Hello! I am using pc to visit web-sites. Using GNU/Linux is much safer than other OS. Yes, IceCat has wonderful LibreJS plugin that may defend me from vulnerabilities. I've found bash-script checker Meltdown & Spectre vulnerabilities https://github.com/shaman007/spectre-meltdown-checker <https://github.com/shaman007/spectre-meltdown-checker>
I am seeing this: # ./spectre-meltdown-checker.sh Spectre and Meltdown mitigation detection tool v0.37+ Checking for vulnerabilities on current system Kernel is Linux 4.19.1-gnu #1 SMP 1 x86_64 CPU is Intel(R) Pentium(R) CPU N3530 @ 2.16GHz We're missing some kernel info (see -v), accuracy might be reduced .. .. CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline) * Mitigation 1 * Kernel is compiled with IBRS support: YES * IBRS enabled and active: NO * Kernel is compiled with IBPB support: UNKNOWN (in offline mode, we need the kernel image to be able to tell) * IBPB enabled and active: NO * Mitigation 2 * Kernel has branch predictor hardening (arm): NO * Kernel compiled with retpoline option: UNKNOWN (couldn't read your kernel configuration) > STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the > vulnerability) > How to fix: To mitigate this vulnerability, you need either IBRS + IBPB, both > requiring hardware support from your CPU microcode in addition to kernel > support, or a kernel compiled with retpoline and IBPB CVE-2018-3640 [rogue system register read] aka 'Variant 3a' * CPU microcode mitigates the vulnerability: NO > STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this > vulnerability) # guix package -s readelf # Please, is what can I use instead of readelf for this script? Also, how to embed necessary microcode? Could you share your options in meltdown and spectre defense?
