Spectre and Meltdown: Next Generation
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Re: Spectre and Meltdown: Next Generation
so far...no problems with startup speed...no problems with system speed...still starting in cold start @ 37 seconds...going into second hour of testing...DAMIEN
Re: Spectre and Meltdown: Next Generation
just went into total shutdowm...full cold boot still timing out at 37 seconds...so far so good with new microcode in the second hour of testing...DAMIEN
Re: Spectre and Meltdown: Next Generation
In principle correct. But all what I did was to translate the passage of the article, I did not want to interpret or correct it. (And in German language the terms Swiss cheese and Emmentaler are often used as synonyms, although this is not correct.)absque fenestris wrote: ⤴Thu May 03, 2018 7:40 pm At least as far as the Swiss cheese with the holes is concerned - more precisely it is the Emmentaler:
(In the English version as provided by heise the comparison with any cheese has been removed.)
- absque fenestris
- Level 12
- Posts: 4110
- Joined: Sat Nov 12, 2016 8:42 pm
- Location: Confoederatio Helvetica
Re: Spectre and Meltdown: Next Generation
Don't mention it. But it was too good an opportunity to do some promotion for home.
Re: Spectre and Meltdown: Next Generation
hi folks...my testing results for new microcodes...1- for intel and 1- for amd ...they seem to work just fine...terminal report for amd processor on my main computer...AMD Beavercreek Processor...
dpkg -l | grep microcode
ii amd64-microcode 3.20171205.2 amd64 Processor microcode firmware for AMD CPUs
grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"
CONFIG_PAGE_TABLE_ISOLATION=y
patched
grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline
terminal report for my intel i5 sandybridge auxillary system
dpkg -l | grep microcode
ii intel-microcode 3.20180425.1 amd64 Processor microcode firmware for Intel CPUs
ii iucode-tool 1.5.1-1ubuntu0.1 amd64 Intel processor microcode tool
second...damien1@damien1 ~ $ grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"
CONFIG_PAGE_TABLE_ISOLATION=y
patched
third...damien1@damien1 ~ $ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW
nothing has borked as of yet...DAMIEN
here are the links to oregon state university repositories if anyone is interested...the first will be for AMD...the 2nd will be for intel...there are no new microcodes for 32 bit as of yet...newest amd is dated may 4th...the newest intel is dated may 2nd...i used the .deb installers for both machines...DAMIEN
http://ftp.us.debian.org/debian/pool/no ... microcode/
http://ftp.us.debian.org/debian/pool/no ... microcode/
dpkg -l | grep microcode
ii amd64-microcode 3.20171205.2 amd64 Processor microcode firmware for AMD CPUs
grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"
CONFIG_PAGE_TABLE_ISOLATION=y
patched
grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline
terminal report for my intel i5 sandybridge auxillary system
dpkg -l | grep microcode
ii intel-microcode 3.20180425.1 amd64 Processor microcode firmware for Intel CPUs
ii iucode-tool 1.5.1-1ubuntu0.1 amd64 Intel processor microcode tool
second...damien1@damien1 ~ $ grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"
CONFIG_PAGE_TABLE_ISOLATION=y
patched
third...damien1@damien1 ~ $ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW
nothing has borked as of yet...DAMIEN
here are the links to oregon state university repositories if anyone is interested...the first will be for AMD...the 2nd will be for intel...there are no new microcodes for 32 bit as of yet...newest amd is dated may 4th...the newest intel is dated may 2nd...i used the .deb installers for both machines...DAMIEN
http://ftp.us.debian.org/debian/pool/no ... microcode/
http://ftp.us.debian.org/debian/pool/no ... microcode/
Last edited by DAMIEN1307 on Fri May 04, 2018 3:48 pm, edited 1 time in total.
- AZgl1800
- Level 20
- Posts: 11183
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: Spectre and Meltdown: Next Generation
I wonder at how much exposure the average user will ever see to one of these hack attempts?
99% of my surfing time is on 4 forums.
0.001% reading news.google.com and following a few news articles.
Emails from unknown senders? usually get 'spammed' with a click, that is IF they make it thru Yahoo's, or Gmail's own spam filters.
99% of my surfing time is on 4 forums.
0.001% reading news.google.com and following a few news articles.
Emails from unknown senders? usually get 'spammed' with a click, that is IF they make it thru Yahoo's, or Gmail's own spam filters.
Re: Spectre and Meltdown: Next Generation
To my knowledge with this issue at this time, i believe that these Spectre annoyances are being aimed more so at servers and will affect things like Cloudflare, cloudfront, AWS and things of the like...the average user, whether he/she likes it or not, use these services everytime they use the internet/web...so i guess all computer users will be effected by this one way or the other...DAMIEN
Re: Spectre and Meltdown: Next Generation
This is the view from the BBC Technology web page:
http://www.bbc.co.uk/news/technology-44003850
http://www.bbc.co.uk/news/technology-44003850
Best wishes,
Linux Mint 21:2 Cinnamon 5.8.4 - Desktop
Linux Mint 21:2 - VAIO Laptop
Linux Mint 21:2 Cinnamon 5.8.4 - Desktop
Linux Mint 21:2 - VAIO Laptop
- Portreve
- Level 13
- Posts: 4870
- Joined: Mon Apr 18, 2011 12:03 am
- Location: Within 20,004 km of YOU!
- Contact:
Re: Spectre and Meltdown: Next Generation
Cosmo. wrote: ⤴Thu May 03, 2018 6:19 amSecurity researchers have found 8 new security threats, currently named as Spectre Next Generation. Intel has currently classified 4 of them as high critical. One of them is able to break the borders of the system; this means, that an exploit, running in a virtual machine, can break its border and can affect the host and other virtual machines on this host. This risk will affect all servers, which are running in a cloud as VMs.
Oh... joy. More felgercarb to slog through.Moem wrote: ⤴Thu May 03, 2018 6:30 amEN: Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
DE: Super-GAU für Intel: Weitere Spectre-Lücken im Anflug
Thanks you two. Your efforts are much appreciated.
Flying this flag in support of freedom 🇺🇦
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
More Spectre woes on the way...
https://www.itnews.com.au/news/eight-mo ... ors-490279
Chip giant Intel faces further security patch headaches after researchers discovered and reported eight new Spectre-style hardware vulnerabilities in the company's processors.
First reported by German IT site C'T, which said it has been given full technical details on the vulnerabilties by researchers and verified them, the flaws have been confirmed by Intel which has reserved Common Vulnerabilities and Exposures (CVE) numbers for them.
The new set of hardware flaws have been named Spectre New Generation, and Intel rates four of the eight vulnerabilities found as high severity, and the rest as medium.
Quoted from the URL above.
Chip giant Intel faces further security patch headaches after researchers discovered and reported eight new Spectre-style hardware vulnerabilities in the company's processors.
First reported by German IT site C'T, which said it has been given full technical details on the vulnerabilties by researchers and verified them, the flaws have been confirmed by Intel which has reserved Common Vulnerabilities and Exposures (CVE) numbers for them.
The new set of hardware flaws have been named Spectre New Generation, and Intel rates four of the eight vulnerabilities found as high severity, and the rest as medium.
Quoted from the URL above.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
RE: Spectre and Meltdown: Next Generation
<moderator on>
Had already been reported here at the beginning of May: Spectre and Meltdown: Next Generation.
Going to append your thread, catweazel, to that thread.
Done.
</moderator off>
Had already been reported here at the beginning of May: Spectre and Meltdown: Next Generation.
Going to append your thread, catweazel, to that thread.
Done.
</moderator off>
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
- smurphos
- Level 18
- Posts: 8498
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: Spectre and Meltdown: Next Generation
Spectre variant 4 - disclosed officially yesterday, kernel patches released today - will need as yet unavailable microcode update.....
https://www.intel.com/content/www/us/en ... 00115.html
https://wiki.ubuntu.com/SecurityTeam/Kn ... e/Variant4
https://www.intel.com/content/www/us/en ... 00115.html
https://wiki.ubuntu.com/SecurityTeam/Kn ... e/Variant4
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Here we go again!
Another CPU vulnerability https://www.zdnet.com/article/spectre-c ... CAD2e14604
Patches will be coming soon, keep your system up to date.
Patches will be coming soon, keep your system up to date.
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Re: Spectre and Meltdown: Next Generation
variant 4 (spec-storage)...newest LTS kernel 4.4.0-127 as of today, and newest AMD microcode release 3.20180515.1 as of 5-19-2018...nothing new from intel as of yet...DAMIEN
damien@DAMIEN ~ $ dpkg -l | grep microcode
ii amd64-microcode 3.20180515.1 amd64 Processor microcode firmware for AMD CPUs
damien@DAMIEN ~ $
damien@DAMIEN ~ $ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: OSB (observable speculation barrier, Intel v6)
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline
damien@DAMIEN ~ $
damien@DAMIEN ~ $ dpkg -l | grep microcode
ii amd64-microcode 3.20180515.1 amd64 Processor microcode firmware for AMD CPUs
damien@DAMIEN ~ $
damien@DAMIEN ~ $ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: OSB (observable speculation barrier, Intel v6)
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline
damien@DAMIEN ~ $
Re: Spectre and Meltdown: Next Generation
<moderator on> Threads "Here we go again!" and "Spectre and Meltdown: Next Generation" merged. </moderator off>
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
Re: Spectre and Meltdown: Next Generation
Thanks
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Re: Spectre and Meltdown: Next Generation
It is now officially known as Spectre variant 3a and Spectre variant 4...following article discusses just which CPUs are vulnerable and once again telling us about staying up to date on microcode updates as well as any update patches to come...note also that atom processors are now also included...thus far only Intel processors seem to be affected but we all know by now that the experts will probably find out that the other manufacturers products may soon join the list...more fun to come...lol...DAMIEN
https://news.softpedia.com/news/securit ... 1225.shtml
https://news.softpedia.com/news/securit ... 1225.shtml
- stephanieswitzer
- Level 4
- Posts: 235
- Joined: Mon Feb 26, 2018 12:49 pm
- Location: Ontario
Re: Spectre and Meltdown: Next Generation
So what is this processor microcode? I notice that I have a driver available in Driver Manager:
Intel-Microcode (open-source)
Version 3.20180425.1~ubuntu0.16.04.1
Should I install this as my system seems to chirping along just fine.
How can I check which version I have installed.
Intel-Microcode (open-source)
Version 3.20180425.1~ubuntu0.16.04.1
Should I install this as my system seems to chirping along just fine.
How can I check which version I have installed.
Mac-Mini running Linux Mint 20.3 Cinnamon, Intel© Core™ i5-2415M CPU @ 2.30GHz
MacBookPro9,2 running Linux Mint Cinnamon 20.3 Intel Core i5-3210M CPU @ 3.20GHz
System76 Galago Pro 4, running Linux Mint Cinnamon 20.3 Intel i5-1021 CPU @ 4.2 Ghz
MacBookPro9,2 running Linux Mint Cinnamon 20.3 Intel Core i5-3210M CPU @ 3.20GHz
System76 Galago Pro 4, running Linux Mint Cinnamon 20.3 Intel i5-1021 CPU @ 4.2 Ghz
- Spearmint2
- Level 16
- Posts: 6900
- Joined: Sat May 04, 2013 1:41 pm
- Location: Maryland, USA
Re: Spectre and Meltdown: Next Generation
AMD page
Intel page and affected processors
patched kernel now available from Update Manager, but will only show in that as 3.13.0-149-generic. Now in process of installing.
on Linux Mint 17.3, 32 bit
No Problems!
Intel page and affected processors
patched kernel now available from Update Manager, but will only show in that as 3.13.0-149-generic. Now in process of installing.
Code: Select all
Unpacking linux-image-3.13.0-149-generic (3.13.0-149.199)
Code: Select all
grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: OSB (observable speculation barrier, Intel v6)
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline
Last edited by Spearmint2 on Tue May 22, 2018 5:23 pm, edited 3 times in total.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
Re: Spectre and Meltdown: Next Generation
Hi stephanie...that microcode in your driver manager is the latest one released thru the mint updater and recommended for your system...i always install the most up to date microcode recommended and have never had a failure...yes your system is "chirping" right along with the existing microcode, however this newest one has new "mitigation" code re-written within it to mitigate vulnerabilities found in your Intel CPU chipset...this should be installed as well as any updates that will be forthcoming from the linux mint update manager...DAMIEN
run this code to check your microcode version, dont panic if nothing shows up, it just means that you have what came installed and have probably never updated it...after installing and REBOOTING your computer, run the code again and it should show up.
dpkg -l | grep microcode
after you have done the above, run this code, the last word in the terminal after running this should say "patched"
grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"
and lastly, run this code in your terminal and it will show that mitigations have been applied
grep . /sys/devices/system/cpu/vulnerabilities/*
run this code to check your microcode version, dont panic if nothing shows up, it just means that you have what came installed and have probably never updated it...after installing and REBOOTING your computer, run the code again and it should show up.
dpkg -l | grep microcode
after you have done the above, run this code, the last word in the terminal after running this should say "patched"
grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"
and lastly, run this code in your terminal and it will show that mitigations have been applied
grep . /sys/devices/system/cpu/vulnerabilities/*