Skip to main content

linux - Spectre/Meltdown - update microcode

I am trying to manually update the microcode for the Intel i5-2410M.



Dell XPS 15z 2011 - Intel i5-2410M (Sandy bridge).



Ubuntu 18.04 (Debian) | Gnome | Grub2 | Systemd



I have installed some pre-packaged microcode from the Ubuntu repository, but I don't know if any of it applies to me:



apt install intel-microcode





dmsg | grep microcode



[ 0.000000] microcode: microcode updated early to revision 0x2d,
date = 2018-02-07




[ 1.259590] microcode: sig=0x206a7, pf=0x10, revision=0x2d



[ 1.259643] microcode: Microcode Update Driver: v2.2.




Note that the date is February 7, 2018.
Intel has a later release for the i5-2410M, April 25th 2018.





https://downloadcenter.intel.com/download/27776/Linux-Processor-Microcode-Data-File?product=52224






CVE-2018-3640 [rogue system register read] aka 'Variant 3a'




  • CPU microcode mitigates the vulnerability: NO





STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)



How to fix: The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed.




CVE-2018-3639 [speculative store bypass] aka 'Variant 4'





  • Mitigated according to the /sys interface: NO (Vulnerable)


  • Kernel supports speculation store bypass: YES (found in /proc/self/status)





STATUS: VULNERABLE (Your CPU doesn't support SSBD)



How to fix: Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section).







» grep . /sys/devices/system/cpu/vulnerabilities/*



/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI



/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable




/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization



/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW




Could someone please provide a breadcrumb for what I should researching, I am stuck pretty good right now. I appreciate your time.

Comments

Post a Comment

Popular posts from this blog

iLO 3 Firmware Update (HP Proliant DL380 G7)

The iLO web interface allows me to upload a .bin file ( Obtain the firmware image (.bin) file from the Online ROM Flash Component for HP Integrated Lights-Out. ) The iLO web interface redirects me to a page in the HP support website ( http://www.hp.com/go/iLO ) where I am supposed to find this .bin firmware, but no luck for me. The support website is a mess and very slow, badly categorized and generally unusable. Where can I find this .bin file? The only related link I am able to find asks me about my server operating system (what does this have to do with the iLO?!) and lets me download an .iso with no .bin file And also a related question: what is the latest iLO 3 version? (for Proliant DL380 G7, not sure if the iLO is tied to the server model)
Post a Comment
Read more

linux - Awstats - outputting stats for merged Access_logs only producing stats for one server's log

I've been attempting this for two weeks and I've accessed countless number of sites on this issue and it seems there is something I'm not getting here and I'm at a lost. I manged to figure out how to merge logs from two servers together. (Taking care to only merge the matching domains together) The logs from the first server span from 15 Dec 2012 to 8 April 2014 The logs from the second server span from 2 Mar 2014 to 9 April 2014 I was able to successfully merge them using the logresolvemerge.pl script simply enermerating each log and > out_putting_it_to_file Looking at the two logs from each server the format seems exactly the same. The problem I'm having is producing the stats page for the logs. The command I've boiled it down to is /usr/share/awstats/tools/awstats_buildstaticpages.pl -configdir=/home/User/Documents/conf/ -config=example.com awstatsprog=/usr/share/awstats/wwwroot/cgi-bin/awstats.pl dir=/home/User/Documents/parced -month=all -year=all...
Post a Comment
Read more

linux - How can I get my mediawiki to stop thinking I have cookies disabled?

I've searched half a day for how to resolve this issue, and can't figure it out. Shortly after I made my wiki a simple private wiki according to the instructions at Mediawiki's website, it started giving me this weird login error message: Wiki uses cookies to log in users. You have cookies disabled. Please enable them and try again. If I remove those private wiki settings, the error disappears, even if I try logging in. But I need it to be a private wiki for only my team. So what do I do? Here's what I've done so far. Just to be safe, after ever change, I try rebooting Apache using: sudo /etc/init.d/apache2 restart In my php.ini file, I have the following set: session.save_path = "/var/lib/php5" session.cookie_secure = secure session.cookie_path = /tmp session.cookie_domain = my server's internal URL (should I even set this? this field was blank before, but not commented out) session.referer_check = Off I ran the following to ensure that the fold...
Post a Comment
Read more