ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
User avatar
catweazel
Level 19
Level 19
Posts: 9210
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by catweazel » Wed Jan 10, 2018 6:22 am

xenopeek wrote:Some changes are being worked on for Update Manager so below instructions are temporary.
I think your well-written post deserves a sticky or its own thread.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

User avatar
xenopeek
Level 24
Level 24
Posts: 24063
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by xenopeek » Wed Jan 10, 2018 6:31 am

Image

User avatar
thx-1138
Level 7
Level 7
Posts: 1843
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 » Wed Jan 10, 2018 7:50 am

What the...4.13.0-26 just popped up in the Update Manager, merely few hrs after 4.13.0-25? And no changelog available online?

User avatar
xenopeek
Level 24
Level 24
Posts: 24063
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by xenopeek » Wed Jan 10, 2018 7:52 am

thx-1138 wrote:What the...4.13.0-26 just popped up in the Update Manager, merely few hrs after .25? But no changelog online?
Are you looking at the right package? The actual kernel update does show me a changelog.
Image

User avatar
thx-1138
Level 7
Level 7
Posts: 1843
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 » Wed Jan 10, 2018 7:57 am

In Update Manager, clicking changelog shows:
linux-hwe (4.13.0-26.29~16.04.2) xenial; urgency=low

* linux-hwe: 4.13.0-26.29~16.04.2 -proposed tracker (LP: #1742177)

* linux: 4.13.0-25.29 -proposed tracker (LP: #1741955)

* CVE-2017-5754
- Revert "UBUNTU: [Config] updateconfigs to enable PTI"
- [Config] Enable PTI with UNWINDER_FRAME_POINTER

-- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Tue, 09 Jan 2018 09:25:51 -0200

linux (4.13.0-24.28) artful; urgency=low
...over at Launchpad, no reference whatsoever though to .26?...Confused... :?

Edit: http://changelogs.ubuntu.com/changelogs ... /changelog exists fine, nothing for 4.13.0-26.29 under http://changelogs.ubuntu.com/changelogs ... n/l/linux/...
Maybe some small glitch from Canonical...
Last edited by thx-1138 on Wed Jan 10, 2018 8:01 am, edited 1 time in total.

kitaubila
Level 1
Level 1
Posts: 21
Joined: Tue Jan 03, 2017 7:03 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by kitaubila » Wed Jan 10, 2018 7:59 am

I also just updated to x.25 and after restart I can se x.26. is this normal/ok?

I also see that they changed here from 25 to 26:

viewtopic.php?f=90&t=261343

thanks all

User avatar
xenopeek
Level 24
Level 24
Posts: 24063
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by xenopeek » Wed Jan 10, 2018 8:03 am

Yes, you should be using kernel 4.4.0-109 or 4.13.0-26. Some people had boot issues with 4.4.0-108 or 4.13.0-25 and this should resolve that.
Image

User avatar
thx-1138
Level 7
Level 7
Posts: 1843
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 » Wed Jan 10, 2018 8:06 am

Thanks xenopeek.

User avatar
Lucap
Level 5
Level 5
Posts: 913
Joined: Tue May 24, 2016 1:40 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Lucap » Wed Jan 10, 2018 8:30 am

https://www.phoronix.com/scan.php?page= ... -Microcode

Intel Posts Updated Microcode Files For Linux

phil995511
Level 4
Level 4
Posts: 333
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 » Wed Jan 10, 2018 9:35 am

Look this about Mint and Meltdown/Spectre :

https://blog.linuxmint.com/
Last edited by phil995511 on Wed Jan 10, 2018 10:22 am, edited 1 time in total.
Linux Mint 19.2 Cinnamon 64 Bits on Dell XPS 9570 (i7-8750H) laptop / Debian 10 Buster Cinnamon 64 Bits on customized workstation (i7-5960X @ 3.8 Ghz) / Raspbian 10 Buster on Raspberry Pi 4

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 10:19 am

https://github.com/speed47/spectre-meltdown-checker (Spectre & Meltdown vulnerability/mitigation checker for Linux )

User avatar
ArtGirl
Level 4
Level 4
Posts: 388
Joined: Sat Apr 15, 2017 1:16 pm
Location: UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl » Wed Jan 10, 2018 10:28 am

michael louwe wrote:
Ensure that your Intel processor is covered by the microcode fix from Intel.
For an example of the GUI steps for a tar.gz file, please refer to ... https://askubuntu.com/questions/713734/ ... untu-14-04
Normally, you just need to double-click on the appropriate installation files to run them. In the above link, I think step 5 onwards are for a non-normal install in non-mainstream Linux distros.
Seems even big pictures aren't getting through this brain now, lol, but thank you very much for the link. Much appreciate. Yes, processor is covered. The risk of me messing this up is 100% safe to bet on, so I'll wait until it comes through or there's a deb file.
18.3 Mate 64bit
Radeon R9 255, Mesa 17.2.8, 4.15.0-13,
Lenovo x310, intel i7-4790, 16 ram,
Ugee 2150


For any advice I've been able to add, eg re graphics tablets, please search forum.

Image

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 10:30 am

@ now3by, .......
now3by wrote:
now3by wrote:That list show all CPU that have microcode update since they are released from factory with the default microcode included and not CPU that have microcode update for Spectre and Meltdown flaws !

It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !
why don't you compare microcode-20180108 and microcode-20171117 to see that only few files are updated ?
AFAIK, Intel microcodes are proprietary and encrypted. So their changelogs are very brief(to prevent reverse engineering.?), ie Intel do not reveal the full description of the changes.
.
Bear in mind that Intel were aware of the Meltdown & Spectre bugs since June 2017. So, it is not a surprise that Intel already have the microcode patch for Linux covering nearly all their processors.

The Jan 2018 news reports detailed Intel releasing BIOS firmware updates to the OEMs(eg Lenovo, Dell, etc) in stages, ie for Windows and MacOS, which are the majority OS in the world(= about 97%). Whereas, Linux microcode patches from Intel/AMD can be installed by the OS, eg through Driver Manager.
While the regular approach to getting this microcode update is via a BIOS update, Intel realizes that this can be an administrative hassle. The Linux* operating system has a mechanism to update the microcode after booting. For example, this file will be used by the operating system mechanism if the file is placed in the /etc/firmware directory of the Linux system.
https://downloadcenter.intel.com/downlo ... roduct=873

User avatar
ArtGirl
Level 4
Level 4
Posts: 388
Joined: Sat Apr 15, 2017 1:16 pm
Location: UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl » Wed Jan 10, 2018 10:40 am

michael louwe wrote:https://github.com/speed47/spectre-meltdown-checker (Spectre & Meltdown vulnerability/mitigation checker for Linux )
Made the .sh runnable, and open via terminal, but a terminal screen flashes up then vanishes. System seized up for a while then. I managed to grab a screenshot when the screen flashed up, and it's showing the beginning of results ... so far 'unknown' (Spectre Variant 1: unable extract kernel from boot/impossible to check) and warnings about Spectre Variant 2 (unknown/no). Is it meant to flash up then gather a lot of information, and then would come back up?
18.3 Mate 64bit
Radeon R9 255, Mesa 17.2.8, 4.15.0-13,
Lenovo x310, intel i7-4790, 16 ram,
Ugee 2150


For any advice I've been able to add, eg re graphics tablets, please search forum.

Image

now3by
Level 2
Level 2
Posts: 65
Joined: Mon Jan 23, 2017 1:56 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by now3by » Wed Jan 10, 2018 10:49 am

this is the result on a LM laptop with latest microcode and kernel :lol:

Code: Select all

Spectre and Meltdown mitigation detection tool v0.16

Checking vulnerabilities against Linux 4.4.0-109-generic #132~14.04.1-Ubuntu SMP Tue Jan 9 21:46:42 UTC 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Kernel compiled with LFENCE opcode inserted at the proper places:  NO  (only 45 opcodes found, should be >= 70)
> STATUS:  VULNERABLE 

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)
Linux...

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 10:52 am

@ Artgirl, .......
Artgirl wrote:...
.
Sorry, I have not use it, ie the vulnerability checker from github.

I'm waiting for the dust to settle down first.

Pippin
Level 4
Level 4
Posts: 273
Joined: Wed Dec 13, 2017 11:14 am
Location: NL/DE/TH

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pippin » Wed Jan 10, 2018 10:58 am

michael louwe wrote: I'm waiting for the dust to settle down first.
Me too...
Everything is electric.

Laurent85
Level 16
Level 16
Posts: 6072
Joined: Tue May 26, 2015 10:11 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Laurent85 » Wed Jan 10, 2018 11:11 am

As stable kernel Maintainer Greg Kroah-Hartman said that will take a few weeks before a fix is merged into upstream kernel tree to address Spectre vulnerabilities.

There might be unofficial kernels around addressing Spectre flaws somehow but patches are still under heavy development. Moreover those patches also needs a cpu microcode update for variant #2 Spectre vulnerability.
Image

User avatar
Terryphi
Level 3
Level 3
Posts: 167
Joined: Mon Jun 06, 2011 6:30 am
Location: West Wales. UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Terryphi » Wed Jan 10, 2018 11:12 am

Here are the instructions in the Release Notes for the intel firmware:

Code: Select all

-- Microcode update instructions --
This package contains Intel microcode files in two formats:
* microcode.dat
* intel-ucode directory 

microcode.dat is in a traditional text format. It is still used in some
Linux distributions. It can be updated to the system through the old microcode
update interface which is avaialble in the kernel with
CONFIG_MICROCODE_OLD_INTERFACE=y.

To update the microcode.dat to the system, one need:
1. Ensure the existence of /dev/cpu/microcode
2. Write microcode.dat to the file, e.g.
  dd if=microcode.dat of=/dev/cpu/microcode bs=1M


intel-ucode dirctory contains binary microcode files named in
family-model-stepping pattern. The file is supported in most modern Linux
distributions. It's generally located in the /lib/firmware directory,
and can be updated throught the microcode reload interface.

To update the intel-ucode package to the system, one need:
1. Ensure the existence of /sys/devices/system/cpu/microcode/reload
2. Copy intel-ucode directory to /lib/firmware, overwrite the files in
/lib/firmware/intel-ucode/
3. Write the reload interface to 1 to reload the microcode files, e.g.
  echo 1 > /sys/devices/system/cpu/microcode/reload
Looking at the Mint 18.3 file structure it seems that the intel-ucode method may be best for Mint. Has anyone tried this?
The big question is if it all goes wrong how does one revert to the original firmware? Also, the default Driver Manager setting is "Do not update the CPU microcode" so even if the firmware upgrade is applied would it not take effect until this setting is changed? As ArtGirl suggested will this fix become available in the Driver Manager?
Last edited by Terryphi on Wed Jan 10, 2018 11:23 am, edited 2 times in total.
Version: LM 19.2 64bit Mate "If something is worth doing, it is worth doing for free."

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 11:15 am

@ now3by, .......
now3by wrote:...
.
Are you certain that Intel microcode 20180108 has been installed.? ... dmesg | grep microcode

Post Reply

Return to “Open chat”