AFAIK it's not only fam15 that is vulnerable. If you're going to ask, could you ask about updates for other CPU's than Ryzen in general? I also have fam14 and fam16 boards.
On 18-02-19 12:00:01, [email protected] wrote:
Send coreboot mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://mail.coreboot.org/mailman/listinfo/coreboot or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of coreboot digest..." Today's Topics: 1. Re: When does AMD release the fam15 spectre microcode updates? (Mike Banon) 2. Re: When does AMD release the fam15 spectre microcode updates? (Rudolf Marek) ---------------------------------------------------------------------- Message: 1 Date: Sun, 18 Feb 2018 14:48:05 +0300 From: Mike Banon <[email protected]> To: "[email protected]" <[email protected]>, [email protected] Subject: Re: [coreboot] When does AMD release the fam15 spectre microcode updates? Message-ID: <cak7947kcpwzwt0mpc6uttvk-z8suy-cl-0e0x5gz8rdj41c...@mail.gmail.com> Content-Type: text/plain; charset="UTF-8" Maybe its' a good idea to write to AMD support regarding this question - please share a reply if you would get an answer. I'm curious about other fam15 CPUs as well, e.g. A10-5750M microcode update would be nice, maybe a request could be more general, e.g. : what is the estimated release date for the microcode updates for fam15 AMD CPUs (so a request is not about "opterons only") On Sun, Feb 18, 2018 at 2:47 PM, Mike Banon <[email protected]> wrote:Maybe its' a good idea to write to AMD support regarding this question - please share a reply if you would get an answer. I'm curious about other fam15 CPUs as well, e.g. A10-5750M microcode update would be nice, maybe a request could be more general, e.g. : what is the estimated release date for the microcode updates for fam15 AMD CPUs (so a request is not about "opterons only") On Sun, Feb 18, 2018 at 4:30 AM, [email protected] <[email protected]> wrote:They said they would be releasing opteron microcode updates in a few weeks but it has been over a month and I am wondering when this is going to happen or if it already has and I should re-compile coreboot? https://www.amd.com/en/corporate/speculative-execution "We expect to make updates available for our previous generation products over the coming weeks." Thanks! -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot------------------------------ Message: 2 Date: Sun, 18 Feb 2018 13:03:07 +0100 From: Rudolf Marek <[email protected]> To: Mike Banon <[email protected]>, "[email protected]" <[email protected]>, [email protected] Subject: Re: [coreboot] When does AMD release the fam15 spectre microcode updates? Message-ID: <[email protected]> Content-Type: text/plain; charset=iso-8859-2 Hi, What do you want to protect? If you want to protect the kernel, retpolines are OK on AMD. And you don't need any microcode update. Your CPU needs to have SMEP, otherwise you would need to clear RSB on CPL change (the paper on mentined page says that you need to do that always, but at least on Ryzen, the attack using RSB is not working (we tried that out, maybe it works only on some circumstances). If you want to protect userspace, the RSB will be clear by IBPB (which you would need if you don't have userspace compiled with retpolines). I don't know if intel clears RSB on IBPB... probably not To sum it up on AMD: kernel: retpolines, RSB clear on CPL change on CPU without SMEP (see above) userspace: retpolines, RSB clear on context switch necessary or IBPB (needs microcode update). Plus make sure you enable "LFENCE is dispatch serializing" - perhaps coreboot can do that :) it is simple MSR write on fam 10h 12h+ the fam 11h and 0fh dont have this MSR but LFENCE is dispatch serilizing. Besides that, you don't need any microcode update. Plus of course there is a spectre variant 1, which is more difficult to mitigate, basically you need to check all the software and look for any pattern like array_x[array_z[untrusted_index] * any transformation]. The first access would leak just address (ASLR defated), second will leak data. The variant 1 works on user/user attack and as well as user/kernel. As far I know there are no automated tools to check for this. Thanks Rudolf Dne 18.2.2018 v 12:48 Mike Banon napsal(a):Maybe its' a good idea to write to AMD support regarding this question - please share a reply if you would get an answer. I'm curious about other fam15 CPUs as well, e.g. A10-5750M microcode update would be nice, maybe a request could be more general, e.g. : what is the estimated release date for the microcode updates for fam15 AMD CPUs (so a request is not about "opterons only") On Sun, Feb 18, 2018 at 2:47 PM, Mike Banon <[email protected]> wrote:Maybe its' a good idea to write to AMD support regarding this question - please share a reply if you would get an answer. I'm curious about other fam15 CPUs as well, e.g. A10-5750M microcode update would be nice, maybe a request could be more general, e.g. : what is the estimated release date for the microcode updates for fam15 AMD CPUs (so a request is not about "opterons only") On Sun, Feb 18, 2018 at 4:30 AM, [email protected] <[email protected]> wrote:They said they would be releasing opteron microcode updates in a few weeks but it has been over a month and I am wondering when this is going to happen or if it already has and I should re-compile coreboot? https://www.amd.com/en/corporate/speculative-execution "We expect to make updates available for our previous generation products over the coming weeks." Thanks! -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot------------------------------ Subject: Digest Footer _______________________________________________ coreboot mailing list [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot ------------------------------ End of coreboot Digest, Vol 156, Issue 21 ***************************************** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
signature.asc
Description: PGP signature
-- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
