Meltdown & Spectre Information and Discussion

[Mart]

Thanks Jerry for the Automated Spectre/Meltdown Checker.

http://news.softpedia.com/news/linux-lit...9431.shtml

Ran the script and my results were the same.

"Spectre Variant 1"  Status: Not Vulnerable

"Spectre Variant 2"  Status: Vulnerable

"Meltdown aka Variant 3"  Status: Not Vulnerable

(Results with latest Intel microcode update and updated Linux kernel 4.4.0-111)

In respect to "Spectre Variant 2"  the following article - Ubuntu Preparing Kernel Updates With IBRS/IBPB For Spectre Mitigation - may be reassuring.

https://www.phoronix.com/scan.php?page=n...re-Kernels

[bfb]

Remove kernel 4.10 and then update kernel 4.4. You must be running on 4.4 to delete 4.10. If you are running 4.4 now try updating. I think LL will only update the running kernel, though not sure. In any case 4.4 in LL will update to -111.

TC

I took your advice, for which I am grateful, but the 4.4 from the Lite Tweaks  doesn't update to -111 for some reason.
1)Does this mean that all the kernels from there are vulnerable? Remember I had 4.10 running before and that was vulnerable 2)how can I install the -111 version if 4.4 doesn't update to it automatically?

[Ottawagrant]

Does anyone read this article the same way I do. (and it doesn't surprise me if I'm wrong) That the kernel update coming on Monday the 22nd is for computers with Intel processors only. Nothing done with AMD at this time.

[trinidad]

[member=3719]bfb[/member]  Run -  sudo apt-get update first in the terminal, then exit and update normally via lite updates.

TC

[bfb]

Thank you. I have done all that,  but I still get this.
I wonder if there is a problem with kernels from the Lite tweaks 'Instal kernel' option?

[trinidad]

During this past week I have had two Sandy Bridge firmware updates go completely haywire, one massive slowdown, the other blue screen, then cook the board. (Intel has adjusted the firmware but with disclaimers) If you are on Windows 10 do not update the firmware on your Sandy Bridge CPU, and do not use the recommended MS patches for Meltdown if on Windows 7 or 8. There are charcteristics of this CPU that make the Intel update and MS patch together basically crippling in some cases. Several OEMs including DELL are highly unlikely to ever patch this CPU for the MS kernel. However If you dual boot Ubuntu with Windows 10, the KPTI adjustments in Ubuntu work fine, with little impact on performance, but there are several differences in the MS kernel functions in CPU space and some ugly MS and Intel tweaks to this CPU running Windows.

The officai MS response: "If you are using a pre-2016 Intel CPU with Windows 10, there is nothing much you can do except consider upgrading to a newer processor or, you could possibly just live with the performance impact of the Meltdown and Spectre patches."

Probably the ultimate cause of the slowdowns: "With Sandy Bridge, Intel has tied the speed of every bus (USB, SATA, PCI, PCI-E, CPU cores, Uncore, memory etc.) to a single internal clock generator issuing the basic 100 MHz Base Clock (BClk). With CPUs being multiplier locked, the only way to overclock is to increase the BClk, which can be raised by only 5–7% without other hardware components failing."

Another issue that is certain to become a security issue: "Sandy and Ivy Bridge processors with vPro capability have security features that can remotely disable a PC or erase information from hard drives. This can be useful in the case of a lost or stolen PC. The commands can be received through 3G signals, Ethernet, or Internet connections. AES encryption acceleration will be available, which can be useful for video conferencing and VoIP applications."

Leave your Windows 10 unpatched on Sandy Bridge, but go ahead and update your Ubuntu if you dual boot.

TC

[firenice03]

The other day had a couple vulnerability updated aand for kicks tried again this morn... All Good
4.4.0-111 on the 32bit mini..


 



 

[Ottawagrant]

Read last Friday that Ubuntu was releasing a new kernel today. They did. 4.4.0-112 #135. I wanted to test it on an Intel computer. So I used my HP compaq 7900 SFF. I'll test a few other computers but for the HP it still shows Variant #2 as vulnerable. Variant #1 & 3, not. Time to boot up another computer.

[Vera]

I updated my Toshiba laptop just now, rebooted and ran the checker. Got the same results as [member=5803]Ottawagrant[/member] , so the #2 is not mitigated for me yet either. Haven't checked my main machine yet, just the Toshiba laptop.

[trinidad]

v2 Spectre vulnerabilities may never be fully identified or patched. These creatures evolve into thousand armed spiders,
Ubuntu has made a lot of progress no thanks to Intel or AMD though. Stick with your LL. The waters are much dirtier elsewhere.

https://usn.ubuntu.com/usn/xenial/

TC