Date: Tue, 16 Jan 2018 12:49:52 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Cy Schubert <Cy.Schubert@komquats.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: VMware pulling Intel specter patches Message-ID: <20180116174952.n7asjhyw66fnkicu@mutt-hbsd> In-Reply-To: <20180116171745.0BD75181E@spqr.komquats.com> References: <20180116171745.0BD75181E@spqr.komquats.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--uslwilkkwq3qkf6z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 16, 2018 at 09:18:47AM -0800, Cy Schubert wrote: > Might we be jumping the gun with updated firmware in devcpu-data? >=20 > https://www.reddit.com/r/sysadmin/comments/7qjnfx/vmware_pulled_spectre_p= atches_on_friday/ =46rom what I understand, the new Intel microcode only makes sense if retpoline is used. On Skylake and above, retpoline by itself isn't 100% effective against Spectre. On those systems, retpoline requires the new Intel microcode update along with enabling the new IBRS feature that comes with it. Simply updating the microcode on Intel systems doesn't really do much on its own. Granted, I could have misread and be completely wrong. Please let me know if I am. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --uslwilkkwq3qkf6z Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlpeOzwACgkQaoRlj1JF bu78pQ/+JIEQeIEFms2BQZTlt0AeU3noBicJGnIrHB34RxtOXac2A50d1JVcEMKl MiFVqpMlQwF3PCgHqSlg9CHKax9c4MRKV36oyVhhSS5qA/f4JOTZ8G7zSDh1/8aN TTs+dMfK7MFw9oQ1mAacC3/tpMuD+6rDnMlYhaP2mxHxzhIuaCU3zspzpfTIvrJ1 fV67YaSAcE3XCOIlXuQAqVIRZbJ1/zMOvr+AYn07ssvYEoEWjeqDHJORFiIrlkyA NiTSE808tSQctcSgPa57zHR4M+Yb/85naUvG/c27axXOgMBn4An1XL3stXU6Eh7o 41XYPIIoSx83N5+2t48cVAD1u/EKOJP3BCdCaaZaXj6bAHx6s11yBxnBb6M5e4mG pbyfoHZ6o+UJzO3g3fUYzjbnwRkQgJNybK0L7QxmN3f3KXn8d9TdC1mMVOjJMo7n 4NKElZR6nBTmITY7F1YpA6q5tXMsaYDOVNS3b3Dvm05huimo6pOswa9lULjaL69Q 9hSo5GmxPKBVCrJ5Ij4+kHr0rvlkV8BtNU2WO0mbaWtXNLBx43g2zn7FKnkq3TiL S3E76xps6FhUmjfN9N0B5MJnn8ecOj24qzQcwhEbMi9m8CpjbtVWvrcmkM/nRv2y qGcO+/P6L2oxBLmOt7igNkUJxA1PTfFZazcFZL5y9J/dK5gYvhQ= =3ChP -----END PGP SIGNATURE----- --uslwilkkwq3qkf6z--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180116174952.n7asjhyw66fnkicu>