Just like their processors, Intel’s graphics cards are also affected by security mitigations that can significantly reduce performance. These measures, implemented through microcode updates to patch vulnerabilities, often come at the cost of processing power — and GPUs are no exception.
According to Phoronix, disabling these mitigations on Intel graphics cards could lead to performance gains of up to 20%, a remarkable improvement, though not without risks. Forgoing these protections means exposing the system to potential attacks that could compromise sensitive data or even allow remote control of the device.
Canonical, the company behind the Linux distribution Ubuntu, is already working on a possible solution. Its goal is to disable these mitigations at the kernel level within its operating system, aiming to maximize Intel GPU performance without resorting to unofficial methods. Intel, for its part, allows such changes directly at the kernel level, making these adjustments both safe and legitimate.
In fact, Intel publishes its OpenCL and Level Zero computing stacks on GitHub with these mitigations turned off by default, making it clear that any user is free to experiment with them. For Canonical, the move makes particular sense: the Ubuntu kernel already includes similar security mitigations to those implemented in Intel GPUs, so keeping both ends up being redundant — and results in a 20% performance hit.
It’s important to note that these mitigations vary depending on the architecture. This means that disabling them would affect both Intel’s dedicated Arc GPUs and its integrated graphics, potentially impacting thousands of users — particularly those using entry-level laptops with integrated GPUs (iGPUs). However, it remains unclear whether the Windows kernel includes the same type of mitigations, which could make running an unprotected Intel GPU on Windows a much riskier proposition.
Performance concerns are nothing new. Ever since the Spectre vulnerability was discovered, Intel has had to release a series of security updates for its CPUs, with each patch gradually reducing chip performance. In fact, just the mitigations against Spectre-v2 alone caused up to a 35% performance drop in some patched Intel processors.
These vulnerabilities typically target performance-critical components, such as branch predictors, so mitigating them often requires changes that inevitably impact overall efficiency. That said, Intel isn’t the only company affected: AMD processors have also seen similar impacts, although generally to a lesser extent, as their architecture tends to be less vulnerable to these types of exploits. There have been exceptions, such as the Inception vulnerability, which affected certain AMD Zen 3 chips.
The key difference, however, is that graphics cards do not run the operating system. This makes security measures on GPUs less critical in consumer markets, raising the question of whether it’s worth maintaining these mitigations when they come at the cost of such a significant performance loss.
