On 03/14/18 05:29, FreeBSD Security Advisories wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-18:03.speculative_execution Security Advisory
...
Hello.
After upgrading two machines (one with an AMD Phenom II X4 925, the
other with a Pentium 987), I'd like to get just a couple of confirmations...
# sysctl vm.pmap.pti
vm.pmap.pti: 1
Of course I find this enabled on the Intel box and not on the AMD one,
but... is PTI in any way affected by a microcode update from Intel?
The patch includes the IBRS mitigation for Spectre V2. To use the mitigation
the system must have an updated microcode; with older microcode a patched
kernel will function without the mitigation.
IBRS can be disabled via the hw.ibrs_disable sysctl (and tunable), and the
status can be checked via the hw.ibrs_active sysctl. IBRS may be enabled or
disabled at runtime. Additional detail on microcode updates will follow.
None of the two box seems to have this enabled; on both I see:
# sysctl -a|grep ibrs
hw.ibrs_disable: 1
hw.ibrs_active: 0
Does this mean both machine don't have a good enough microcode or is
just IBRS not enabled by default?
In the first case, I tried finding some information on what microcode is
available for what CPU (I'm interested in several other ones, not only
these two), but failed. Has anyone a pointer?
Last question: am I right that devcpu-data is nowaday useless (read no
microcode update anyway) unless this update to base is also installed?
bye & Thanks
av.
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
