Date: Wed, 15 May 2019 09:32:12 -0400 From: mike tancsa <mike@sentex.net> To: "Wall, Stephen" <stephen.wall@redcom.com>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds Message-ID: <31b178d5-9998-d2a3-cc4c-d3f7d574743a@sentex.net> In-Reply-To: <cdf6982694db447985b15e9170256fe5@exch-02.redcom.com> References: <20190515000302.44CBB1AB79@freefall.freebsd.org> <cdf6982694db447985b15e9170256fe5@exch-02.redcom.com>
index | next in thread | previous in thread | raw e-mail
On 5/15/2019 8:18 AM, Wall, Stephen wrote: >> New CPU microcode may be available in a BIOS update from your system vendor, >> or by installing the devcpu-data package or sysutils/devcpu-data port. >> Ensure that the BIOS update or devcpu-data package is dated after 2014-05-14. >> >> If using the package or port the microcode update can be applied at boot time >> by adding the following lines to the system's /boot/loader.conf: >> >> cpu_microcode_load="YES" >> cpu_microcode_name="/boot/firmware/intel-ucode.bin" > Is this applicable in a virtualized environment, or only on bare metal? > If not applicable in a VM, is it at least harmless? Actually, just tried this on RELENG_11 (r347613) and I get don't know how to load module '/boot/firmware/intel-ucode.bin' In boot/loader.conf I have cpu_microcode_load="YES" cpu_microcode_name="/boot/firmware/intel-ucode.bin" # ls -l /boot/firmware/intel-ucode.bin -rw-r--r-- 1 root wheel uarch 2571264 May 15 08:47 /boot/firmware/intel-ucode.bin # sha256 /boot/firmware/intel-ucode.bin SHA256 (/boot/firmware/intel-ucode.bin) = 1fdb3a25467d285394eded8039ee8ab488f074903654981d35a4cdfe6ebf12fchelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31b178d5-9998-d2a3-cc4c-d3f7d574743a>