From owner-freebsd-stable@freebsd.org  Sun Feb 18 23:26:01 2018
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58BD6F0FFBC
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Sun, 18 Feb 2018 23:26:01 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com
 [IPv6:2a00:1450:400c:c09::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id BF30972BC2
 for <freebsd-stable@freebsd.org>; Sun, 18 Feb 2018 23:26:00 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-wm0-x232.google.com with SMTP id z81so12011942wmb.4
 for <freebsd-stable@freebsd.org>; Sun, 18 Feb 2018 15:26:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=LC/KGfNPxOoAloQ3U7pG6cFbGrouEbMoeVuBWEYuQPg=;
 b=rehDvWpiD5+aSxxAbWUBXb277k/+iBnpp7D5J2G6Yr6gJbgQMg3Iry9qcB24xFvBC1
 HH/mOU1EvUSQ3d972JF+zgFYJ2WW0fc0vz9s11pmSdI8lkz7qWC6Cu9it0fZKnlWXs/9
 oG8Mju4TaAmF0teYO5KGpXl8ZHzxkgYfwvk/xhxlWjKK6InkqKwtqxmAMRiLSNjXFSWE
 AItwcGU7D3y+gCVmk9kGae9YhvwMhP0g+tSlbKCJcStiM2YmOo7ipOnUwH3Dvmdcrmax
 FS+n+q2ymv2d+gpmtc8HYs3Lve6iwCqKapKmURmOIzskh2WtPTuEqL256HsFyG4eqqkV
 llBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=LC/KGfNPxOoAloQ3U7pG6cFbGrouEbMoeVuBWEYuQPg=;
 b=VilFcd3ibJnlwup1CPVrFE6AnuqtPbX5OGFq+pYvj3bvmAac39benLMTbuW/lXZ+/I
 cvocy+UtJstgZIj/koa87o50yciZ8LD4ITjiGwV4AtWL7v7ildxppq3nLRvGwgiZPlgZ
 N6h4wk3NRzs/xCqLEmhxNcXZabH1XavHmLm6czqxymqT4t6sKvrrn6037qgWBNbtcJ73
 uR6+BF0+n1gRxrfoFr6AtVkkT8mJtXuhHYlrMBzvhcBESeu2HK9vVBIrNRC473VUNar4
 sy0b9YGbaCSW/JMYwi0L0N8O1MXj3MeB1aYy/0ZngnlEaAlxFvKgBYe2iUfP708dJz5L
 mssg==
X-Gm-Message-State: APf1xPDTUE9QiZZ8D44kXzSxvGau6AQHqpTFYLlUhS+8ZFnIbgcTfwW2
 WO6PPVbxjDoJNgM8Dfech7ZhW6Bzz4o=
X-Google-Smtp-Source: AH8x2263Mrl5eCYbfkv8RZSVAQFMXlkIP/0/Tiwc86zJhom8pz3j47dwmzAg6zAglqSUh9Rzia6e+g==
X-Received: by 10.80.205.219 with SMTP id h27mr702703edj.159.1518996359621;
 Sun, 18 Feb 2018 15:25:59 -0800 (PST)
Received: from mutt-hbsd ([93.174.93.71])
 by smtp.gmail.com with ESMTPSA id w2sm18678309edb.25.2018.02.18.15.25.57
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 18 Feb 2018 15:25:58 -0800 (PST)
Date: Sun, 18 Feb 2018 18:25:50 -0500
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Tim Daneliuk <tundra@tundraware.com>
Cc: "Eric A. Borisch" <eborisch@gmail.com>,
 David Marec <david.marec@davenulle.org>, freebsd-stable@freebsd.org
Subject: Re: stable/11 r329462 - Meltdown/Spectre MFC questions
Message-ID: <20180218232550.wp4ukhvnitlkc3cj@mutt-hbsd>
References: <20180217194726.GA79666@icarus.home.lan>
 <58099107-bc04-8ad9-3909-16bf5297dd2b@davenulle.org>
 <20180218165001.whbmonks7fq27mgq@mutt-hbsd>
 <eebc9302-3362-be0e-0ae7-d330d03d8a96@davenulle.org>
 <d977bcbf-347a-2b86-f07d-e3006d77e380@tundraware.com>
 <CAASnNnpcvw03bbm2wB8-odo0tSbuVwuK51+Ec00d3H1r9Jf69g@mail.gmail.com>
 <9b010393-e60f-5cbf-0a55-6082798fd237@tundraware.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="lj5w6dxbkmiyfsyq"
Content-Disposition: inline
In-Reply-To: <9b010393-e60f-5cbf-0a55-6082798fd237@tundraware.com>
X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT FreeBSD 12.0-CURRENT 
X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE
User-Agent: NeoMutt/20171215
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Feb 2018 23:26:01 -0000


--lj5w6dxbkmiyfsyq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 18, 2018 at 10:02:08PM +0000, Tim Daneliuk wrote:
> On 02/18/2018 09:50 PM, Eric A. Borisch wrote:
> >=20
> > On Sun, Feb 18, 2018 at 3:17 PM Tim Daneliuk <tundra@tundraware.com <ma=
ilto:tundra@tundraware.com>> wrote:
> >=20
> >     On 02/18/2018 05:47 PM, David Marec wrote:
> >     > #cpucontrol??-u??-v??/dev/cpuctl0
> >     > cpucontrol: skipping /usr/local/share/cpucontrol/m32306c3_0000002=
2.fw of rev??0x22:??up??to??date
> >=20
> >=20
> >     While we're on the subject ... where does one find these microcode =
updates
> >     anyway.?? On a 10.4-STABLE system, the command above blows out beca=
use
> >     there is no director /usr/local/share/cpucontrol ... so I am missing
> >     the magic to get it populated.
> >=20
> >     --
> >     -------------------------------------------------------------------=
---------
> >     Tim Daneliuk?? ?? ??tundra@tundraware.com <mailto:tundra@tundraware=
=2Ecom>
> >     PGP Key:?? ?? ?? ?? ??http://www.tundraware.com/PGP/
> >=20
> >=20
> > It???s provided by the sysutils/devcpu-data port.
> >=20
> > ??- Eric
> >=20
> >=20
>=20
>=20
> Yes thanks, I finally tripped across that myself :)  Do we have any insig=
ht on
> whether this addresses the latest vulnerabilities?

The latest Intel microcode gives CPUs affected by Spectre new MSRs,
one of which is to toggle IBRS. Vendors like Dell have started issuing
firmware updates that also applies the new CPU microcode. Check with
your vendor to see if they've shipped such firmware updates.

Having the CPU microcode applied is not enough. The OS needs to
support the new MSRs. FreeBSD 11-STABLE now does after the PTI and
IBRS MFCs.

Thanks,

--=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

--lj5w6dxbkmiyfsyq
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlqKC3kACgkQaoRlj1JF
bu5ADhAArQhHFotF2SfJrGXE794cn2VDyRRM13Al4i8pOV1L99KLoOBRNg4uDLh6
nT3JefTniTAcZSBfzgxbG70R2pyjbhNHneapLaeLAER+WGhIoUTCFGCV90n54Qmx
mzvsn0Fq0uSD+8IBNlDHxpqX/QIK+Ft6G3EgT+8C0/8DB7joloccs8vALnCE3Og1
sxC1CoQRpNlRaZtvGCmlxmUnsoQZ28GZ2SB9IdoMD21EqImeoCM7Q5BdF1EHIRif
ipI78dV7o6jbrNzbtXeDDiLhtv8Q2UbOAXn1Hh3PAt3vG84L6QrBLgEfpgnDqJWW
EN7Cb0B9S+wctllTFJLSaSwFgUqwA8tQftNEfGKC65IpHywFQ9pLKWl+3EVRbAhZ
JngfwNiWyxu/upY82SqiWspi4E4RYInQZ15wYMJJ4yAdF/WyHEu1WbIotwOZdu1E
KehPp1l6+sBaFBQC8kw9pKd20lybA0nT02i2UifCBVBjr2US8p+ysXBvMbFCakyk
4szAM5j8EK8AbVqmT71GDpdZAzLk4KR6EBYOi4s2JDGVdJAnOPVZg9CgZoSBvkdG
2e8Ci4lK6qwK3QE8LcMLSRk6/7LcfKKq0Balx7gft0LMwiCWZxw1tcrpJuOWX3Ak
j+rB5EqkLE9Ym6MwWW4EydJkrFBlRuSjTcoizxqjlgHWGMzsC94=
=0dYB
-----END PGP SIGNATURE-----

--lj5w6dxbkmiyfsyq--