From nobody Wed Aug 09 08:27:38 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RLNTy4X39z4mPBc for ; Wed, 9 Aug 2023 08:27:50 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from gilb.zs64.net (gilb.zs64.net [IPv6:2a00:14b0:4200:32e0::1ea]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "gilb.zs64.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RLNTy2XfHz4b0p for ; Wed, 9 Aug 2023 08:27:50 +0000 (UTC) (envelope-from stb@lassitu.de) Authentication-Results: mx1.freebsd.org; none Received: by gilb.zs64.net (Postfix, from stb@lassitu.de) id D85A95434A9; Wed, 9 Aug 2023 08:27:41 +0000 (UTC) Content-Type: multipart/signed; boundary="Apple-Mail=_7548FB61-D00B-4014-995B-3AFE22C9C6B6"; protocol="application/pgp-signature"; micalg=pgp-sha512 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: Re: Downfall microcode update From: Stefan Bethke In-Reply-To: <189d93e0238.2805.fa4b1493b064008fe79f0f905b8e5741@Leidinger.net> Date: Wed, 9 Aug 2023 10:27:38 +0200 Cc: freebsd-security@freebsd.org Message-Id: <6492527E-625A-416F-9681-09D8EF54C949@lassitu.de> References: <189d93e0238.2805.fa4b1493b064008fe79f0f905b8e5741@Leidinger.net> To: Alexander Leidinger X-Mailer: Apple Mail (2.3731.700.6) X-Rspamd-Queue-Id: 4RLNTy2XfHz4b0p X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:13135, ipnet:2a00:14b0::/32, country:DE] --Apple-Mail=_7548FB61-D00B-4014-995B-3AFE22C9C6B6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Thank you! > Am 09.08.2023 um 09:41 schrieb Alexander Leidinger = : >=20 > Hi, >=20 > The real microcode is in sysutils/devcpu-data-intel and updated much = more recently. >=20 > You can load the microcode from loader, or from a rc.d service. >=20 > Bye, > Alexander. >=20 > -- > Send from a mobile device, please forgive brevity and misspellings. >=20 > Am 9. August 2023 09:33:06 schrieb Stefan Bethke : >=20 >> https://downfall.page/#faq >>=20 >> Apparently, Intel will be issuing a microcode update for this. What = is the recommended way to automatically apply these during boot? I see = that I have cpupdate-g20180513_4 installed, which appears to be = maintained despite the scarily old date in the version number :-) = https://www.freshports.org/sysutils/cpupdate/ >>=20 >> The servers I'm concerned about are old enough to not receive BIOS = updates ever again. >>=20 >>=20 >> Thanks, >> Stefan >>=20 >> -- >> Stefan Bethke Fon +49 151 14070811 >=20 -- Stefan Bethke Fon +49 151 14070811 --Apple-Mail=_7548FB61-D00B-4014-995B-3AFE22C9C6B6 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEJ+hF98o4r3eU/HiPD885WK4W4sEFAmTTTfoACgkQD885WK4W 4sG0JAgAuyrdUVARGvA1GBX2kManaKwKa1Wv2uzQdAypXnt5rVnDvHRPSmcKfOCc 8v0vgpe6HODCwyUI+zykt/0+g5vWH7z8wAf7Ez0zIfjEO/9pnCkUCbA1pAXXcP9T TAjPGPRolKWoeM5xCOeiTL6gxIO/c9PyNIYMW7RNBTj33c6JJTEmYitfv2Asfw8+ TKcfg32qUXUEAzLwEEkPSX6wuxZ7HMytgkji55Ppe6ZNWKKu2JIbdtNWa3NodgSh Woj7ryzi2tCjogQKIiCsJCBRBFD1pTHPGIGE6dKVKC/F+dKFwWu4pXK3JPbHcln5 KspyWnh7drACbklKLcZCu55QcDglQw== =4Mua -----END PGP SIGNATURE----- --Apple-Mail=_7548FB61-D00B-4014-995B-3AFE22C9C6B6--