On Thu, 11 Jan 2018, Frank Nord wrote: > I've problems applying this on my mac mini (Intel(R) Core(TM) 2 Duo CPU, > P7550 @ 2.6 GHz).
... > 3.20170707.1~deb9u1 from stretch. What's the recommended > microcode-version for this kernel? The one you have is currently fine. Intel has not published Spectre-related microcode mitigation for the Core 2 duo, at least not yet. Maybe they will update the Core2 duo, maybe they will not... It is a very old model, the microcode might not have enough control there to do it without disabling way way too much stuff (and thus incurring an absurd performance regression). When the microcode doesn't have the Spectre mitigation support for whatever reason (or you opt to not use it because it is too slow, etc), "retpoline" software mitigation should do the job just fine to protect against the currently known variants of spectre. However, retpoline support is not ready yet. It is being worked on the kernel upstream, and it requires compiler support, too... which is also being worked at gcc and clang upstream. We have a couple interesting weeks ahead of us, with lots of -security and stable updates to do :p -- Henrique Holschuh
