On 29 January 2018 at 10:17, Michael Lange <[email protected]> wrote:
> Hi, > > On Mon, 29 Jan 2018 08:35:58 +0000 > Michael Fothergill <[email protected]> wrote: > > > Your need to upgrade to unstable (Debian Sid). Then you need to get > > the latest kernel from the kernel.org website. > > You also need to install GCC7 in sid which will give you version 7.3.0 > > at present. That is a new enough compiler to be able to properly > > install the spectre and meltdown fixes. > > The "meltdown fix" (a.k.a. page tables isolation) is already included in > Stretch's 4.9 kernel. > Yes, that is true. If the OP was running an Intel box than that really would be useful to them. So I should have mentioned it to them. But, to be fair the OP specifically mentioned that they were interested in fixes to the meltdown and spectre vulnerabilities ie both problems not just one of them. Cheers MF > > > Then you need to run the spectre/meltdown checker which you can get > > from a github site and run locally on your box to know it's really > > installed properly. > > AFAICT at present running a kernel with spectre and meltdown protection > > means running debian in the opposite way it is usually billed as to the > > outside world ie unstable for quite some time. > > That's not entirely true, you can run Debian Stable / Stretch with a > kernel that was compiled on Sid with gcc-7.3, however it is true that for > now there is no such kernel available for Stretch out-of-the-box and even > installing the latest gcc-7 compiler packages from sid on a Stretch > system is, if possible at all, probably not trivial. > > I assume that most likely someone is working on an update to gcc-6 that > will make it possible to compile the latest "spectre fix" into the kernel > with Stretch's default compiler and we will have to wait until that is > done. > > I think it is likely though, that a kernel with that fix will be > available soon in the "experimental" suite and could be installed > manually on Stretch. > > Regards > > Michael > > .-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-. > > After a time, you may find that "having" is not so pleasing a thing, > after all, as "wanting." It is not logical, but it is often true. > -- Spock, "Amok Time", stardate 3372.7 > >
