1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
Hi, |
5 |
|
6 |
Am Fr den 27. Apr 2018 um 6:42 schrieb Nikos Chantziaras: |
7 |
> On 26/04/18 14:42, Mick wrote: |
8 |
> > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? |
9 |
> > |
10 |
> > $ grep . /sys/devices/system/cpu/vulnerabilities/* |
11 |
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI |
12 |
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer |
13 |
> > sanitization |
14 |
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic |
15 |
> > retpoline |
16 |
|
17 |
I did install and compile 4.15.18, the last version from branch 4.15. |
18 |
Unfortunatelly I just get the following: |
19 |
~> uname -a |
20 |
Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux |
21 |
~> grep . /sys/devices/system/cpu/vulnerabilities/* |
22 |
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable |
23 |
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization |
24 |
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline |
25 |
|
26 |
The problem here is, that this is a 32bit system and the CPU is not able |
27 |
to run 64bit. |
28 |
|
29 |
So there are some points I want to point to: |
30 |
- - Meltdown is fully vulnerable. While there is a fix for 64bit kernel, I |
31 |
would like to know when or if gentoo will port the mitigation for |
32 |
32bit systems. |
33 |
- - For Spectre 2, there is some mitigation in kernel but the compiler is |
34 |
to old to support retpoline. |
35 |
When I look to gcc meta data, I see a couples of versions: |
36 |
~> equery m gcc |
37 |
* sys-devel/gcc [gentoo] |
38 |
Maintainer: toolchain@g.o (Gentoo Toolchain Project) |
39 |
Upstream: Remote-ID: cpe:/a:gnu:gcc ID: cpe |
40 |
Remote-ID: dgcc ID: sourceforge |
41 |
Homepage: https://gcc.gnu.org/ |
42 |
Location: /usr/portage/sys-devel/gcc |
43 |
Keywords: 2.95.3-r10:2.95.3: ~alpha ~ppc ~sparc ~x86 |
44 |
Keywords: 3.3.6-r1:3.3.6: ~amd64 ~x86 |
45 |
Keywords: 3.4.6-r2:3.4.6: alpha amd64 arm ppc ppc64 sparc x86 ~ia64 ~mips ~s390 ~sh -* ~x86-fbsd |
46 |
Keywords: 4.0.4:4.0.4: |
47 |
Keywords: 4.1.2:4.1.2: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh -* ~x86-fbsd |
48 |
Keywords: 4.2.4-r1:4.2.4: hppa ~alpha ~amd64 ~arm ~ia64 ~m68k ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd |
49 |
Keywords: 4.3.6-r1:4.3.6: -hppa alpha amd64 arm ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd |
50 |
Keywords: 4.4.7:4.4.7: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd |
51 |
Keywords: 4.5.4:4.5.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd |
52 |
Keywords: 4.6.4:4.6.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd |
53 |
Keywords: 4.7.4-r1:4.7.4: -amd64-fbsd -x86-fbsd alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~mips |
54 |
Keywords: 4.8.5-r1:4.8.5: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd |
55 |
Keywords: 4.9.4:4.9.4: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd |
56 |
Keywords: 5.4.0-r4:5.4.0: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd |
57 |
Keywords: 6.4.0:6.4.0: |
58 |
Keywords: 6.4.0-r1:6.4.0: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd |
59 |
Keywords: 7.2.0:7.2.0: |
60 |
Keywords: 7.2.0-r1:7.2.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd |
61 |
Keywords: 7.3.0:7.3.0: |
62 |
Keywords: 7.3.0-r1:7.3.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd |
63 |
Keywords: 7.3.0-r2:7.3.0: |
64 |
License: GPL-3+ LGPL-3+ || ( GPL-3+ libgcc libstdc++ gcc-runtime-library-exception-3.1 ) FDL-1.3+ |
65 |
|
66 |
So which version is stable enough to use? 7.3.0, I use on a different |
67 |
(non-Gentoo) system. But why -r1 and -r2? |
68 |
|
69 |
> Do you have the latest sys-firmware/intel-microcode installed and configured |
70 |
> correctly? You need to enable the "early microcode" kernel option, and you |
71 |
> also need to add /boot/intel-uc.img to your list of initrds to load in |
72 |
> grub2. Alternatively, a BIOS update for your mainboard (if one exists; most |
73 |
> older mainboards won't get updates from the likes of Asus, MSI, Gigabyte, |
74 |
> etc, etc, etc, so for older boards, you need the microcode package.) |
75 |
|
76 |
So, coming to firmware. I do not think that intel is releasing firmware |
77 |
update for that CPU. So I fully rely on kernel (and compiler). |
78 |
|
79 |
Nevertheless, I need to know for other system what exactly is the way to |
80 |
use firmware on gentoo. There is no /boot/intel-uc.img on my system and |
81 |
genkernel complain about firmware compiling (what seems to prove that |
82 |
there is none for my CPU). |
83 |
|
84 |
However, if I read correct, genkernel should automatically include |
85 |
firmware and firmware loading into the generated ramdisk. Right? |
86 |
|
87 |
Regards |
88 |
Klaus |
89 |
- -- |
90 |
Klaus Ethgen http://www.ethgen.ch/ |
91 |
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@××××××.ch> |
92 |
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C |
93 |
-----BEGIN PGP SIGNATURE----- |
94 |
Comment: Charset: ISO-8859-1 |
95 |
|
96 |
iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrjW74ACgkQpnwKsYAZ |
97 |
9qyM5QwAsj0M5TT3O+RYPXana71nzgWjd72m0DuCDO/Yfw+79G0NuWrMFwyU/WkZ |
98 |
OPlspMBRvOxo1UTuOMuUZ7wVqcQNen9m/3XZOQdmhO7NpqdfI5IozZH5dm0tdUcH |
99 |
qOEcxkQQPj5h9fLqyfiOjKhOFKEtHIF4FuApaJuR2xGhTd4rV5Blm1zLBBZ1uSU6 |
100 |
ImpizYQ4kvCMj/n9L+1S6dd+iqlF0jQBDYw98mcYp3UU8iziA75Kq2a87ZFtjo0y |
101 |
mENiyu8A4RS+WBItT5jVYDymozs3zeWsbgmNH8k1O4CTy30OqeLiZQdfGow2MC+x |
102 |
4D0rLmN7Ky+ZDMZARtUPhvbkdC+nUMkfveOOKZbpe3qaAa+8QwVZVV8rC2I7fK8T |
103 |
kex6adlaN1e8GU9UyeR7mKc5cjESRudM6wcZSJ1ZEx3uLq03IIcdJAoyyBHQz1OC |
104 |
oQil2Vf4SP0QMhAEp/D4XziEzbkZxNErXwGJfVDHSPlB9wtRs4Mf3F2PGOI20h6S |
105 |
71mhfjLK |
106 |
=BqH+ |
107 |
-----END PGP SIGNATURE----- |