Date: Wed, 15 May 2019 09:32:12 -0400 From: mike tancsa <mike@sentex.net> To: "Wall, Stephen" <stephen.wall@redcom.com>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds Message-ID: <31b178d5-9998-d2a3-cc4c-d3f7d574743a@sentex.net> In-Reply-To: <cdf6982694db447985b15e9170256fe5@exch-02.redcom.com> References: <20190515000302.44CBB1AB79@freefall.freebsd.org> <cdf6982694db447985b15e9170256fe5@exch-02.redcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/15/2019 8:18 AM, Wall, Stephen wrote: >> New CPU microcode may be available in a BIOS update from your system v= endor, >> or by installing the devcpu-data package or sysutils/devcpu-data port.= >> Ensure that the BIOS update or devcpu-data package is dated after 2014= -05-14. >> >> If using the package or port the microcode update can be applied at bo= ot time >> by adding the following lines to the system's /boot/loader.conf: >> >> cpu_microcode_load=3D"YES" >> cpu_microcode_name=3D"/boot/firmware/intel-ucode.bin" > Is this applicable in a virtualized environment, or only on bare metal?= > If not applicable in a VM, is it at least harmless? Actually, just tried this on RELENG_11 (r347613)=C2=A0 and I get don't know how to load module '/boot/firmware/intel-ucode.bin' In boot/loader.conf I have cpu_microcode_load=3D"YES" cpu_microcode_name=3D"/boot/firmware/intel-ucode.bin" # ls -l /boot/firmware/intel-ucode.bin -rw-r--r--=C2=A0 1 root=C2=A0 wheel=C2=A0 uarch 2571264 May 15 08:47 /boot/firmware/intel-ucode.bin # sha256 /boot/firmware/intel-ucode.bin SHA256 (/boot/firmware/intel-ucode.bin) =3D 1fdb3a25467d285394eded8039ee8ab488f074903654981d35a4cdfe6ebf12fc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31b178d5-9998-d2a3-cc4c-d3f7d574743a>