Dear Matt,
On 04/26/18 22:55, Matt Vander Werf wrote:
I noticed that Dell released BIOS updates for R815 systems to address the Spectre vulnerability (variant #2, CVE-2017-5715) at [1]. The new version is 3.4.0 and the previous latest version is 3.2.2. We have quite a few R815 systems running AMD Opteron processors, mostly Opteron 6378, but some 6200 series too. AMD says it released updates to OEMs going as far back as the first "Bulldozer" Opteron processors released in 2011 [2], so I'd expect this BIOS update to address Spectre for all our R815 systems... However, when I apply the new BIOS update to one of these R815 systems running Operton 6378 processors and reboot the system, the machine still shows up as being vulnerable [3]. Checking the CPU flags, I don't see any flags that indicate protection against Spectre, like ibpb, ibrs, or spec_ctl [4]. The only new CPU flag that shows up with the BIOS update is the vmmcall flag, which is unrelated to the Spectre vulnerability. The CPU microcode didn't change either from 0x600084f. The machine shows it is running the new BIOS version [5] but it doesn't appear to be doing anything to address Spectre, even though the R815 BIOS firmware page says it does... Here's [6] some more info about the Opteron 6378 processor in one of our R815 systems. They are all running RHEL 7. Are others seeing the same thing? @Dell: Did this BIOS update only address Spectre for certain Opteron processors and not all possible R815 Opteron processors?? If so, could it be indicated on the firmware page what processors it fixes? Can we get updates for Opteron 6378 please?
Thank you for telling the list, so people do not have to run through the upgrade nightmare in vain.
Just to be sure, you did not test on 6200 yet, right?We can only test with Opteron 6174 next week, but I suggest to open a call with Dell.
Kind regards, PaulPS: AMD should really get these updates into linux-firmware, so that they can at least be applied from within Linux, until the vendors get finally their act together and, like in this case, do not publish the update later than announced and not screw up the updates. Also one more point for free firmware like coreboot, so people could do the update themselves. When will Dell learn?
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
