stable/11 r329462 - Meltdown/Spectre MFC questions

Shawn Webb shawn.webb at hardenedbsd.org
Sun Feb 18 23:26:01 UTC 2018 

On Sun, Feb 18, 2018 at 10:02:08PM +0000, Tim Daneliuk wrote:
> On 02/18/2018 09:50 PM, Eric A. Borisch wrote:
> > 
> > On Sun, Feb 18, 2018 at 3:17 PM Tim Daneliuk <tundra at tundraware.com <mailto:tundra at tundraware.com>> wrote:
> > 
> >     On 02/18/2018 05:47 PM, David Marec wrote:
> >     > #cpucontrol??-u??-v??/dev/cpuctl0
> >     > cpucontrol: skipping /usr/local/share/cpucontrol/m32306c3_00000022.fw of rev??0x22:??up??to??date
> > 
> > 
> >     While we're on the subject ... where does one find these microcode updates
> >     anyway.?? On a 10.4-STABLE system, the command above blows out because
> >     there is no director /usr/local/share/cpucontrol ... so I am missing
> >     the magic to get it populated.
> > 
> >     --
> >     ----------------------------------------------------------------------------
> >     Tim Daneliuk?? ?? ??tundra at tundraware.com <mailto:tundra at tundraware.com>
> >     PGP Key:?? ?? ?? ?? ??http://www.tundraware.com/PGP/
> > 
> > 
> > It???s provided by the sysutils/devcpu-data port.
> > 
> > ??- Eric
> > 
> > 
> 
> 
> Yes thanks, I finally tripped across that myself :)  Do we have any insight on
> whether this addresses the latest vulnerabilities?

The latest Intel microcode gives CPUs affected by Spectre new MSRs,
one of which is to toggle IBRS. Vendors like Dell have started issuing
firmware updates that also applies the new CPU microcode. Check with
your vendor to see if they've shipped such firmware updates.

Having the CPU microcode applied is not enough. The OS needs to
support the new MSRs. FreeBSD 11-STABLE now does after the PTI and
IBRS MFCs.

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20180218/f327b9de/attachment.sig>

More information about the freebsd-stable mailing list