One of the consequences of the Meltdown and Spectre vulnerabilities, besides the immediate security concerns, is what it has meant for our ongoing testing and benchmarking operations. Along with accounting for the immediate performance changes from the required patches, we've also needed to look at how we present data and how we can (or can't) compare new patched systems to older unpatched systems. From an editorial perspective we need to ensure the continuity of our data as well as providing meaningful benchmark collections.

What we've found so far is that the impact of the Meltdown and Spectre patches varies with the workload and the type of test. Nate's GPU testing shrugs it off almost entirely, while Billy's SSD testing especially feels the pinch. In the middle of course are consumer system reviews, where workloads are more varied but also much more realistic and often more relevant as well. Of course, this is also the type hardware that we most often have to return when we're done, making it the most challenging to correct.

As everyone at AnandTech has been integrating the patches and updating their datasets in their own way, I wanted to offer some insight into what's going on for system testing. With several important systems set to launch in the first half of this year – particularly Intel's Hades Canyon – I've been going back and collecting updated results for use in those future reviews. In the process, I also wanted to document how performance has been impacted by these security patches and which benchmarks in particular have been affected.

Evaluation Setup

The Intel Kaby Lake NUC (NUC7i7BNH) was used for all the benchmarks presented in this article. It was chosen for two reasons. Being a relatively new system that consumers can still purchase in the market, evaluating it presents data of particular relevance to readers. Intel was prompt in providing BIOS updates to resolve the Meltdown and Spectre issues compared to other OEMs whose systems I had in hand for evaluation. The NUC was configured with the following specifications:

Intel NUC7i7BNH (Unpatched) Specifications
Processor Intel Core i7-7567U
Kaby Lake-U, 2C/4T, 3.5 - 4.0 GHz, 14nm+, 4 MB L2, 28W TDP
Memory Crucial Ballistix Sport LT BLS16G4S240FSD.16FAD DDR4
15-15-15-35 @ 2133 MHz
2x16 GB
Graphics Intel Iris Plus Graphics 650
Disk Drive(s) ADATA SX8000NP
(128 GB; M.2 Type 2280 PCIe 3.0 x4 NVMe; Micron 32L 3D MLC)
Networking Intel Dual Band Wireless-AC 8260
(2x2 802.11ac - 866 Mbps)
1x Intel 10/100/1000 RJ-45 GbE
Audio 3.5mm Headphone Jack
Capable of 5.1/7.1 digital output with HD audio bitstreaming (HDMI)
Miscellaneous I/O Ports 4x USB 3.0 Type-A
1x Thunderbolt 3 USB-C
1x micro-SDXC
Operating System Retail unit is barebones, but we installed Windows 10 Enterprise x64
Pricing (Barebones) USD 445
Full Specifications Intel NUC7i7BNH Specifications

Three different patch configurations were benchmarked:

  • Completely unpatched
  • Only OS patches activated (Graph entry : Patch OS)
  • Completely patched with updates to both the OS and the CPU microcode (Graph entry : Patch OS + uCode)

While it will (eventually) be an uncommon configuration, right now a lot of systems are still only running OS patches without their associated microcode updates, as the latter is still being distributed. At the same time, because the microcode patches are primarily for Spectre – Meltdown fixes are implemented at an OS level – this allows us to see just how much of an impact the Spectre fixes have on top of the existing Meltdown fixes.

The completely unpatched system used Windows 10 version 16299.125 with BIOS v0054. As evident from the screenshot below, the system is susceptible to both Spectre and Meltdown.

The second configuration was processed with Windows 10 version 16299.309 with BIOS v0060. The screenshot below shows that the system is protected against Meltdown, but, not Spectre.

The final fully patched configuration was process with Windows 10 version 16299.214 and BIOS v0061. The current BIOS is v0062 (the one we used was available briefly before it was pulled to undergo additional QA for possible random restarts). This configuration shows full protection against both Meltdown and Spectre.

We used our standard test suite for low power desktops / industrial PCs in order to evaluate the impact of the patching on the performance of the system.

BAPCo and Futuremark Benchmarks
Comments Locked


View All Comments

  • boeush - Friday, March 23, 2018 - link

    Speculative execution uses up compute cycles and can cause excessive memory loads and cache thrashing - which amount to wasted power and in some cache-sensitive cases, possibly even a drop in performance - when the speculation is frequently-enough incorrect (i.e. when the actual branch taken doesn't match the CPU's guess.)

    I'd expect that disabling speculative execution under high load (e.g. benchmarking scenarios) should normally result in improved power efficiency (avoiding wasted computation and I/O) - but at the cost of raw compute performance. In less intense, more 'bursty' scenarios, where the CPU spends a lot of time in an idle state, the "hurry up and rest" dynamic might strongly reduce the overall power waste of speculative execution, as the CPU would spend less time in an active-but-stalled state while spending more time in a sleep state...
  • Cravenmor - Friday, March 23, 2018 - link

    The thing that caught my eye was the reduction in power from the patches. I wonder what to deduct from speculative function and whether it's inefficient.
  • Lord of the Bored - Saturday, March 24, 2018 - link

    Speculative execution does add somewhat to the power load. That's why Atom parts were in-order for a long time, and many ARM parts still are.
  • Cravenmor - Friday, March 23, 2018 - link

    willis936 beat to it by a nose
  • eva02langley - Friday, March 23, 2018 - link

    It is interesting nonetheless. The storage data is absolutely devastating. Can we make conclusions to the server world from Intel? I don't know since servers are still using hard drives. However, it might force companies to switch to Epyc or to upgrade to Canon Lake. It would be interesting.
  • boeush - Friday, March 23, 2018 - link

    The CPU used in these tests was a low-power 2-core - pretty weak to begin with. Knock some performance off the top, and you have detectable impact on I/O.

    Probably the impact would be much less severe with a more powerful CPU: where the test scenario would again 'flip' from CPU-bound to bus/storage device performance- limited.
  • Reflex - Friday, March 23, 2018 - link

    Also, servers are usually only using NVMe drives as cache, SAS is less likely to have significant impact.
  • Drazick - Friday, March 23, 2018 - link

    This is a great analysis.
    We'd be happy to have more like this (On various performance impacting situations).

    I'd be happy to have a guide how to prevent the patching for each OS (Windows, macOS, Linux) as the private user mostly has no reason to be afraid of those.

    Thank You!
  • ZolaIII - Friday, March 23, 2018 - link

    I found this comparation much more interesting.
    It's done on much more capable system which whose more hit in the first place & at least some benchmarks are representative in real usage workloads. Seams M$ again did a bad job & chubby Linus is still not satisfied with up to date results so future work still carries on.
  • Klimax - Sunday, March 25, 2018 - link

    Not really correct...

Log in

Don't have an account? Sign up now