Announcement

**GreyGeek** · Jan 10, 2018, 07:30 PM

This package contains Intel microcode files in two formats:
* microcode.dat
* intel-ucode directory

microcode.dat is in a traditional text format. It is still used in some
Linux distributions. It can be updated to the system through the old microcode
update interface which is avaialble in the kernel with
CONFIG_MICROCODE_OLD_INTERFACE=y.

To update the microcode.dat to the system, one need:
1. Ensure the existence of /dev/cpu/microcode
2. Write microcode.dat to the file, e.g.
dd if=microcode.dat of=/dev/cpu/microcode bs=1M

I noticed that in /dev/cpu the microcode file is 0B.
The microcode.dat file is 4.9MiB in size.

**TWPonKubuntu** · Jan 10, 2018, 09:34 PM

Please DO due diligence on this upgrade. It is specific to only SOME Intel processors.

The list of processors is in my previous post linked document:

https://downloadcenter.intel.com/dow...code-Data-File

In contradiction, Intel also says this:

"...This microcode data file contains the latest microcode definitions for all Intel processors..."

So some caution is indicated here...

**vinnywright** · Jan 10, 2018, 09:39 PM

and

The updated microcode archive also contains an intel-ucode folder, which is the second method of installing the microcode, supported by most modern GNU/Linux distributions. To update this way, ensure the existence of /sys/devices/system/cpu/microcode/reload, copy the entire intel-ucode directory to /lib/firmware, overwrite the files in /lib/firmware/intel-ucode/, write the reload interface to 1 to reload the microcode files (e.g. echo 1 > /sys/devices/system/cpu/microcode/reload), and reboot.

I found (on the intel site linked to on that page) the microcode.tgz for my CPU ,,,,,, O now what to do . decisions decisions ?

VINNY

**TWPonKubuntu** · Jan 10, 2018, 11:16 PM

Vinny, I can't advise you either way on this.

My CPUs are not in the list, too old I guess.

Because this "vulnerability" is very difficult to implement, I'm willing to give it some time and see what happens to other people.

As GreyGeek said, they won't find much on my machine...

**GreyGeek** · Jan 11, 2018, 12:10 PM

Even though my /dev/cpu/microcode file was 0 bytes, it existed. So, knowing that with Btrfs I had nothing to fear, I copied the gz supplied microcode for my CPU over it and rebooted. I could detect NO difference in my computer’s performance.

Now, I am deciding on which patched kernel to update to, if one exists that won’t break Neon.

Sent from my iPhone using Tapatalk

**TWPonKubuntu** · Jan 11, 2018, 12:24 PM

I'm running Kernel 4.4.0-109 and expect to see 4.4.0-111 in the repository "real soon now". I saw no perceptible change in operation. That kernel is claimed to have some code to address Meltdown, but nothing (yet) for Spectre. Bear in mind that this is coming from the Linux Mint repository and other distros may have already pushed more current kernels.

**acheron** · Jan 11, 2018, 01:49 PM

Microcode updates:

https://usn.ubuntu.com/usn/usn-3531-1/

**vinnywright** · Jan 11, 2018, 03:40 PM

Originally posted by acheron View Post

Microcode updates:

https://usn.ubuntu.com/usn/usn-3531-1/

yup ,,,just got that update

Code:

vinny@vinny-Bonobo-Extreme:~$ dpkg -l | grep intel-microcode
ii  intel-microcode                                 3.20180108.0~ubuntu16.04.2                               amd64        Processor microcode firmware for Intel CPUs

but the only change in that script is

Code:

vinny@vinny-Bonobo-Extreme:~/Documents/testing/spector,meltdown/spectre-meltdown-checker$ sudo sh spectre-meltdown-checker.sh 
[sudo] password for vinny: 
Spectre and Meltdown mitigation detection tool v0.21

Checking for vulnerabilities against live running kernel Linux 4.13.0-25-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 12:16:39 UTC 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO  (only 42 opcodes found, should be >= 70)
> STATUS:  VULNERABLE  (heuristic to be improved when official patches become available)                                                                                 
                                                                                                                                                                        
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'                                                                                                          
* Mitigation 1                                                                                                                                                           
*  [COLOR=#00ff00] Hardware (CPU microcode) support for mitigation:  YES  [/COLOR]                                                                                                              
*   Kernel support for IBRS:  NO                                                                                                                                         
*   IBRS enabled for Kernel space:  NO                                                                                                                                   
*   IBRS enabled for User space:  NO                                                                                                                                     
* Mitigation 2                                                                                                                                                           
*   Kernel compiled with retpoline option:  NO                                                                                                                           
*   Kernel compiled with a retpoline-aware compiler:  NO                                                                                                                 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)                                                
                                                                                                                                                                        
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'                                                                                                     
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

VINNY

**woodsmoke** · Jan 11, 2018, 08:54 PM

AGAIN...this is ALL CRAPPPOLA...

It is ALL about "gettting the uninformed worked up for "the" political agenda...

OH MY GAWD WOOODMSOKE HOW CAN YOU SAY THAT...

Guess what...

We knew abopit this back when Obama / Trump ? Putin were going to foist it on ...YOU.
GAWD...HIE TO YOURSELF TO KALI... One conributer from Carter is still hanging in there...but gawd...pleeze folks isn't THAT HARD...

I mean...

HOW MANY FUC#$%$ TIMES have the old woodsmoker been INSULTED and BAD MOUTHED...HERE...If the old woodsmoker can help forge against the hordes...

It really IS an EMOTIONAL connexion... hard... tolGET INVOLVED... Kali Linux...

God...you just don't know...

Imagine a spreadsheet of threats that extends to the right and below this screen...
[img]
http://www.napolun.com/mirror/napole...Plancenoit.jpg
[/img]

**woodsmoke** · Jan 11, 2018, 09:06 PM

https://en.wikipedia.org/wiki/SQL_injection

of little worth

**jglen490** · Jan 11, 2018, 09:08 PM

Originally posted by woodsmoke View Post

AGAIN...this is ALL CRAPPPOLA...

It is ALL about "gettting the uninformed worked up for "the" political agenda...

OH MY GAWD WOOODMSOKE HOW CAN YOU SAY THAT...

Guess what...

We knew abopit this back when Obama / Trump ? Putin were going to foist it on ...YOU.
GAWD...HIE TO YOURSELF TO KALI... One conributer from Carter is still hanging in there...but gawd...pleeze folks isn't THAT HARD...

I mean...

HOW MANY FUC#$%$ TIMES have the old woodsmoker been INSULTED and BAD MOUTHED...HERE...If the old woodsmoker can help forge against the hordes...

It really IS an EMOTIONAL connexion... hard... tolGET INVOLVED... Kali Linux...

God...you just don't know...

Imagine a spreadsheet of threats that extends to the right and below this screen...
[img]
http://www.napolun.com/mirror/napole...Plancenoit.jpg
[/img]

Lead the Panic Brigade, will you please? Sheeeeesh ...

**woodsmoke** · Jan 11, 2018, 09:17 PM

Again... the sheeple...

THERE ARE...what... 11 (eleven) sites in PHYSICAL CONTIGTUITY of Russia and all of those people are WAAAY drunk on Vodka that ...the old woodsmoker will be on Cuba Libre...give me a BREAK...

BEFORE YOU cast your opinon on the water...>>HIE YOURSELF TO KALI LINUX...

all this pontificating is just exactly what the " power people in the U.S. of BOTH Politiocal p[artioes want!!

LET <ME as a simple question:

WHO...in a JUNGLE on ANY continent...cares ONE WHIT... about what I... woodsmoker...or YOU...put on this screen...

ANSWER ME THAT!!!

woodwaitingsmoke

**jglen490** · Jan 11, 2018, 09:23 PM

I will not HIE myself anywhere on your word, nor will I tell anyone else to HIE themselves to anywhere, that they don't wish to go. If my words are helpful to someone who reads what is on this screen, then my efforts were good. If not then my efforts resolve into learning a better way. BUT, not because you randomly yell things in peoples faces.

**woodsmoke** · Jan 11, 2018, 09:26 PM

LOL

I could care less because you are part of the problem.

wood...we have YET AGAIN...another controller on the forum...smoke

AND...I had the courtesy to REALIZE that I was being buried in what you are part of ...and hied myself away...smoke

**jglen490** · Jan 11, 2018, 09:29 PM

O.K., see ya, not.

Announcement

About the processor vulnerabilities Meltdown, Spectre, some articles

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment