[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds
Jan Bramkamp
crest at rlwinm.de
Wed May 15 14:29:57 UTC 2019
On 15.05.19 14:18, Wall, Stephen wrote:
>> New CPU microcode may be available in a BIOS update from your system vendor,
>> or by installing the devcpu-data package or sysutils/devcpu-data port.
>> Ensure that the BIOS update or devcpu-data package is dated after 2014-05-14.
>>
>> If using the package or port the microcode update can be applied at boot time
>> by adding the following lines to the system's /boot/loader.conf:
>>
>> cpu_microcode_load="YES"
>> cpu_microcode_name="/boot/firmware/intel-ucode.bin"
> Is this applicable in a virtualized environment, or only on bare metal?
> If not applicable in a VM, is it at least harmless?
Afaik you can't modify the microcode inside a VM, but give them time.
I'm sure Intel optimized that security check away as well in some corner
case yet to be discovered.
More information about the freebsd-security
mailing list