Zen 5 processors do not lose performance when neutralizing architectural vulnerabilities

AMD’s Zen 5 architecture has set new standards in the processor world by combining enhanced performance and security. Tests of the Ryzen 9 9950X show that built-in Inception protection not only eliminates the need for resource-intensive software patches, but also maintains its performance when other security measures are enabled.

Image Source: AMD

Zen 5 has proven to be an architecture that is completely immune to the Inception vulnerability without the need for patches at the microcode, operating system or application level. To evaluate the real impact of various security measures on performance, Phoronix resource experts tested the Ryzen 9 9950X processor based on Zen 5 in a Linux environment. The methodology included a series of tests that alternately enabled and disabled all available software protection tools, which allowed us to create a complete picture of performance in various security scenarios.

Phoronix research has shown that Zen 5 has built-in hardware protection against the Inception vulnerability, a speculative side-channel attack discovered in 2023. This vulnerability, affecting processors based on the Zen 3 and Zen 4 architectures, allowed attackers to use speculative execution mechanisms to extract sensitive information from system memory. The potential leakage of privileged data posed a serious security risk, making the development of effective security a critical issue for AMD.

Unlike their predecessors, Zen 5 processors do not require resource-intensive software patches to counteract this vulnerability. The difference is especially noticeable when compared to Zen 3: enabling software Inception protections on this architecture could result in a significant performance hit of up to 54% on certain workloads.

Comparative performance analysis of AMD Zen 5 processors with security measures enabled and disabled (image source: Phoronix, Tom’s Hardware)

Paradoxically, the architectures of previous generations of AMD – Zen 1, Zen+ and Zen 2 – turned out to be immune to Inception. This remarkable fact is explained by the implementation features of the branch prediction block in these architectures. Their relative “simplicity” unexpectedly turned out to be an advantage, showing that sometimes less aggressive optimization methods can be more resistant to certain types of attacks.

Despite the introduction of hardware-based Inception protection, Zen 5 processors still rely on software measures to combat other vulnerabilities, including the infamous Specter V1. However, the test results are striking: activating these measures has virtually no impact on the performance of Zen 5. This unexpected finding contradicts the popular belief that any additional security measures will inevitably reduce processor performance.