On Tue, Jan 16, 2018 at 09:18:47AM -0800, Cy Schubert wrote: > Might we be jumping the gun with updated firmware in devcpu-data? > > https://www.reddit.com/r/sysadmin/comments/7qjnfx/vmware_pulled_spectre_patches_on_friday/
From what I understand, the new Intel microcode only makes sense if retpoline is used. On Skylake and above, retpoline by itself isn't 100% effective against Spectre. On those systems, retpoline requires the new Intel microcode update along with enabling the new IBRS feature that comes with it. Simply updating the microcode on Intel systems doesn't really do much on its own. Granted, I could have misread and be completely wrong. Please let me know if I am. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
