Announcement

Collapse
No announcement yet.

Intel Posts Updated Microcode Files For Linux

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel Posts Updated Microcode Files For Linux

    Phoronix: Intel Posts Updated Microcode Files For Linux

    In the wake of Meltdown and Spectre, Intel yesterday released new microcode binaries for Linux systems...

    http://www.phoronix.com/scan.php?pag...inux-Microcode

  • #2
    Mostly CVE-2017-5715 mitigation, these get uploaded in Debian Sid, it says:

    Implements IBRS/IBPB support and enhances LFENCE: mitigation
    against Spectre (CVE-2017-5715)
    https://packages.qa.debian.org/i/int...0T100610Z.html

    Similar like these for AMD Ryzen from SUSE

    Add IBPB support for family 17h AMD processors (CVE-2017-5715)
    https://packages.qa.debian.org/a/amd...0T100416Z.html

    Comment


    • #3
      Intel is only updating CPUs up to 5 years old. What about the millions and millions of users running Ivy Bridge and Sandy Bridge? Intel is just going to leave them vulnerable?

      There seems to be a distinct lack of media coverage about Intel only fixing recent CPUs, excluding Sandy/Ivy, while on the other hand these CPUs remain hugely popular with a large amount of people using them either as their primary or secondary machines. The i5/i7 series as a whole should have been the cut-off point.

      This is just irresponsible. Even Microsoft applied a security fix to Windows XP for the ransomware attacks a while back, and XP is way, way older than 5 years (more like 15 years.)

      That's just not good enough from Intel and very irresponsible, yet nobody calls them out on it? What gives?
      Last edited by RealNC; 01-10-2018, 07:56 AM.

      Comment


      • #4
        Originally posted by RealNC View Post
        Intel is only updating CPUs up to 5 years old. What about the millions and millions of users running Ivy Bridge and Sandy Bridge? Intel is just going to leave them vulnerable?

        There seems to be a distinct lack of media coverage about Intel only fixing recent CPUs, excluding Sandy/Ivy, while on the other hand these CPUs remain hugely popular with a large amount of people using them either as their primary or secondary machines. The i5/i7 series as a whole should have been the cut-off point.

        This is just irresponsible. Even Microsoft applied a security fix to Windows XP for the ransomware attacks a while back, and XP is way, way older than 5 years (more like 15 years.)

        That's just not good enough from Intel and very irresponsible, yet nobody calls them out on it? What gives?
        I think this is about the "retpoline" technique not working with Skylake and later. Those CPUs need that "IBRS/IBPB" thing, and that needs changes to microcode to work.

        Comment


        • #5
          If you don't talk about the problem, it's like it never existed!...

          Comment


          • #6
            Originally posted by RealNC View Post
            Intel is only updating CPUs up to 5 years old. What about the millions and millions of users running Ivy Bridge and Sandy Bridge? Intel is just going to leave them vulnerable?

            There seems to be a distinct lack of media coverage about Intel only fixing recent CPUs, excluding Sandy/Ivy, while on the other hand these CPUs remain hugely popular with a large amount of people using them either as their primary or secondary machines. The i5/i7 series as a whole should have been the cut-off point.

            This is just irresponsible. Even Microsoft applied a security fix to Windows XP for the ransomware attacks a while back, and XP is way, way older than 5 years (more like 15 years.)

            That's just not good enough from Intel and very irresponsible, yet nobody calls them out on it? What gives?
            On top, the state of the whole case is *extremely* confusing for me.
            • Which products will get microcode updates addressing Meltdown.
            • How effective are those and what are they targetting?
              • This might differ significantly between CPU microarchitectures/families/steppings
            • Which kernels get fixes and how effective are they?
            E.g. if you have RHEL/CentOS{6,7} systems, you might be in trouble.

            RHEL7 is based on a heavily patched 3.10.x kernel, while RHEL6 is 2.6.32.
            According to this source

            https://news.ycombinator.com/item?id=16087736

            All (K)PTI patches floating around for kernels older than 4.14 are *different* - in the sense that they are based
            on much older KAISER patches which comes with a load of issues.

            Is there any official (or even unofficial) statement by Red Hat/CentOS available on that matter?

            Comment


            • #7
              While i can't comment on this new Microcode i can agree with the idea that Intel gets a free pass on such things. It is why im hoping at least a couple of the class action law suits inplace end up hurting Intel a bit.

              Originally posted by RealNC View Post
              Intel is only updating CPUs up to 5 years old. What about the millions and millions of users running Ivy Bridge and Sandy Bridge? Intel is just going to leave them vulnerable?

              There seems to be a distinct lack of media coverage about Intel only fixing recent CPUs, excluding Sandy/Ivy, while on the other hand these CPUs remain hugely popular with a large amount of people using them either as their primary or secondary machines. The i5/i7 series as a whole should have been the cut-off point.
              Why have a cut off point. Does the manufacturre of faulty air bafs get a cut off point.

              This is actually a very interesting discussion from the legal and moral standpoint. As an example a local company came under hard times requiring that it close many business segments. In doing so that scraped $100,000of dollars in used machine shop machinery instead of selling them off. Mind you this used stuff all total was likely worth millions even used. It all went into the dumpster, actually riped out with a massive crane, becusse the company didnt want to be held responsible for that machinery. Mind you most of this machinery was manufactured decades ago by machine tool builders yet the lawyers felt they could be held liable.

              Since many of the manufactures arent around you have to ask how long can anybody but the current owner be held liable for old equipment. 10 years 20 or 30. It is an interesting question and one that likely should be addressed via legislation.

              To put the question iterms a consummer might grasp better should Ford be responsible for all the model A's that might still be running?
              I think the rational answer is yes there needs to be a legal cut off point.

              This is just irresponsible. Even Microsoft applied a security fix to Windows XP for the ransomware attacks a while back, and XP is way, way older than 5 years (more like 15 years.)

              That's just not good enough from Intel and very irresponsible, yet nobody calls them out on it? What gives?
              I dont get it either. If AMD had this problem we would see the media out for blood. Honestly i see it as liberal media collusion.

              Comment


              • #8
                The microcode updates in software are the same as microcode updates through BIOS, right?
                also does windows get them through software?

                Comment


                • #9
                  Originally posted by entropy View Post
                  On top, the state of the whole case is *extremely* confusing for me.
                  It is not so confusing, it is just that various things need to be in place, but still *no one* is actually patched against everything really . It comes in parts and to be continued

                  Maybe easiest for average Joe to check/understand is to look at spectre-meltdown-checker on github, there are various points that needs to be put in place so that one can claim to be safer:

                  https://github.com/speed47/spectre-meltdown-checker
                  Last edited by dungeon; 01-10-2018, 10:58 AM.

                  Comment


                  • #10
                    Found this link to keep up with all the updates: https://github.com/hannob/meltdownspectre-patches

                    Comment

                    Working...
                    X