On 1/6/2018 19:58, Mouse wrote:
Why? Is there any reason to not deploy known effective countermeasures
while waiting for a real fix? Indeed, do we have any reason to think a
real fix will be forthcoming from Intel? In view of their attempts to
downplay their bugs, I have negative confidence they will actually
_fix_ them...if indeed they are fixable on current hardware. (It's not
publicly known, as far as I know, to what extent the bugs are fixable
in microcode; in some respects they may be baked into the silicon.)
My understanding is that it's not something that can be fixed in
microcode, but that Intel has already released a microcode update that
provides hardware support for mitigating the problems. I haven't been
able to find actual documentation about the changes, but apparently
Intel calls them "Indirect Branch Restricted Speculation" and "Indirect
Branch Prediction Barriers". On CPUs with the new microcode, there are
now new SPEC_CTRL and PRED_CMD model-specific registers that allow you
to enable/disable the behavior.
It looks like two of the Dell machines I use have BIOS updates that
include the new microcode, but I don't know when it'll be available for
the other machines I use. The standalone microcode update at
https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File
is dated 20171117, and from what I've read, does not contain the latest
changes.
--
Name: Dave Huang | Mammal, mammal / their names are called /
INet: [email protected] | they raise a paw / the bat, the cat /
Telegram: @dahanc | dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 42 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+
PL++
