From owner-freebsd-security@freebsd.org Mon Mar 19 10:29:10 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA44BF634C5 for ; Mon, 19 Mar 2018 10:29:10 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp207.alice.it (smtp207.alice.it [82.57.200.103]) by mx1.freebsd.org (Postfix) with ESMTP id 24EE168380 for ; Mon, 19 Mar 2018 10:29:09 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (79.25.193.209) by smtp207.alice.it (8.6.060.28) id 5AADAC0300A18024; Mon, 19 Mar 2018 11:29:02 +0100 Received: from guardian.ventu (2-234-63-131.ip221.fastwebnet.it [2.234.63.131]) (authenticated bits=0) by soth.ventu (8.15.2/8.15.2) with ESMTPSA id w2JASqd4090853 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 19 Mar 2018 11:28:54 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host 2-234-63-131.ip221.fastwebnet.it [2.234.63.131] claimed to be guardian.ventu Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution To: Jan Demter , freebsd-security@freebsd.org References: <20180314042924.E880D1128@freefall.freebsd.org> <337d9fd4-2aa4-609a-6a00-e9ce2be599cc@netfence.it> <8deba9d2-17b5-9088-1766-42f9e334df89@demter.de> From: Andrea Venturoli Message-ID: <7599974f-d31e-4df1-0b82-6b401461dcca@netfence.it> Date: Mon, 19 Mar 2018 11:28:46 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <8deba9d2-17b5-9088-1766-42f9e334df89@demter.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.83 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Mar 2018 10:29:10 -0000 On 03/18/18 18:54, Jan Demter wrote: >> Of course I find this enabled on the Intel box and not on the AMD one, >> but... is PTI in any way affected by a microcode update from Intel? > > From what I have read so far, I'm pretty certain it isn't planned or > even possible to patch this via a microcode update. Ok, I'm wrong then: I understood Spectre was unfixable, while Intel had provided (or was going to provide) a microcode update to patch (not mitigate) MeltDown. Of course PTI might be a good idea in any case. > For Intel CPUs, there's this list: > https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf Thanks. Altough I was looking for AMD mostly :) > The microcode update itself will work, if that is what you meant, but > just updating the microcode and not FreeBSD is useless to mitigate > Spectre V2. Again, my fault: the "Please update your system in order to update CPU microcode." message led me to a wrong conclusion. bye & Thanks av.