On Thu, Jan 11, 2018 at 5:32 PM, Derek Atkins <de...@ihtfp.com> wrote:

> Hi,
> On Thu, January 11, 2018 9:53 am, Yaniv Kaul wrote:
> > No one likes downtime but I suspect this is one of those serious
> > vulnerabilities that you really really must be protected against.
> > That being said, before planning downtime, check your HW vendor for
> > firmware or Intel for microcode for the host first.
> > Without it, there's not a lot of protection anyway.
> > Note that there are 4 steps you need to take to be fully protected: CPU,
> > hypervisor, guests and guest CPU type - plan ahead!
> > Y.
> Is there a HOW-To written up somewhere on this?  ;)

Not for oVirt specifically right now. We'll blog about it once we release
additional improvements to detect if you are protected - right from oVirt
UI (in 4.2.1).

> I built the hardware from scratch myself, so I can't go off to Dell or
> someone for this.  So which do I need, motherboard firmware or Intel
> microcode?  I suppose I need to go to the motherboard manufacturer
> (Supermicro) to look for updated firmware?  Do I also need to look at
> Intel?  Is this either-or or a "both" situation?  Of course I have no idea
> how to reflash new firmware onto this motherboard -- I don't have DOS.

You could get it from Intel, via their microcode_ctl package. When they
release for your CPU is a different manner.
See[1] for some good pointers.


> As you can see, planning I can do.  Execution is more challenging ;)
> Thanks!
> >> > Y.
> -derek
> --
>        Derek Atkins                 617-623-3745
>        de...@ihtfp.com             www.ihtfp.com
>        Computer and Internet Security Consultant
Users mailing list

Reply via email to