Announcement

Collapse
No announcement yet.

GNU Linux-Libre 4.16 Released, Won't Warn You About Spectre/Meltdown Microcode Updates

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • GNU Linux-Libre 4.16 Released, Won't Warn You About Spectre/Meltdown Microcode Updates

    Phoronix: GNU Linux-Libre 4.16 Released, Won't Warn You About Spectre/Meltdown Microcode Updates

    The folks maintaining the GNU Linux-Libre downstream of the Linux kernel have released their kernel 4.16 release that pulls in yesterday's Linux 4.16 kernel but strips out parts that aren't entirely free software and eliminates support for loading binary-only modules, etc...

    http://www.phoronix.com/scan.php?pag...-4.16-Released

  • #2
    So rather than suggesting to update the non-free FW to something more secure, it would rather you stick with the old, less secure non-free FW that comes on the chip because suggesting a non-free firmware update would violate your freedom?

    The logic seems incoherent to me.

    EDIT: Better solution, rather than remove it, change the warning to something noting the HW is vulnerable.
    Last edited by Mystro256; 04-02-2018, 10:45 AM.

    Comment


    • #3
      Originally posted by Mystro256 View Post
      So rather than suggesting to update the non-free FW to something more secure, it would rather you stick with the old, less secure non-free FW that comes on the chip because suggesting a non-free firmware update would violate your freedom?

      The logic seems incoherent to me.
      Yeah, exactly, non-free software is okay as long as it cannot be replaced now?

      Comment


      • #4
        If anyone needs evidence that the FSF has gone full retard with its hardline 'free software or get lost' stance, this is the clearest of them all.

        Comment


        • #5
          Originally posted by Sonadow View Post
          If anyone needs evidence that the FSF has gone full retard with its hardline 'free software or get lost' stance, this is the clearest of them all.
          The FSF has always promoted extreme solutions because someone needs to show people just how much proprietary code runs on their systems. It's not a pragmatic approach, but no one expects it to be.

          Comment


          • #6
            Originally posted by WolfpackN64 View Post

            The FSF has always promoted extreme solutions because someone needs to show people just how much proprietary code runs on their systems. It's not a pragmatic approach, but no one expects it to be.
            Then the warning should read "Linux-Libre is unsecure on this hardware due to CPU flaws. Do not use."

            Comment


            • #7
              Spectre/meltdown can be mitigated in software via KPTI and retpoline. This isn't as big a deal as you people are making it out to be.

              Comment


              • #8
                For more details:

                https://security.googleblog.com/2018...for-cpu_4.html

                Variant 1 can be mitigated by recompilation

                Variant 2 can be mitigated by firmware updates _OR_ retpoline

                Variant 3 can be mitigated via KPTI.

                As a result linux-libre is fine.

                Comment


                • #9
                  Originally posted by willmore View Post

                  Then the warning should read "Linux-Libre is unsecure on this hardware due to CPU flaws. Do not use."
                  Just as regular Linux is unsecure on this or that hardware due to hardware/microcode flaws.

                  Comment


                  • #10
                    Just tried, evertything works fine here:

                    DeVUAn:~$ cat /proc/sys/kernel/osrelease
                    4.16.0-gnu
                    DeVUAn:~$ cat /sys/devices/system/cpu/vulnerabilities/*
                    Not affected
                    Mitigation: __user pointer sanitization
                    Mitigation: Full AMD retpoline
                    I don't need firmware for mitigation, BTW even FGLRX works

                    DeVUAn:~$ fglrxinfo
                    display: :0.0 screen: 0
                    OpenGL vendor string: Advanced Micro Devices, Inc.
                    OpenGL renderer string: AMD Radeon HD 8400 / R3 Series
                    OpenGL version string: 4.5.13416 Compatibility Profile Context 15.302
                    On this AM1 machine, only firmares for AMD GPU are kind of *must have* (it also blocking newer AMD cpu microcode and realtek wired firmware, but things work fine enough without these)... but this way to be fair to not touch defaults in linux-libre at all, at least FGLRX blobby could fly in

                    GPUs are problem anywhere most of the time as expected
                    Last edited by dungeon; 04-02-2018, 01:00 PM.

                    Comment

                    Working...
                    X