Actually, I was digging around a bit and found my improved version that offers 
more granular view of the kernel flags, because in some cases I found they were 
not all moving in lock-step.  In any case, be sure to check in 
/sys/kernel/debug/x86/ to verify all of these flags are present.  If your 
kernel doesn't have the patch, they won't be there.





#!/bin/bash

if [ $# -lt 1 ] ; then
        printf "\n"
        printf "Spectre/Meltdown enable/disable tool\n"
        printf "\n"
        printf "usage:\n"
        printf "\n"
        printf "    spectre_meltdown  protect|unprotect|status|verbose_status\n"
        printf "\n"
        printf "\n"
        printf "\n"
        printf "\n"
        exit 1
fi

ARG=$1

if [ $ARG == "protect" ] ; then
        echo Protecting...
        echo 1 > /sys/kernel/debug/x86/pti_enabled
    echo 1 > /sys/kernel/debug/x86/ibpb_enabled
    echo 1 > /sys/kernel/debug/x86/ibrs_enabled
        exit 0
fi

if [ $ARG == "unprotect" ] ; then
        echo Unprotecting...
        echo 0 > /sys/kernel/debug/x86/pti_enabled
    echo 0 > /sys/kernel/debug/x86/ibpb_enabled
    echo 0 > /sys/kernel/debug/x86/ibrs_enabled
        exit 0
fi

if [ $ARG == "status" ] ; then
        PTI=`cat /sys/kernel/debug/x86/pti_enabled 2>/dev/null`
        IBPB=`cat /sys/kernel/debug/x86/ibpb_enabled 2>/dev/null`
        IBRS=`cat /sys/kernel/debug/x86/ibrs_enabled 2>/dev/null`

        STATUS="unprotected"

        if [[ ( "$PTI" == "1" ) && ( "$IBPB" == "1" ) && ( "$IBRS" == "1" ) ]] 
; then
                STATUS="protected"
        fi

        printf "%s\n"  "$STATUS"
        exit 0
fi

if [ $ARG == "verbose_status" ] ; then
        PTI=`cat /sys/kernel/debug/x86/pti_enabled 2>/dev/null`
        IBPB=`cat /sys/kernel/debug/x86/ibpb_enabled 2>/dev/null`
        IBRS=`cat /sys/kernel/debug/x86/ibrs_enabled 2>/dev/null`

        PTI_TXT="unprotected";
        IBPB_TXT="unprotected";
        IBRS_TXT="unprotected";
        if [[ ( "$PTI" == "1" ) ]] ; then
                PTI_TXT="protected";
        fi
        if [[ ( "$IBPB" == "1" ) ]] ; then
                IBPB_TXT="protected";
        fi
        if [[ ( "$IBRS" == "1" ) ]] ; then
                IBRS_TXT="protected";
        fi

        printf "%6s enabled:  %s  --> %s\n"  "pti"   "$PTI"   "$PTI_TXT"
        printf "%6s enabled:  %s  --> %s\n"  "ibpb"  "$IBPB"  "$IBPB_TXT"
        printf "%6s enabled:  %s  --> %s\n"  "ibrs"  "$IBRS"  "$IBRS_TXT"

        exit 0
fi




echo Invalid argument.
exit 1




  Michael Stumpf
  Storage, Embedded Management
  Dell EMC | PowerEdge Portfolio Sys Engr

From: Stumpf, Michael
Sent: Monday, April 09, 2018 3:37 PM
To: 'Nigel Williams' <nigel.willi...@utas.edu.au>; poweredgec-tools 
<poweredgec-to...@lists.us.dell.com>
Subject: RE: any further BIOS updates for C6145?

good question, I started poking around about this.  I know I read that AMD may 
not have been affected as much (or at all).  Have you tried applying the OS 
patches & checking?  I haven't spent a lot of time at this save one quick 
benchmark, but I did toss together quickly this bash tool to report "protected 
or not", and used RHEL 7.4.



#!/bin/bash

if [ $# -lt 1 ] ; then
        printf "\n"
        printf "Spectre/Meltdown enable/disable tool\n"
        printf "\n"
        printf "usage:\n"
        printf "\n"
        printf "    spectre_meltdown  protect|unprotect|status\n"
        printf "\n"
        printf "\n"
        printf "\n"
        printf "\n"
        exit 1
fi

ARG=$1

if [ $ARG == "protect" ] ; then
        echo Protecting...
        echo 1 > /sys/kernel/debug/x86/pti_enabled
    echo 1 > /sys/kernel/debug/x86/ibpb_enabled
    echo 1 > /sys/kernel/debug/x86/ibrs_enabled
        exit 0
fi

if [ $ARG == "unprotect" ] ; then
        echo Unprotecting...
        echo 0 > /sys/kernel/debug/x86/pti_enabled
    echo 0 > /sys/kernel/debug/x86/ibpb_enabled
    echo 0 > /sys/kernel/debug/x86/ibrs_enabled
        exit 0
fi

if [ $ARG == "status" ] ; then
        PTI=`cat /sys/kernel/debug/x86/pti_enabled 2>/dev/null`
        IBPB=`cat /sys/kernel/debug/x86/ibpb_enabled 2>/dev/null`
        IBRS=`cat /sys/kernel/debug/x86/ibrs_enabled 2>/dev/null`

        STATUS="unprotected"

        if [[ ( "$PTI" == "1" ) && ( "$IBPB" == "1" ) && ( "$IBRS" == "1" ) ]] 
; then
                STATUS="protected"
        fi

        printf "%s\n"  "$STATUS"
        exit 0
fi




echo Invalid argument.
exit 1





  Michael Stumpf
  Storage, Embedded Management
  Dell EMC | PowerEdge Portfolio Sys Engr

From: poweredgec-tools-bounces On Behalf Of Nigel Williams
Sent: Sunday, April 08, 2018 10:27 PM
To: poweredgec-tools 
<poweredgec-to...@lists.us.dell.com<mailto:poweredgec-to...@lists.us.dell.com>>
Subject: [Poweredgec-tools] any further BIOS updates for C6145?


Since the question came up on an internal chat (about updates for 
Spectre/Meltdown/etc) will the C6145 see any more firmware updates?



thanks.



University of Tasmania Electronic Communications Policy (December, 2014).
This email is confidential, and is for the intended recipient only. Access, 
disclosure, copying, distribution, or reliance on any of it by anyone outside 
the intended recipient organisation is prohibited and may be a criminal 
offence. Please delete if obtained in error and email confirmation to the 
sender. The views expressed in this email are not necessarily the views of the 
University of Tasmania, unless clearly intended otherwise.
_______________________________________________
Poweredgec-tools mailing list
Poweredgec-tools@dell.com
https://lists.us.dell.com/mailman/listinfo/poweredgec-tools

Reply via email to