the only update I found was about 800KB of something called Ubuntu Base. Is that the fix for Intel issue??
Splat Double Splat Triple Splat
Earn Your Keep
Don't mind me, I'm only passing through.
Once in a blue moon, I'm actually helpful.
I have managed to run the tool. Here's the result :
Code:$ sudo python ./intel_sa00086.py [sudo] password for xubuntu: INTEL-SA-00086 Detection Tool Copyright(C) 2017, Intel Corporation, All rights reserved Application Version: 1.0.0.152 Scan date: 2018-01-09 17:15:24 GMT *** Host Computer Information *** Name: xubuntu Manufacturer: System manufacturer Model: System Product Name Processor Name: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz OS Version: Ubuntu 18.04 bionic (4.14.0-15-generic) *** Intel(R) ME Information *** Engine: Intel(R) Management Engine Version: 11.6.10.1196 SVN: 1 *** Risk Assessment *** Based on the analysis performed by this tool: This system is vulnerable. Explanation: The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086. Contact your system manufacturer for support and remediation of this system. For more information refer to the INTEL-SA-00086 Detection Tool Guide or the Intel Security Advisory Intel-SA-00086 at the following link: https://www.intel.com/sa-00086-support
Lubuntu 20.04
16.04 should have pti in the release kernel now or shortly, 16.04-HWE has it in the edge kernel - ex.
4.13.0-24-generic #28~16.04.1-Ubuntu
18.04 has it in proposed, somewhat incomplete packages - ex.flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt dtherm ida arat pln pts
bugs : cpu_insecure
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt dtherm ida arat pln pts
bugs : cpu_meltdown
18.04 *could* better described as this may only address meltdown, the other (spectre) is likely not addressed at all or maybe somewhat..
http://www.kroah.com/log/blog/2018/0...ltdown-status/
I am running 18.04 with bionic-proposed enabled. Just received a kernel update. Rebooted the system. Now when I run the Intel tool I still get
"This system is vulnerable".
Code:$ uname -a Linux xubuntu 4.14.0-16-generic #19-Ubuntu SMP Mon Jan 8 17:50:31 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Lubuntu 20.04
Because the scan tool has nothing to do with meltdown.
That's about flaws in intel's management engine.
(which seemingly intel does not care enough to help anyone with outside of passing the buck over to whomever the machine's manufacturers are,
who in turn probably do not care about any machine not under warranty; I rant little)
Splat Double Splat Triple Splat
Earn Your Keep
Don't mind me, I'm only passing through.
Once in a blue moon, I'm actually helpful.
It is my understanding that I am using Ubuntu 16.04.3 64 bit LTS and I have Linux kernel 4.10.0-42 AMD64 generic installed. I would have to download and install Linux kernel 4.13.x-y AMD64 generic from the pti ppa in order for this to be patched, right? In other words, I can wait for Ubuntu 16.04.4 64 bit LTS due on February 15th, 2018 or I can turn on Ubuntu proposed and do an update, correct?
For starters, the intel tool referenced is NOT to detect the Spectre/Meltdown flaws. It's to detect the Intel Management Engine flaw.
The Spectre/Meltdown detection script is here: https://github.com/speed47/spectre-meltdown-checker
Bookmarks