Page 11 of 30

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Tue Jan 09, 2018 7:02 pm
by ArtGirl
I just installed 4.4.0-108, and the system is fine. Is this the actual patched version?, as I can see 4.4.110 on https://www.kernel.org/. I'm running 4.13, so the 4.4.0-108 isn't active? Thanks.

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Tue Jan 09, 2018 7:05 pm
by JeremyB
Artgirl, you need to use grub menu at boot, select advanced options, then scroll down to the 4.4.0-108 kernel to boot into it
That is the patched one

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Tue Jan 09, 2018 7:25 pm
by ArtGirl
JeremyB wrote:Artgirl, you need to use grub menu at boot, select advanced options, then scroll down to the 4.4.0-108 kernel to boot into it
That is the patched one
Thanks, JeremyB. Much appreciate.
EDIT: Krita's running just the same as when unpatched, on the patched 4.4. :)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Tue Jan 09, 2018 7:30 pm
by Laurent85
You can also check dmesg output for kpti status (kernel page table isolation) which fixes variant #3 Meltdown vulnerabilty:

Code: Select all

dmesg | grep isolation
[    0.000000] Kernel/User page tables isolation: enabled

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Tue Jan 09, 2018 10:37 pm
by ArtGirl
I've just installed 4.13.0-25 and the system is running perfectly (Krita, Wine/games incl large games, etc)! Thanks so much to everyone involved. Off to donate. :)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 12:33 am
by smurphos
For anyone on 4.10 please be aware that Update Manager is not picking up the patched 4.13.0-25.29~16.04.2 as a recommended security update as might be expected. It is there and can be manually installed from the kernel section of Update Manager.

I don't think this is a fault in Update Manager - this kernel is still flagged by Ubuntu devs as HWE-Edge for 16.04 and not HWE which I think prevents Update Manager recommending it.

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 1:16 am
by michael louwe
https://access.redhat.com/articles/3311301 (how to use the Terminal to disable the KPTI/Meltdown and Spectre patches, if needed)

https://www.theregister.co.uk/2018/01/0 ... _problems/ (dated 8 Jan 2018 - more problems from the Windows Meltdown patch)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 1:43 am
by michael louwe
As per https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown (up to 9 Jan 2018), the KPTI/Meltdown patch has been released for Ubuntu and Ubuntu-based distros and is in Linux kernel 3.13.139, 4.4.108 and 4.13.25.
... Bear in mind that these kernels from Canonical-Ubuntu are different from those KPTI-patched kernels in kernel.org, even if they have the same numbering.

What about the BIOS/firmware/microcode updates to patch for the Spectre bug.? Do we get them from the OEMs or from Update/Driver Manager.?

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 2:42 am
by thx-1138

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 3:09 am
by michael louwe
@ thx-1138, .......
thx-1138 wrote:https://downloadcenter.intel.com/downlo ... -Data-File
For those interested...
Thx.

From the link, looks like, nearly all affected Intel processors up to 20+ years old can be patched for the Spectre bug through Linux.

The microcode fix is a tar.gz file = download, extract to a folder, go through the Read.me file for the installation instructions, install and reboot.

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 4:01 am
by ArtGirl
michael louwe wrote: From the link, looks like, nearly all affected Intel processors up to 20+ years old can be patched for the Spectre bug through Linux.

The microcode fix is a tar.gz file = download, extract to a folder, go through the Read.me file for the installation instructions, install and reboot.
Eek, that's too complicated an install for me, but great that the update is available. Are there any very simple instructions, preferably with big pictures, lol? I'm thinking that with this microcode being a security update it may not be long before it's in the Drivers section?

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 4:17 am
by now3by
Old Intel CPU are not yet updated for Spectre & Meltdown !
Latest Intel microcode 20180108 update only 8 CPUs models:

!New_cpu306E4_platED_ver0000042A_2017-12-01_PRD_9B215C1F.bin
!New_cpu706A1_plat01_ver00000022_2017-12-26_PRD_CA264967.bin
!New_cpu806EA_platC0_ver00000080_2018-01-04_PRD_F6263DAE.bin
!New_cpu906EA_plat22_ver00000080_2018-01-04_PRD_84CABC68.bin
!New_cpu906EB_plat02_ver00000080_2018-01-04_PRD_D24EDB7F.bin
!New_cpu50654_platB7_ver0200003C_2017-12-08_PRD_A4059069.bin
!New_cpu50662_plat10_ver00000014_2017-12-16_PRD_9161527A.bin
!New_cpu50663_plat10_ver07000011_2017-12-16_PRD_B17C1102.bin

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 4:21 am
by ArtGirl
now3by wrote:Old Intel CPU are not yet updated for Spectre & Meltdown !
Latest Intel microcode 20180108 update only 8 CPUs models:

!New_cpu306E4_platED_ver0000042A_2017-12-01_PRD_9B215C1F.bin
!New_cpu706A1_plat01_ver00000022_2017-12-26_PRD_CA264967.bin
!New_cpu806EA_platC0_ver00000080_2018-01-04_PRD_F6263DAE.bin
!New_cpu906EA_plat22_ver00000080_2018-01-04_PRD_84CABC68.bin
!New_cpu906EB_plat02_ver00000080_2018-01-04_PRD_D24EDB7F.bin
!New_cpu50654_platB7_ver0200003C_2017-12-08_PRD_A4059069.bin
!New_cpu50662_plat10_ver00000014_2017-12-16_PRD_9161527A.bin
!New_cpu50663_plat10_ver07000011_2017-12-16_PRD_B17C1102.bin
There's a huge list that can be seen by following the link 3 posts above; I know, as I had to copy/paste them all into a text file to be able to search, with there being so many. Easier to search for your system that way ... look at System Settings/System Info first, loading it up into browser (github page).

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 4:25 am
by now3by
That list show all CPU that have microcode update since they are released from factory with the default microcode included and not CPU that have microcode update for Spectre and Meltdown flaws !

It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 4:27 am
by michael louwe
@ Artgirl, .......
Artgirl wrote:...
Ensure that your Intel processor is covered by the microcode fix from Intel.
.
For an example of the GUI steps for a tar.gz file, please refer to ... https://askubuntu.com/questions/713734/ ... untu-14-04

Normally, you just need to double-click on the appropriate installation files to run them. In the above link, I think step 5 onwards are for a non-normal install in non-mainstream Linux distros.

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 5:03 am
by michael louwe
@ now3by, .......
now3by wrote:...
.
These links ... https://news.ycombinator.com/item?id=16111433 and https://bugs.launchpad.net/ubuntu/+sour ... ug/1742364
confirm that the latest Intel microcode 20180108(courtesy of thx-1138) is for the Spectre bug and applies to nearly all Intel processors.

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 5:20 am
by now3by
I tested myself few old CPUs in hw I have here: N3530, I5-520M, I5-3470, E8400, E8500, Q6600 with latest Intel microcode-20180108 and they have no new microcode update since microcode-20171117 and previous.
Tested new I5-7400 CPU and it have a microcode update.

Test yourself and let us know for what CPU you found microcode update that patch Spectre...

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 5:42 am
by michael louwe
@ now3by, .......
now3by wrote:...
.
According to this link ... https://downloadcenter.intel.com/produc ... 3-MHz-FSB- , the latest Intel microcode 20180108 can be applied to the Intel E8400 processors.

LM users may download the microcode tar.gz file, extract it, read the Release notes for installation instructions, install it through the Terminal and reboot.
... Or they can wait for the Intel microcode 20180108 update to appear in Driver Manager = easier to install.

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 5:49 am
by now3by
now3by wrote:That list show all CPU that have microcode update since they are released from factory with the default microcode included and not CPU that have microcode update for Spectre and Meltdown flaws !

It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !
why don't you compare microcode-20180108 and microcode-20171117 to see that only few files are updated ?

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Posted: Wed Jan 10, 2018 5:51 am
by kitaubila
I'm completely lost with all this spectre/meltdown issue and the list of updates/patches that never ends :-(.
Also I'm a complete LM newbie :( . Can anyone explain what I should install or keep my eye out for these 2 systems.
I have 2 LMs in my VirtualBox:

RELEASE=17.3
CODENAME=rosa
EDITION="MATE 64-bit"
kernel:
3.19.0-32-generic #37~14.04.1-Ubuntu SMP

and

RELEASE=18.2
CODENAME=sonya
EDITION="Xfce 64-bit"
kernel:
4.10.0-32-generic #36~16.04.1-Ubuntu SMP


P.S. what is this microcode now? is this something like .inf (driver) in Win? So I need this in LM together with new kernel when they appear?
Is there any way to patch FireFox v56 for spectre/meltdown cos I really hate v57 and the thing that I can't use half of my add-ons :-(.

thanks