Date: Fri, 16 Mar 2018 17:11:47 +0100 From: Andrea Venturoli <ml@netfence.it> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution Message-ID: <337d9fd4-2aa4-609a-6a00-e9ce2be599cc@netfence.it> In-Reply-To: <20180314042924.E880D1128@freefall.freebsd.org> References: <20180314042924.E880D1128@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/14/18 05:29, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-18:03.speculative_execution Security Advisory > ... Hello. After upgrading two machines (one with an AMD Phenom II X4 925, the other with a Pentium 987), I'd like to get just a couple of confirmations... > # sysctl vm.pmap.pti > vm.pmap.pti: 1 Of course I find this enabled on the Intel box and not on the AMD one, but... is PTI in any way affected by a microcode update from Intel? > The patch includes the IBRS mitigation for Spectre V2. To use the mitigation > the system must have an updated microcode; with older microcode a patched > kernel will function without the mitigation. > > IBRS can be disabled via the hw.ibrs_disable sysctl (and tunable), and the > status can be checked via the hw.ibrs_active sysctl. IBRS may be enabled or > disabled at runtime. Additional detail on microcode updates will follow. None of the two box seems to have this enabled; on both I see: > # sysctl -a|grep ibrs > hw.ibrs_disable: 1 > hw.ibrs_active: 0 Does this mean both machine don't have a good enough microcode or is just IBRS not enabled by default? In the first case, I tried finding some information on what microcode is available for what CPU (I'm interested in several other ones, not only these two), but failed. Has anyone a pointer? Last question: am I right that devcpu-data is nowaday useless (read no microcode update anyway) unless this update to base is also installed? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?337d9fd4-2aa4-609a-6a00-e9ce2be599cc>