ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I just installed 4.4.0-108, and the system is fine. Is this the actual patched version?, as I can see 4.4.110 on https://www.kernel.org/. I'm running 4.13, so the 4.4.0-108 isn't active? Thanks.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Artgirl, you need to use grub menu at boot, select advanced options, then scroll down to the 4.4.0-108 kernel to boot into it
That is the patched one
That is the patched one
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Thanks, JeremyB. Much appreciate.JeremyB wrote:Artgirl, you need to use grub menu at boot, select advanced options, then scroll down to the 4.4.0-108 kernel to boot into it
That is the patched one
EDIT: Krita's running just the same as when unpatched, on the patched 4.4.
Last edited by ArtGirl on Tue Jan 09, 2018 9:52 pm, edited 2 times in total.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
You can also check dmesg output for kpti status (kernel page table isolation) which fixes variant #3 Meltdown vulnerabilty:
Code: Select all
dmesg | grep isolation
[ 0.000000] Kernel/User page tables isolation: enabled
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I've just installed 4.13.0-25 and the system is running perfectly (Krita, Wine/games incl large games, etc)! Thanks so much to everyone involved. Off to donate.
- smurphos
- Level 18
- Posts: 8498
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
For anyone on 4.10 please be aware that Update Manager is not picking up the patched 4.13.0-25.29~16.04.2 as a recommended security update as might be expected. It is there and can be manually installed from the kernel section of Update Manager.
I don't think this is a fault in Update Manager - this kernel is still flagged by Ubuntu devs as HWE-Edge for 16.04 and not HWE which I think prevents Update Manager recommending it.
I don't think this is a fault in Update Manager - this kernel is still flagged by Ubuntu devs as HWE-Edge for 16.04 and not HWE which I think prevents Update Manager recommending it.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
https://access.redhat.com/articles/3311301 (how to use the Terminal to disable the KPTI/Meltdown and Spectre patches, if needed)
https://www.theregister.co.uk/2018/01/0 ... _problems/ (dated 8 Jan 2018 - more problems from the Windows Meltdown patch)
https://www.theregister.co.uk/2018/01/0 ... _problems/ (dated 8 Jan 2018 - more problems from the Windows Meltdown patch)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
As per https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown (up to 9 Jan 2018), the KPTI/Meltdown patch has been released for Ubuntu and Ubuntu-based distros and is in Linux kernel 3.13.139, 4.4.108 and 4.13.25.
... Bear in mind that these kernels from Canonical-Ubuntu are different from those KPTI-patched kernels in kernel.org, even if they have the same numbering.
What about the BIOS/firmware/microcode updates to patch for the Spectre bug.? Do we get them from the OEMs or from Update/Driver Manager.?
... Bear in mind that these kernels from Canonical-Ubuntu are different from those KPTI-patched kernels in kernel.org, even if they have the same numbering.
What about the BIOS/firmware/microcode updates to patch for the Spectre bug.? Do we get them from the OEMs or from Update/Driver Manager.?
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
@ thx-1138, .......
From the link, looks like, nearly all affected Intel processors up to 20+ years old can be patched for the Spectre bug through Linux.
The microcode fix is a tar.gz file = download, extract to a folder, go through the Read.me file for the installation instructions, install and reboot.
Thx.thx-1138 wrote:https://downloadcenter.intel.com/downlo ... -Data-File
For those interested...
From the link, looks like, nearly all affected Intel processors up to 20+ years old can be patched for the Spectre bug through Linux.
The microcode fix is a tar.gz file = download, extract to a folder, go through the Read.me file for the installation instructions, install and reboot.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Eek, that's too complicated an install for me, but great that the update is available. Are there any very simple instructions, preferably with big pictures, lol? I'm thinking that with this microcode being a security update it may not be long before it's in the Drivers section?michael louwe wrote: From the link, looks like, nearly all affected Intel processors up to 20+ years old can be patched for the Spectre bug through Linux.
The microcode fix is a tar.gz file = download, extract to a folder, go through the Read.me file for the installation instructions, install and reboot.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Old Intel CPU are not yet updated for Spectre & Meltdown !
Latest Intel microcode 20180108 update only 8 CPUs models:
!New_cpu306E4_platED_ver0000042A_2017-12-01_PRD_9B215C1F.bin
!New_cpu706A1_plat01_ver00000022_2017-12-26_PRD_CA264967.bin
!New_cpu806EA_platC0_ver00000080_2018-01-04_PRD_F6263DAE.bin
!New_cpu906EA_plat22_ver00000080_2018-01-04_PRD_84CABC68.bin
!New_cpu906EB_plat02_ver00000080_2018-01-04_PRD_D24EDB7F.bin
!New_cpu50654_platB7_ver0200003C_2017-12-08_PRD_A4059069.bin
!New_cpu50662_plat10_ver00000014_2017-12-16_PRD_9161527A.bin
!New_cpu50663_plat10_ver07000011_2017-12-16_PRD_B17C1102.bin
Latest Intel microcode 20180108 update only 8 CPUs models:
!New_cpu306E4_platED_ver0000042A_2017-12-01_PRD_9B215C1F.bin
!New_cpu706A1_plat01_ver00000022_2017-12-26_PRD_CA264967.bin
!New_cpu806EA_platC0_ver00000080_2018-01-04_PRD_F6263DAE.bin
!New_cpu906EA_plat22_ver00000080_2018-01-04_PRD_84CABC68.bin
!New_cpu906EB_plat02_ver00000080_2018-01-04_PRD_D24EDB7F.bin
!New_cpu50654_platB7_ver0200003C_2017-12-08_PRD_A4059069.bin
!New_cpu50662_plat10_ver00000014_2017-12-16_PRD_9161527A.bin
!New_cpu50663_plat10_ver07000011_2017-12-16_PRD_B17C1102.bin
Linux...
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
There's a huge list that can be seen by following the link 3 posts above; I know, as I had to copy/paste them all into a text file to be able to search, with there being so many. Easier to search for your system that way ... look at System Settings/System Info first, loading it up into browser (github page).now3by wrote:Old Intel CPU are not yet updated for Spectre & Meltdown !
Latest Intel microcode 20180108 update only 8 CPUs models:
!New_cpu306E4_platED_ver0000042A_2017-12-01_PRD_9B215C1F.bin
!New_cpu706A1_plat01_ver00000022_2017-12-26_PRD_CA264967.bin
!New_cpu806EA_platC0_ver00000080_2018-01-04_PRD_F6263DAE.bin
!New_cpu906EA_plat22_ver00000080_2018-01-04_PRD_84CABC68.bin
!New_cpu906EB_plat02_ver00000080_2018-01-04_PRD_D24EDB7F.bin
!New_cpu50654_platB7_ver0200003C_2017-12-08_PRD_A4059069.bin
!New_cpu50662_plat10_ver00000014_2017-12-16_PRD_9161527A.bin
!New_cpu50663_plat10_ver07000011_2017-12-16_PRD_B17C1102.bin
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
That list show all CPU that have microcode update since they are released from factory with the default microcode included and not CPU that have microcode update for Spectre and Meltdown flaws !
It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !
It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !
Linux...
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
@ Artgirl, .......
.
For an example of the GUI steps for a tar.gz file, please refer to ... https://askubuntu.com/questions/713734/ ... untu-14-04
Normally, you just need to double-click on the appropriate installation files to run them. In the above link, I think step 5 onwards are for a non-normal install in non-mainstream Linux distros.
Ensure that your Intel processor is covered by the microcode fix from Intel.Artgirl wrote:...
.
For an example of the GUI steps for a tar.gz file, please refer to ... https://askubuntu.com/questions/713734/ ... untu-14-04
Normally, you just need to double-click on the appropriate installation files to run them. In the above link, I think step 5 onwards are for a non-normal install in non-mainstream Linux distros.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
@ now3by, .......
These links ... https://news.ycombinator.com/item?id=16111433 and https://bugs.launchpad.net/ubuntu/+sour ... ug/1742364
confirm that the latest Intel microcode 20180108(courtesy of thx-1138) is for the Spectre bug and applies to nearly all Intel processors.
.now3by wrote:...
These links ... https://news.ycombinator.com/item?id=16111433 and https://bugs.launchpad.net/ubuntu/+sour ... ug/1742364
confirm that the latest Intel microcode 20180108(courtesy of thx-1138) is for the Spectre bug and applies to nearly all Intel processors.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I tested myself few old CPUs in hw I have here: N3530, I5-520M, I5-3470, E8400, E8500, Q6600 with latest Intel microcode-20180108 and they have no new microcode update since microcode-20171117 and previous.
Tested new I5-7400 CPU and it have a microcode update.
Test yourself and let us know for what CPU you found microcode update that patch Spectre...
Tested new I5-7400 CPU and it have a microcode update.
Test yourself and let us know for what CPU you found microcode update that patch Spectre...
Linux...
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
@ now3by, .......
According to this link ... https://downloadcenter.intel.com/produc ... 3-MHz-FSB- , the latest Intel microcode 20180108 can be applied to the Intel E8400 processors.
LM users may download the microcode tar.gz file, extract it, read the Release notes for installation instructions, install it through the Terminal and reboot.
... Or they can wait for the Intel microcode 20180108 update to appear in Driver Manager = easier to install.
.now3by wrote:...
According to this link ... https://downloadcenter.intel.com/produc ... 3-MHz-FSB- , the latest Intel microcode 20180108 can be applied to the Intel E8400 processors.
LM users may download the microcode tar.gz file, extract it, read the Release notes for installation instructions, install it through the Terminal and reboot.
... Or they can wait for the Intel microcode 20180108 update to appear in Driver Manager = easier to install.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
why don't you compare microcode-20180108 and microcode-20171117 to see that only few files are updated ?now3by wrote:That list show all CPU that have microcode update since they are released from factory with the default microcode included and not CPU that have microcode update for Spectre and Meltdown flaws !
It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !
Linux...
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I'm completely lost with all this spectre/meltdown issue and the list of updates/patches that never ends .
Also I'm a complete LM newbie . Can anyone explain what I should install or keep my eye out for these 2 systems.
I have 2 LMs in my VirtualBox:
RELEASE=17.3
CODENAME=rosa
EDITION="MATE 64-bit"
kernel:
3.19.0-32-generic #37~14.04.1-Ubuntu SMP
and
RELEASE=18.2
CODENAME=sonya
EDITION="Xfce 64-bit"
kernel:
4.10.0-32-generic #36~16.04.1-Ubuntu SMP
P.S. what is this microcode now? is this something like .inf (driver) in Win? So I need this in LM together with new kernel when they appear?
Is there any way to patch FireFox v56 for spectre/meltdown cos I really hate v57 and the thing that I can't use half of my add-ons .
thanks
Also I'm a complete LM newbie . Can anyone explain what I should install or keep my eye out for these 2 systems.
I have 2 LMs in my VirtualBox:
RELEASE=17.3
CODENAME=rosa
EDITION="MATE 64-bit"
kernel:
3.19.0-32-generic #37~14.04.1-Ubuntu SMP
and
RELEASE=18.2
CODENAME=sonya
EDITION="Xfce 64-bit"
kernel:
4.10.0-32-generic #36~16.04.1-Ubuntu SMP
P.S. what is this microcode now? is this something like .inf (driver) in Win? So I need this in LM together with new kernel when they appear?
Is there any way to patch FireFox v56 for spectre/meltdown cos I really hate v57 and the thing that I can't use half of my add-ons .
thanks