more importantly !! why dsu does not find this new BIOS
versions - @dell guys?
On 26/04/18 21:55, Matt Vander Werf wrote:
Hello,
I noticed that Dell released BIOS updates for R815 systems
to address the Spectre vulnerability (variant #2,
CVE-2017-5715) at [1]. The new version is 3.4.0 and the
previous latest version is 3.2.2. We have quite a few R815
systems running AMD Opteron processors, mostly Opteron
6378, but some 6200 series too. AMD says it released
updates to OEMs going as far back as the first "Bulldozer"
Opteron processors released in 2011 [2], so I'd expect
this BIOS update to address Spectre for all our R815
systems...
However, when I apply the new BIOS update to one of these
R815 systems running Operton 6378 processors and reboot
the system, the machine still shows up as being vulnerable
[3].
Checking the CPU flags, I don't see any flags that
indicate protection against Spectre, like ibpb, ibrs, or
spec_ctl [4]. The only new CPU flag that shows up with the
BIOS update is the vmmcall flag, which is unrelated to the
Spectre vulnerability. The CPU microcode didn't change
either from 0x600084f. The machine shows it is running the
new BIOS version [5] but it doesn't appear to be doing
anything to address Spectre, even though the R815 BIOS
firmware page says it does... Here's [6] some more info
about the Opteron 6378 processor in one of our R815
systems. They are all running RHEL 7.
Are others seeing the same thing?
@Dell: Did this BIOS update only address Spectre for
certain Opteron processors and not all possible R815
Opteron processors?? If so, could it be indicated on the
firmware page what processors it fixes? Can we get updates
for Opteron 6378 please?
Thank you.
[1]
http://www.dell.com/support/home/us/en/04/drivers/driversdetails?driverId=PDFYH
http://www.dell.com/support/article/us/en/04/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en#bios
[2]
https://www.amd.com/en/corporate/security-updates
[3]
[root@host ~]# grep .
/sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation:
Load fences
*/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable:
Retpoline without IBPB*
[4]
[root@host ~]# lscpu | grep "Flags"
Flags: fpu vme de pse tsc msr pae mce cx8
apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse
sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm
constant_tsc art rep_good nopl nonstop_tsc extd_apicid
amd_dcm aperfmperf pni pclmulqdq monitor ssse3 fma cx16
sse4_1 sse4_2 popcnt aes xsave avx f16c lahf_lm cmp_legacy
svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch
osvw ibs xop skinit wdt lwp fma4 tce nodeid_msr tbm
topoext perfctr_core perfctr_nb cpb hw_pstate
retpoline_amd vmmcall bmi1 arat npt lbrv svm_lock
nrip_save tsc_scale vmcb_clean flushbyasid decodeassists
pausefilter pfthreshold
[5]
[root@host~]# dmidecode -t 0 | grep "BIOS Revision"
BIOS Revision: 3.4
[6]
vendor_id : AuthenticAMD
cpu family : 21
model : 2
model name : AMD Opteron(tm) Processor 6378
stepping : 0
microcode : 0x600084f
--
Matt Vander Werf
HPC System Administrator
University of Notre Dame
Center for Research Computing - Union Station
_______________________________________________
Linux-PowerEdge mailing list
[email protected]
https://lists.us.dell.com/mailman/listinfo/linux-poweredge
_______________________________________________
Linux-PowerEdge mailing list
[email protected]
https://lists.us.dell.com/mailman/listinfo/linux-poweredge
