On 01/18/2018 04:04 PM, cooloutac wrote:
SO it doesn't look like 4th or 5th generation boards are going to get a bios patch. IS the bios patch nescessary?
Meltdown can be patched on Kernel and/or Hypervisor level with a performance loss by doing in the Kernel what should be done by the CPU. It also seems that Qubes 4 isn't affected in certain virtualisation modes, see the QSB & XSA.
It might be possible to patch Spectre 1 & 2 in limited ways as well, but there are only ideas out yet, see https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/
So the Microcode patches would be the proper way to do it and even there it seems to be hard if I recall the Spectre paper correctly, but the Open Source community attempts to implement (partial) mitigations anyway.
Or Should we just assume our desktop pc's are about as secure as android phones now? Are they no good after a year or two? I joke that real security costs alot of money because when firmware gets compromised nothing you can do but replace the pc. But if you have to buy a new mobo and pc every year or two to stay up to date that is a sad future for most people.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd2a791d-4519-c05f-3119-e50f917f180c%40hackingthe.net. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
