Choose style:

Author Topic: Post Meltdown, Spectre and other Intel issues  (Read 8884 times)

0 Members and 1 Guest are viewing this topic.

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1840
  • Karma: 272
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #45 on: January 29, 2018, 01:59:14 pm »
Yeah, Zeb....
One stable system and one to play around  8)
Although, I must say I'm surprised with Void, after all I read about rolling releases...
Code: [Select]
Install Date: Thu 12 Oct 2017 09:21 AM
Not a single break!!
Well, ICE broke two weeks ago but, that's not an official package...I think dependencies got updates...
« Last Edit: January 29, 2018, 02:06:30 pm by pin »

Offline zebedeeboss

  • Global Moderator
  • Hero
  • *****
  • Posts: 3230
  • Karma: 617
  • Life first... Peppermint a close 2nd :)
    • View Profile
  • Peppermint version(s): P10 / P9 Respin
Re: Post Meltdown, Spectre and other Intel issues
« Reply #46 on: January 29, 2018, 02:07:04 pm »
Spoiler (click here to view / hide)
zebedee@i7-elementary:~$ sudo update-grub
Generating grub configuration file ...
....    ....
Found Windows Boot Manager on /dev/nvme0n1p2@/EFI/Microsoft/Boot/bootmgfw.efi
Found Peppermint 8 Eight (8) on /dev/nvme0n1p5
Found Netrunner Rolling (2018.01) on /dev/sda2
Found ArchMerge (v6.3.1) on /dev/sda3
Found MX 17 Horizon (17) on /dev/sdc2
Found Manjaro Linux (17.1.2) on /dev/sdc4
Adding boot menu entry for EFI firmware configuration
done
zebedee@i7-elementary:~$
[close]

Erm... I might have more than one play thing   ::)
Be Kind Whenever Possible...   It is Always Possible - Dalai Lama

P10r x64 Desktop - AMD Threadripper 2950X - 64Gb RAM - NVIDIA RTX2080Ti 11Gb - 2 x 27" 4k

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1840
  • Karma: 272
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #47 on: January 29, 2018, 02:34:35 pm »
 :D
EDIT: To be honest, I have plans to test NetBSD..., If only I could figure out how to boot it in EFI mode using grub...
« Last Edit: January 29, 2018, 02:41:26 pm by pin »

Offline DAMIEN1307

  • Member
  • ***
  • Posts: 154
  • Karma: 11
  • non illigitamus carborundum est
    • View Profile
  • Peppermint version(s): Peppermint 8.5 (Respin) 64 bit
Re: Post Meltdown, Spectre and other Intel issues
« Reply #48 on: January 29, 2018, 03:46:01 pm »
hi guys...a few questions...

1 - is using newest kernel ( 4.15 series ) advisable or wait for update manager etc?
2 - does this affect IBRS support in any way?
3 - does this affect use and application of up to date microcodes already installed and/or future ones to come on this kernel?
4 - will this kernel automatically update through update manager?

i ask only because, though its nice to play around with all the toys here, there is something to be said about stability and usability over the long haul...DAMIEN
ORDO AB CHAO

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1840
  • Karma: 272
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #49 on: January 29, 2018, 03:55:57 pm »
Hi DAMIEN1307,
Thatís why it's good to have two (or more ) systems...
I don't want to break my PM7 laptop !  As I said Void never broke on me...but, IF it does, I still have a working system
The 4.15 will come, question is when?
1) If you can fix/troubleshoot a broken system, give it a try. Otherwise, just wait.
3) Microcode comes from Intel or AMD
4) Eventually, yes. Just saw a few 4.14 on Synaptic... but, it will take some time.

EDIT: I've never tried to install a kernel that is not in the repos yet
« Last Edit: January 29, 2018, 04:05:26 pm by pin »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Post Meltdown, Spectre and other Intel issues
« Reply #50 on: January 29, 2018, 04:15:36 pm »
hi guys...a few questions...

1 - is using newest kernel ( 4.15 series ) advisable or wait for update manager etc?
2 - does this affect IBRS support in any way?
3 - does this affect use and application of up to date microcodes already installed and/or future ones to come on this kernel?
4 - will this kernel automatically update through update manager?

i ask only because, though its nice to play around with all the toys here, there is something to be said about stability and usability over the long haul...DAMIEN

1) That's your decision .. If you're asking what the Team Peppermint 'official' line would be, it'd be to "stick to the default kernel unless you have a NEED not to, it's the only kernel that will receive automatic security updates".

2) I have no idea what you mean by IBRS ?

3) Theoretically NO .. microcode is simply applied by the kernel, it's not part of it.

4) NO .. the update manager will not automatically update the 4.15 kernel series, it has no mechanism for doing so .. new versions of linux-image-generic-hwe-16.04 will currently only update the 4.13 kernel series.
« Last Edit: January 29, 2018, 04:17:17 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1840
  • Karma: 272
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #51 on: January 29, 2018, 04:25:57 pm »
@PCNetSpec
No.4 You are of course right, but one can still change it using Synaptic, although it will involve updating it manually afterwards.

Offline DAMIEN1307

  • Member
  • ***
  • Posts: 154
  • Karma: 11
  • non illigitamus carborundum est
    • View Profile
  • Peppermint version(s): Peppermint 8.5 (Respin) 64 bit
Re: Post Meltdown, Spectre and other Intel issues
« Reply #52 on: January 29, 2018, 05:08:22 pm »
hi PC, hi pin...
2 - IBRS = x86 indirect branch speculation feature.  It enables the indirect branch restricted speculation (IBRS) on kernel entry and disables it on exit, IBRS feature requires corresponding microcode support.

3 - ok so then microcode = volatile application to kernel vs passive application to kernel

4 - i figured that update manager would not update this kernel at least at this time.

Spectre 2 requires OS kernel AND CPU microcode to be patched, they have to be made to work together in order to patch Spectre 2 with the IBRS and IBPB features. hence my #2 question does the 4.15 kernel "does this affect IBRS support in any way?"...for good or for bad...DAMIEN
« Last Edit: January 29, 2018, 06:21:51 pm by DAMIEN1307 »
ORDO AB CHAO

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Post Meltdown, Spectre and other Intel issues
« Reply #53 on: January 29, 2018, 06:50:08 pm »
Microcode is processor firmware so independent of the kernel .. though the kernel loads it at boot
https://wiki.debian.org/Microcode

Basically the kernel applies the firmware to the processor at boot instead of the BIOS applying it .. and if it were applied by the BIOS it would be OS/kernel independent wouldn't it ;)
« Last Edit: January 29, 2018, 06:54:00 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Post Meltdown, Spectre and other Intel issues
« Reply #54 on: January 29, 2018, 06:56:31 pm »
@PCNetSpec
No.4 You are of course right, but one can still change it using Synaptic, although it will involve updating it manually afterwards.

Except there's no 4.15 kernel in the default repos ;)

It **may** be added to the default repos at some point if say hwe-16.04-edge ever gets it, but if that happens you'll be able to get automatic updates by switching to the hwe-16.04-edge track .. but unless/until that happens, no you can't use Synaptic as 4.15 just isn't there, and not every kernel in the mainline PPA gets security updates (only the ones that are used in an *buntu release or hwe .. and 4.15 currently isn't, and may never be).

If you want security updates, you MUST use a default kernel or patch the kernel manually.
« Last Edit: January 29, 2018, 07:06:29 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline DAMIEN1307

  • Member
  • ***
  • Posts: 154
  • Karma: 11
  • non illigitamus carborundum est
    • View Profile
  • Peppermint version(s): Peppermint 8.5 (Respin) 64 bit
Re: Post Meltdown, Spectre and other Intel issues
« Reply #55 on: January 29, 2018, 07:21:01 pm »
thanx PC...we are on the same page then...kernel applying microcode = "Volatile application"...if it was bios applied microcode, that is what they would call, "passive application"

and also on the same page as to 4.15 updating = probably not going to happen at all on 8 or 8.5 respin...this would be my reasoning to always err on the safe side of caution with security, stability, and usability in mind...wait for the update manager to supply things like this down the pipeline

i would think then that until the kerfuffle dies down from intel etc that the CPU coupled with usage of 4.15 kernel is probably not enabled/disabled as designed when in use but probably not enabled at all until all patches possible could be applied which would mean its not as readily exploitable but not fixed either...DAMIEN
ORDO AB CHAO

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Post Meltdown, Spectre and other Intel issues
« Reply #56 on: January 29, 2018, 07:42:15 pm »
thanx PC...we are on the same page then...kernel applying microcode = "Volatile application"...if it was bios applied microcode, that is what they would call, "passive application"

I get what you (and 'they') are saying, but really both are volatile .. unless the firmware can be stored on the CPU itself, then it needs to be applied (loaded into memory) every time the PC is started .. be that by the BIOS, or by the OS.

Does it really matter if it's stored on the BIOS EEPROM or disk ? .. the storage of the firmware isn't volatile, but in both cases the application of it is.

I guess my point is, they're both the same .. just applied at boot differently.

The Linux method is more flexible and doesn't require a BIOS update .. but at the end of the day it's still the same firmware being applied each boot.
« Last Edit: January 29, 2018, 07:53:08 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1840
  • Karma: 272
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #57 on: January 30, 2018, 01:57:32 pm »

Online VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5606
  • Karma: 1012
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Post Meltdown, Spectre and other Intel issues
« Reply #58 on: January 30, 2018, 02:43:55 pm »
Spectre & Meltdown vulnerability checker now in Debian's repos

Heh!  Oops ...


Spoiler (click here to view / hide)
╭─vindsl@Boogaloo-5 ~ 
╰─➤  sudo /usr/bin/spectre-meltdown-checker                                                                                                                                                                                                                                             2 ↵
Spectre and Meltdown mitigation detection tool v0.32

Checking for vulnerabilities against running kernel Linux 4.15.0-041500-generic #201801282230 SMP Sun Jan 28 22:31:30 UTC 2018 x86_64
CPU is  Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable: Minimal generic ASM retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
╭─vindsl@Boogaloo-5 ~ 
╰─➤
[close]

Well, like it says ... "A false sense of security is worse than no security at all"  :)

EDIT

File-raped from here: https://goo.gl/r5nJca
« Last Edit: January 30, 2018, 02:45:54 pm by VinDSL, Reason: Added link »

Offline DAMIEN1307

  • Member
  • ***
  • Posts: 154
  • Karma: 11
  • non illigitamus carborundum est
    • View Profile
  • Peppermint version(s): Peppermint 8.5 (Respin) 64 bit
Re: Post Meltdown, Spectre and other Intel issues
« Reply #59 on: January 30, 2018, 03:19:23 pm »
hi guys...heres what i got when trying to install that checker...zippo, nada, goose egg, etc...lol...DAMIEN

damien@damien ~ $ sudo apt-get install spectre-meltdown-checker
[sudo] password for damien:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package spectre-meltdown-checker
damien@damien ~ $

my guess is because its "debian" repository thing that it is not in ubuntu repository at all so will not help peppermint users, that is unless i missed something try to acquire this checker?
« Last Edit: January 30, 2018, 03:23:45 pm by DAMIEN1307 »
ORDO AB CHAO