[kwlug-disc] Meltown fix for Linux kernel
Khalid Baheyeldin
kb at 2bits.com
Mon Jan 22 17:58:23 EST 2018
On Mon, Jan 22, 2018 at 5:51 PM, Bob Jonkman <bjonkman at sobac.com> wrote:
> Um, Ubuntu and Debian both have packages "intel-microcode" that have
> been a standard part of stable/updates for a long time, well before
> the Spectre/Meltdown issues.
>
I installed Xubuntu on this Intel laptop, nothing fancy, and microcode did
not
get installed:
$ dpkg -l | grep microcod
$
> > Package: intel-microcode Version: 3.20180108.0~ubuntu16.04.2
> > Priority: extra Section: admin Origin: Ubuntu Maintainer: Ubuntu
> > Developers <ubuntu-devel-discuss at lists.ubuntu.com>
> > Original-Maintainer: Henrique de Moraes Holschuh <hmh at debian.org>
> > Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size:
> > 1,507 kB Depends: iucode-tool (>= 1.0) Recommends: initramfs-tools
> > (>= 0.113~) Conflicts: microcode.ctl (<< 0.18~0) Homepage:
> > http://feeds.downloadcenter.intel.com/rss/?p=483&lang=eng
> > Supported: 5y Download-Size: 1,088 kB APT-Sources:
> > http://mirror.csclub.uwaterloo.ca/ubuntu xenial-updates/main amd64
> > Packages Description: Processor microcode firmware for Intel CPUs
> > This package contains updated system processor microcode for Intel
> > i686 and Intel X86-64 processors. Intel releases microcode updates
> > to correct processor behavior as documented in the respective
> > processor specification updates.
>
> (yes, that's from the vulnerable one that's just been rolled back)
>
> And if your were fortunate/clever enough to purchase AMD instead of
> Intel then there's "amd64-microcode".
>
Same on my AMD servers (actually desktops that are used as servers).
Nothing of that sort got installed by default.
> If you haven't been updating *-microcode then your CPU will use the
> original, burned-in microcode, full of bugs present at original
> manufacturing (unless you've been updating your BIOS/UEFI, which may
> have supplied microcode patches for you).
>
> I recommend that you install the *-microcode package (at the current
> revision level), especially in today's environment of rampant hardware
> vulnerabilities.
>
> There's an explanation of how Debian handles microcode:
> https://wiki.debian.org/Microcode
>
> - --Bob, who is about to embark on another round of patching servers.
>
Will consider installing microcode packages after this whole fiasco is over.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180122/be3f3b88/attachment.htm>
More information about the kwlug-disc
mailing list