On Tue, Jun 05, 2018 at 05:27:18PM +0100, Ken Moffat wrote:
>
> I then found a link to intel:
> https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
> which makes me guess that the current microcode update is for
> CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as
> Variant 3a.
>
Wrong!
For some reason, not yet understood, the firmware initrd I used for
the latest build on my haswell was apparently not up to date. Looks
as if what I put in the book for the example was similarly out of
date. I need to try to understand how that happened, before I
update that page.
When I looked to see if my SandyBridge has new microcode, that one
still had the previous late-load code in /lib/firmware, and it
matched the latest. So I extracted older and newer in different
directories and discovered that both had a releasenote (in the top
level). Diffing those, and then comparing the ucode md5sums, showed
two changes to microcode:
· 06-4f-01 (Xeon E5/E7, i7 Broadwell X, etc) has been removed - in
the releasenote it is labelled as "replaced by special release with
caveats", but obviously that is not in the current tarball
· 06-7a-01 changed (i.e. newer) - this is for Gemini Lake Pentium
and Celeron.
So, nothing for RSRE, nor for Speculative Store Bypass.
ĸen
--
Keyboard not found, Press F1 to continue
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
