FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution
Andrea Venturoli
ml at netfence.it
Fri Mar 16 16:18:14 UTC 2018
On 03/14/18 05:29, FreeBSD Security Advisories wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> =============================================================================
> FreeBSD-SA-18:03.speculative_execution Security Advisory
> ...
Hello.
After upgrading two machines (one with an AMD Phenom II X4 925, the
other with a Pentium 987), I'd like to get just a couple of confirmations...
> # sysctl vm.pmap.pti
> vm.pmap.pti: 1
Of course I find this enabled on the Intel box and not on the AMD one,
but... is PTI in any way affected by a microcode update from Intel?
> The patch includes the IBRS mitigation for Spectre V2. To use the mitigation
> the system must have an updated microcode; with older microcode a patched
> kernel will function without the mitigation.
>
> IBRS can be disabled via the hw.ibrs_disable sysctl (and tunable), and the
> status can be checked via the hw.ibrs_active sysctl. IBRS may be enabled or
> disabled at runtime. Additional detail on microcode updates will follow.
None of the two box seems to have this enabled; on both I see:
> # sysctl -a|grep ibrs
> hw.ibrs_disable: 1
> hw.ibrs_active: 0
Does this mean both machine don't have a good enough microcode or is
just IBRS not enabled by default?
In the first case, I tried finding some information on what microcode is
available for what CPU (I'm interested in several other ones, not only
these two), but failed. Has anyone a pointer?
Last question: am I right that devcpu-data is nowaday useless (read no
microcode update anyway) unless this update to base is also installed?
bye & Thanks
av.
More information about the freebsd-security
mailing list