Page 21 of 21 FirstFirst ... 11192021
Results 201 to 207 of 207

Thread: Meltdown and Spectre Discussion Sticky

  1. #201
    Join Date
    Nov 2014
    Beans
    2

    Re: Meltdown and Spectre Discussion Sticky

    Hi

    i need some help please with interpreting the results of the speed47 tool. What does it say?

    Mainly, my questions are
    • Does Ubuntu recognize the patched firmware, even though the firmware version is not exposed to the virtual machine (ucode 0xffffffff), but the individual mitigation capability flags seem to be exposed?
    • What is the meaning of STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline, IBPB (Intel v4)) for Spectre v2 and it is in any way better than it would be if the firmware wasn't patched?


    system info:
    The system is Sandy Bridge (Core i5-2500) with patched firmware.
    Microcode version in the firmware is 0x2d (with Spectre v2 mitigation)
    The operating system is Ubuntu server 17.10 with kernel 4.13.0-37-generic running in a virtual machine on Windows Server 2016 with Hyper-V.

    Code:
    Spectre and Meltdown mitigation detection tool v0.36+
    
    Checking for vulnerabilities on current system
    Kernel is Linux 4.13.0-37-generic #42-Ubuntu SMP Wed Mar 7 14:13:23 UTC 2018 x86_64
    CPU is Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  YES
        * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  NO
        * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  YES
        * CPU indicates STIBP capability:  YES
      * Enhanced IBRS (IBRS_ALL)
        * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
        * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
      * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
      * CPU microcode is known to cause stability problems:  NO  (model 42 stepping 7 ucode 0xffffffff)
    * CPU vulnerability to the three speculative execution attack variants
      * Vulnerable to Variant 1:  YES
      * Vulnerable to Variant 2:  YES
      * Vulnerable to Variant 3:  YES
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel has array_index_mask_nospec:  NO
    * Kernel has the Red Hat/Ubuntu patch:  YES
    > STATUS:  NOT VULNERABLE  (Mitigation: OSB (observable speculation barrier, Intel v6))
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Mitigation 1
      * Kernel is compiled with IBRS/IBPB support:  YES
      * Currently enabled features
        * IBRS enabled for Kernel space:  NO
        * IBRS enabled for User space:  NO
        * IBPB enabled:  YES
    * Mitigation 2
      * Kernel has branch predictor hardening (ARM):  NO
      * Kernel compiled with retpoline option:  YES
      * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline, IBPB (Intel v4))
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
    * Kernel supports Page Table Isolation (PTI):  YES  (found 'CONFIG_PAGE_TABLE_ISOLATION=y')
    * PTI enabled and active:  YES
    * Running as a Xen PV DomU:  NO
    > STATUS:  NOT VULNERABLE  (Mitigation: PTI)
    Code:
    root@ownCloud:/tmp# cat /proc/cpuinfo
    processor       : 0
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 42
    model name      : Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
    stepping        : 7
    microcode       : 0xffffffff
    cpu MHz         : 3300.021
    cache size      : 6144 KB
    physical id     : 0
    siblings        : 4
    core id         : 0
    cpu cores       : 4
    apicid          : 0
    initial apicid  : 0
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 13
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology cpuid pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 popcnt aes xsave avx hypervisor lahf_lm pti retpoline spec_ctrl xsaveopt
    bugs            : cpu_meltdown spectre_v1 spectre_v2
    bogomips        : 6600.04
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 36 bits physical, 48 bits virtual
    power management:

  2. #202
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    132
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    Intel has published the new microcode revision https://newsroom.intel.com/wp-conten...e-guidance.pdf and for for some CPUs the microcode will NEVER be updated

  3. #203
    Join Date
    Jun 2008
    Location
    Byron, CA, USA
    Beans
    500
    Distro
    Ubuntu 16.04 Xenial Xerus

    Unhappy Re: Meltdown and Spectre Discussion Sticky

    Thanks for the confirmation. That shelves the Gateway®/Acer® DX4822-01 desktop proposal for ubuntu® 18.04.0-LTS, as the Wolfdale platform (on which the intel® Pentium Processor® E5300 (FCLGA775) is built) is excluded from the fix, probably due to microarchitectural limitations making restrictions on indirect-branch processing (necessary to mitigate CVE-2017-5715) impossible to implement. I've decided to repurpose the DX4822 as a mission-specific music hardware for an implementation of Aeolus under ubuntustudio® 18.04.0-LTS; the Creative Laboratories® SB0350 pulled from the Hot Rod gPC™ should have enough outputs in the Creative® E-MU® CA0102. The main problem now will be an implementation of an Artisan Classic Organs two-manual and pedal console (consistent with input implementation for Milan Digital® Hauptwerk®) with one row of 24 drawknobs above Manual II than can communicate with the DX4822 via IEEE 1394....
    Gigabyte® GA-MA78GM-S2HP (AMD® Athlon 64® 3500+ CPU, RS780G NB, SB710 SB)
    Audio: ASUS® XONARESSENCESTX/A (PCIe, C-Media® CMI-8788 via PCIe-PCI bridge)

  4. #204
    Join Date
    Apr 2017
    Beans
    13

    Design Flaw or Intentional

    Is Spectre likely to be intentional by these companies to apease certain government agencies, or is this truely a design flaw, as it is being told to us??

  5. #205
    Join Date
    Oct 2009
    Location
    Reykjavík, Ísland
    Beans
    12,887
    Distro
    Lubuntu 17.10 Artful Aardvark

    Re: Meltdown and Spectre Discussion Sticky

    The government agencies don't need software to get access to the contents of a suspect's computer. Any modern computer with Intel Management Engine can be monitored remotely. Copy the screen picture, monitor the keys pressed, watch witch applications are running and so on.

    I am not familiar with AMD but I guess that they offer similar 'functionality'.
    Bringing old hardware back to life. About problems due to upgrading.
    Please visit Quick Links -> Unanswered Posts.
    Don't use this space for a list of your hardware. It only creates false hits in the search engines.

  6. #206
    Join Date
    Jun 2018
    Beans
    Hidden!

    Re: Meltdown and Spectre Discussion Sticky

    I really don't believe these flaws were implemented on purpose. I'm a occasional reader of Bruce Schneier's blog and here is one of his numerous interesting posts :

    https://www.schneier.com/blog/archiv...r_spectre.html

    IMHO, it was far too risky to implement this kind of vulnerabilities, thinking it won't be discovered by anyone else. I believe in flaws intentionally implemented such as kernel code bugs, the kind of stuff you won't even figure out it could have been possibly done on purpose, such as races conditions, all that things. But yes, it could have been. On the other hand, such critical flaws (spectre, meltdown) that can't even be patched remotely, or in the worse case, that can't even be patched, period, it's something you can't reasonably assume it's been done on purpose, and that everything which has been following has been working exactly as planned. I don't think that shuttles or military devices only use flawless hardwares. Just as I don't believe in God, I won't believe in a more unlikely story.

    To come back to meltdown and spectre, I waited several weeks before patching to a new PTI kernels, as I was using a unofficial fork of Grsecurity, I thought my outer computer boundary was hardened enough to be safe for some months more. But it seems that the team who was in charge of maintaining this Grsecurity fork didn't get over the PTI implementation and gave up. A shame as it was a really a great job done. But I feared much more to let an exploit get through my browser, my torrent client or anything else, than to find out that my computer's been taken over from the inside (kernel exploit such as metldown, etc)...

  7. #207
    Join Date
    Oct 2008
    Location
    Rezzoaglio (GE) Italy
    Beans
    132
    Distro
    Ubuntu Development Release

    Re: Meltdown and Spectre Discussion Sticky

    New Vulnerability Variants 3a and 4 also in US security site: https://www.us-cert.gov/ncas/alerts/TA18-141A

Page 21 of 21 FirstFirst ... 11192021

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •