help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Meltdown & Spectre


From: znavko
Subject: Meltdown & Spectre
Date: Sat, 24 Nov 2018 19:58:51 +0100 (CET)

Hello! I am using pc to visit web-sites. Using GNU/Linux is much safer than other OS.
Yes, IceCat has wonderful LibreJS plugin that may defend me from vulnerabilities.
I've found bash-script checker Meltdown & Spectre vulnerabilities https://github.com/shaman007/spectre-meltdown-checker

I am seeing this:

#  ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.37+

Checking for vulnerabilities on current system
Kernel is Linux 4.19.1-gnu #1 SMP 1 x86_64
CPU is Intel(R) Pentium(R) CPU  N3530  @ 2.16GHz
We're missing some kernel info (see -v), accuracy might be reduced
..
..
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES
    * IBRS enabled and active:  NO
  * Kernel is compiled with IBPB support:  UNKNOWN  (in offline mode, we need the kernel image to be able to tell)
    * IBPB enabled and active:  NO
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO
  * Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
> STATUS:  VULNERABLE  (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability)

> How to fix: To mitigate this vulnerability, you need either IBRS + IBPB, both requiring hardware support from your CPU microcode in addition to kernel support, or a kernel compiled with retpoline and IBPB

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability:  NO
> STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this vulnerability)

# guix package -s readelf
#

Please, is what can I use instead of readelf for this script?
Also, how to embed necessary microcode?

Could you share your options in meltdown and spectre defense?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]