[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds
Kyle Evans
kevans at freebsd.org
Wed May 15 14:34:44 UTC 2019
On Wed, May 15, 2019 at 8:33 AM mike tancsa <mike at sentex.net> wrote:
>
> On 5/15/2019 8:18 AM, Wall, Stephen wrote:
> >> New CPU microcode may be available in a BIOS update from your system vendor,
> >> or by installing the devcpu-data package or sysutils/devcpu-data port.
> >> Ensure that the BIOS update or devcpu-data package is dated after 2014-05-14.
> >>
> >> If using the package or port the microcode update can be applied at boot time
> >> by adding the following lines to the system's /boot/loader.conf:
> >>
> >> cpu_microcode_load="YES"
> >> cpu_microcode_name="/boot/firmware/intel-ucode.bin"
> > Is this applicable in a virtualized environment, or only on bare metal?
> > If not applicable in a VM, is it at least harmless?
>
>
> Actually, just tried this on RELENG_11 (r347613) and I get
>
> don't know how to load module '/boot/firmware/intel-ucode.bin'
>
> In boot/loader.conf I have
>
> cpu_microcode_load="YES"
> cpu_microcode_name="/boot/firmware/intel-ucode.bin"
>
> # ls -l /boot/firmware/intel-ucode.bin
> -rw-r--r-- 1 root wheel uarch 2571264 May 15 08:47
> /boot/firmware/intel-ucode.bin
>
> # sha256 /boot/firmware/intel-ucode.bin
> SHA256 (/boot/firmware/intel-ucode.bin) =
> 1fdb3a25467d285394eded8039ee8ab488f074903654981d35a4cdfe6ebf12fc
>
r337715 + r337716 were responsible for making this work, and they've
not yet been MFC'd as far as I can tell. CC markj@, because that's
probably good to sneak in soon.
More information about the freebsd-security
mailing list