1 |
On Friday, 27 April 2018 06:42:56 BST Nikos Chantziaras wrote: |
2 |
> On 26/04/18 14:42, Mick wrote: |
3 |
> > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? |
4 |
> > |
5 |
> > $ grep . /sys/devices/system/cpu/vulnerabilities/* |
6 |
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI |
7 |
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user |
8 |
> > pointer sanitization |
9 |
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full |
10 |
> > generic |
11 |
> > retpoline |
12 |
> > |
13 |
> > Are there some kernel options I should have selected manually? |
14 |
> |
15 |
> Do you have the latest sys-firmware/intel-microcode installed and |
16 |
> configured correctly? You need to enable the "early microcode" kernel |
17 |
> option, and you also need to add /boot/intel-uc.img to your list of |
18 |
> initrds to load in grub2. Alternatively, a BIOS update for your |
19 |
> mainboard (if one exists; most older mainboards won't get updates from |
20 |
> the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards, |
21 |
> you need the microcode package.) |
22 |
|
23 |
Ahh! If the 'IBPB' & 'IBRS_FW' components come from the microcode this |
24 |
probably explains why I don't have them. I am (still) running an early i7 |
25 |
Intel, which means it won't get any more microcode updates. The latest |
26 |
available is 'intel-ucode/06-1e-05' and as we know Intel has abandoned all |
27 |
older owners of their hardware. One good reason for me to abandon them in |
28 |
turn. :-) |
29 |
|
30 |
-- |
31 |
Regards, |
32 |
Mick |