Date: Sun, 18 Feb 2018 18:25:50 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Tim Daneliuk <tundra@tundraware.com> Cc: "Eric A. Borisch" <eborisch@gmail.com>, David Marec <david.marec@davenulle.org>, freebsd-stable@freebsd.org Subject: Re: stable/11 r329462 - Meltdown/Spectre MFC questions Message-ID: <20180218232550.wp4ukhvnitlkc3cj@mutt-hbsd> In-Reply-To: <9b010393-e60f-5cbf-0a55-6082798fd237@tundraware.com> References: <20180217194726.GA79666@icarus.home.lan> <58099107-bc04-8ad9-3909-16bf5297dd2b@davenulle.org> <20180218165001.whbmonks7fq27mgq@mutt-hbsd> <eebc9302-3362-be0e-0ae7-d330d03d8a96@davenulle.org> <d977bcbf-347a-2b86-f07d-e3006d77e380@tundraware.com> <CAASnNnpcvw03bbm2wB8-odo0tSbuVwuK51%2BEc00d3H1r9Jf69g@mail.gmail.com> <9b010393-e60f-5cbf-0a55-6082798fd237@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--lj5w6dxbkmiyfsyq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 18, 2018 at 10:02:08PM +0000, Tim Daneliuk wrote: > On 02/18/2018 09:50 PM, Eric A. Borisch wrote: > >=20 > > On Sun, Feb 18, 2018 at 3:17 PM Tim Daneliuk <tundra@tundraware.com <ma= ilto:tundra@tundraware.com>> wrote: > >=20 > > On 02/18/2018 05:47 PM, David Marec wrote: > > > #cpucontrol??-u??-v??/dev/cpuctl0 > > > cpucontrol: skipping /usr/local/share/cpucontrol/m32306c3_0000002= 2.fw of rev??0x22:??up??to??date > >=20 > >=20 > > While we're on the subject ... where does one find these microcode = updates > > anyway.?? On a 10.4-STABLE system, the command above blows out beca= use > > there is no director /usr/local/share/cpucontrol ... so I am missing > > the magic to get it populated. > >=20 > > -- > > -------------------------------------------------------------------= --------- > > Tim Daneliuk?? ?? ??tundra@tundraware.com <mailto:tundra@tundraware= =2Ecom> > > PGP Key:?? ?? ?? ?? ??http://www.tundraware.com/PGP/ > >=20 > >=20 > > It???s provided by the sysutils/devcpu-data port. > >=20 > > ??- Eric > >=20 > >=20 >=20 >=20 > Yes thanks, I finally tripped across that myself :) Do we have any insig= ht on > whether this addresses the latest vulnerabilities? The latest Intel microcode gives CPUs affected by Spectre new MSRs, one of which is to toggle IBRS. Vendors like Dell have started issuing firmware updates that also applies the new CPU microcode. Check with your vendor to see if they've shipped such firmware updates. Having the CPU microcode applied is not enough. The OS needs to support the new MSRs. FreeBSD 11-STABLE now does after the PTI and IBRS MFCs. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --lj5w6dxbkmiyfsyq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlqKC3kACgkQaoRlj1JF bu5ADhAArQhHFotF2SfJrGXE794cn2VDyRRM13Al4i8pOV1L99KLoOBRNg4uDLh6 nT3JefTniTAcZSBfzgxbG70R2pyjbhNHneapLaeLAER+WGhIoUTCFGCV90n54Qmx mzvsn0Fq0uSD+8IBNlDHxpqX/QIK+Ft6G3EgT+8C0/8DB7joloccs8vALnCE3Og1 sxC1CoQRpNlRaZtvGCmlxmUnsoQZ28GZ2SB9IdoMD21EqImeoCM7Q5BdF1EHIRif ipI78dV7o6jbrNzbtXeDDiLhtv8Q2UbOAXn1Hh3PAt3vG84L6QrBLgEfpgnDqJWW EN7Cb0B9S+wctllTFJLSaSwFgUqwA8tQftNEfGKC65IpHywFQ9pLKWl+3EVRbAhZ JngfwNiWyxu/upY82SqiWspi4E4RYInQZ15wYMJJ4yAdF/WyHEu1WbIotwOZdu1E KehPp1l6+sBaFBQC8kw9pKd20lybA0nT02i2UifCBVBjr2US8p+ysXBvMbFCakyk 4szAM5j8EK8AbVqmT71GDpdZAzLk4KR6EBYOi4s2JDGVdJAnOPVZg9CgZoSBvkdG 2e8Ci4lK6qwK3QE8LcMLSRk6/7LcfKKq0Balx7gft0LMwiCWZxw1tcrpJuOWX3Ak j+rB5EqkLE9Ym6MwWW4EydJkrFBlRuSjTcoizxqjlgHWGMzsC94= =0dYB -----END PGP SIGNATURE----- --lj5w6dxbkmiyfsyq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180218232550.wp4ukhvnitlkc3cj>