On Monday, January 15, 2018 at 2:15:34 AM UTC+1, Nik H wrote:
> Thanks, this is good info. I found instructions to update microcode in linux 
> - seems very simple. Xen instructions seem simple as well but where do I 
> enter this? In the Dom0 terminal? I am a bit unclear as to how Dom0 and Xen 
> interact.

Well, dom0 is a privileged domain and any administration of Xen should be done 
from it. So, dom0 terminal is probably a good start.

You will probably need to adjust Xen parameters. It depends if you have UEFI or 
legacy BIOS. You can see both variants (but you need to write something else 
than „iommu=no-igfx“) in this (otherwise unrelated) article: 
https://www.qubes-os.org/doc/intel-igfx-troubleshooting/

> I am guessing normal VMs do not have enough privileges to update microcode 
> (well... hopefully, otherwise compromised VMs could install malicious 
> microcode...)

I hope so. They are digitally signed (at least at Intel), but still…

> As a side-note, spectre does compromise the entire qubes architecture.

Not fully.

> Good that meltdown is not an issue, yes

As far as I understand, Meltdown _is_ an issue. It allows reading memory of 
whole system. It will be hopefully fixed soon.

Spectre is harder to exploit, but it will also take longer to fix it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2a3b048-0494-47d1-bc31-00802d57395d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to