On 01/17/2018 11:51 AM, William C Vaughan wrote:
Date: Wed, 17 Jan 2018 14:09:09 +0100
From: Didier Kryn <k...@in2p3.fr <mailto:k...@in2p3.fr>>
To: dng@lists.dyne.org <mailto:dng@lists.dyne.org>
Subject: Re: [DNG] Help with Spectre and Meltdown
Message-ID: <1bf9d308-fc02-7cf6-7a70-50c817e24...@in2p3.fr
<mailto:1bf9d308-fc02-7cf6-7a70-50c817e24...@in2p3.fr>>
Content-Type: text/plain; charset=utf-8; format=flowed
Le 17/01/2018 à 13:59, vmlinux a écrit :
>
> On January 16, 2018 6:50:32 PM CST, KatolaZ <kato...@freaknet.org
<mailto:kato...@freaknet.org>> wrote:
> [Snip]
>
> ::
> ::The only affected component is the kernel. Patch exist for jessie,
> ::AFAWN, there is no way to
> ::effectively patch Spectre.
>
> I haven't had time to actually read up on it, however, isn't there a micro code mitigation
available from Intel? I'm assuming this is some sort of cpu firmware
update but not sure you can flash a cpu :/ so...
>
> https://www.reddit.com/r/sysadmin/comments/7pe2ew/intel_spectre_microcode_update/.compact
<https://www.reddit.com/r/sysadmin/comments/7pe2ew/intel_spectre_microcode_update/.compact>
>
Still reading (subjects only) the mailing list of Linux on Dell
Poweredge, it seems they provide a means do download and install a new
microcode. Dunno how to do the same core-i7 of my laptop...
intel microcode is available as a debian package (non-free), you can see
the tracker here: https://tracker.debian.org/pkg/intel-microcode you
want the version from 20180108 which is in testing. The package adds
firmware patches during boot, and they stay in memory, so the package
should remain installed afterwards. The process is explained here:
https://wiki.debian.org/Microcode
There are trackers for the CVE's associated with spectre too:
https://security-tracker.debian.org/tracker/CVE-2017-5715
https://security-tracker.debian.org/tracker/CVE-2017-5753
The xenbits.xen.org link in the notes of these trackers has a good
explanation of the bugs.
Didier
I just flashed the EFI/BIOS on my I7 XPS-13 several days ago. For
non-Windows machines you copy the provided DOS ".exe" to a USB,
restart the machine, and hit F12 (nearly always on Dell) and select
"Flash / update the BIOS" or something close to that, after which just
follow the instructions. Most newer Dell machines have the SA-00086
updates available. Older machines might not. Here's the relevant link:
Dell intel flash patches for meltdown/spectre
<http://www.dell.com/support/contents/us/en/19/article/product-support/self-support-knowledgebase/software-and-downloads/support-for-meltdown-and-spectre>
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
--
Héctor González
ca...@genac.org
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
