs is disappointing—there certainly are a lot of Core 2-family CPUs in use today—it's difficult to fault the company given that some of the CPUs that received updates are ten years old.
On the other hand, Intel finishing work on all of its microcode updates is only one piece of the puzzle in mitigating Spectre. End users are still at the mercy of OEMs to test and issue these new microcodes, and there's no telling if or when component vendors will get around to doing so for their older motherboards. TR Editor-in-Chief Jeff Kampman still can't get such an update for his Haswell system directly from the manufacturer, and Microsoft's own catalog of microcodes doesn't extend beyond Skylake parts at this point. It'll be interesting to see whether companies eventually step up to the plate or leave customers out in the cold.