On Monday, January 15, 2018 at 2:15:34 AM UTC+1, Nik H wrote: > Thanks, this is good info. I found instructions to update microcode in linux > - seems very simple. Xen instructions seem simple as well but where do I > enter this? In the Dom0 terminal? I am a bit unclear as to how Dom0 and Xen > interact.
Well, dom0 is a privileged domain and any administration of Xen should be done from it. So, dom0 terminal is probably a good start. You will probably need to adjust Xen parameters. It depends if you have UEFI or legacy BIOS. You can see both variants (but you need to write something else than „iommu=no-igfx“) in this (otherwise unrelated) article: https://www.qubes-os.org/doc/intel-igfx-troubleshooting/ > I am guessing normal VMs do not have enough privileges to update microcode > (well... hopefully, otherwise compromised VMs could install malicious > microcode...) I hope so. They are digitally signed (at least at Intel), but still… > As a side-note, spectre does compromise the entire qubes architecture. Not fully. > Good that meltdown is not an issue, yes As far as I understand, Meltdown _is_ an issue. It allows reading memory of whole system. It will be hopefully fixed soon. Spectre is harder to exploit, but it will also take longer to fix it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2a3b048-0494-47d1-bc31-00802d57395d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.