On 26.04.2018 11:44, diffusae via coreboot wrote:
Do you think, that integrate the microcode updates into the coreboot
image should be enough? To be safe in case of CVE-2017-5715?
No, AFAIK, these updates do nothing on its own. They only add control
capabilities that your OS has to use (or be
In the meantime I've decided to go in the following direction:
1. install intel microcode onto my ubuntu box
the result is:
x220$ $ dmesg | grep microcode
[0.00] microcode: microcode updated early to revision 0x2d,
date = 2018-02-07
[0.881361] microcode: sig=0x206a7,
Thank You
On Thu, Apr 26, 2018 at 5:09 PM, Matt DeVillier
wrote:
> On Thu, Apr 26, 2018 at 10:05 AM diffusae via coreboot <
> coreboot@coreboot.org> wrote:
>
>>
>> Don't know, if gbe.bin or ifd.bin is vulnerable.
>>
>
> they are configuration "blobs" not binary blobs,
On Thu, Apr 26, 2018 at 10:05 AM diffusae via coreboot <
coreboot@coreboot.org> wrote:
>
> Don't know, if gbe.bin or ifd.bin is vulnerable.
>
they are configuration "blobs" not binary blobs, no executable code
--
coreboot mailing list: coreboot@coreboot.org
Hello!
On 24.04.2018 21:27, Mat wrote:
> That's why I (believe I) need the blobs from the newest update. Is the
> reasoning correct, or I could do it more wise?
AFAIK: You only really need the microcode update from Intel.
Don't know, if gbe.bin or ifd.bin is vulnerable.
If you apply the
Hi!
On 24.04.2018 21:27, Mat wrote:
> I'd like to have system updated against spectre, and other possible
> vulnerabilities as much as possible.
With the retpoline option in the Linux kernel, it should be usually safe
(see attachment).
"IBPB is considered as a good addition to retpoline for
Hi Nico,
On 24.04.2018 19:38, Nico Huber wrote:
> not sure what you are looking for, but I guess this is what you need,
> because
I only was testing the image with the different extracting tools.
>> Error: Unable to detect BIOS Image type.
I guess, if you flash the vendor bios and then reread
> not sure what you are looking for, but I guess this is what you need,
> (microcode updates are publicly available and gfx init is
> open source)
I'd like to have system updated against spectre, and other possible
vulnerabilities as much as possible.
If lenovo (or any other vendor) releases
Hello Reiner,
On 24.04.2018 18:43, diffusae via coreboot wrote:
> ./ifdtool -x ~/8DET74WW/bios.bin
> File /8DET74WW/bios.bin is 8523776 bytes
> No Flash Descriptor found in this image
not sure what you are looking for, but I guess this is what you need,
because
>
> ./bios_extract
Hi!
On 24.04.2018 16:50, Peter Stuge wrote:
> Can you show a directory listing which includes file sizes?
>
> One idea is to try the bios_extract and/or uefi_extract utils.
@x220:~/8DET74WW⟫ ll
total 25000
drwxrwxr-x 2 4096 Apr 24 18:33 ./
drwxrwxr-x 3 4096 Apr 24 18:23 ../
-rw-rw-r--
Mat wrote:
> I was able to extract *.exe file with innoextract, but then running
> ifdtool to each file from extracted directory does not bring any
> success.
Can you show a directory listing which includes file sizes?
One idea is to try the bios_extract and/or uefi_extract utils.
//Peter
--
I have coreboot running on my x220. lately lenovo released firmware
update (8duj29us.exe from
https://support.lenovo.com/pl/en/downloads/ds018805) and I'd like to
update coreboot with new blobs from that BIOS.
Unfortunatelly I have
difficulties with extracting binary blobs from it and need help.
12 matches
Mail list logo