| 1 |
On Friday, 27 April 2018 06:42:56 BST Nikos Chantziaras wrote: |
| 2 |
> On 26/04/18 14:42, Mick wrote: |
| 3 |
> > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? |
| 4 |
> > |
| 5 |
> > $ grep . /sys/devices/system/cpu/vulnerabilities/* |
| 6 |
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI |
| 7 |
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user |
| 8 |
> > pointer sanitization |
| 9 |
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full |
| 10 |
> > generic |
| 11 |
> > retpoline |
| 12 |
> > |
| 13 |
> > Are there some kernel options I should have selected manually? |
| 14 |
> |
| 15 |
> Do you have the latest sys-firmware/intel-microcode installed and |
| 16 |
> configured correctly? You need to enable the "early microcode" kernel |
| 17 |
> option, and you also need to add /boot/intel-uc.img to your list of |
| 18 |
> initrds to load in grub2. Alternatively, a BIOS update for your |
| 19 |
> mainboard (if one exists; most older mainboards won't get updates from |
| 20 |
> the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards, |
| 21 |
> you need the microcode package.) |
| 22 |
|
| 23 |
Ahh! If the 'IBPB' & 'IBRS_FW' components come from the microcode this |
| 24 |
probably explains why I don't have them. I am (still) running an early i7 |
| 25 |
Intel, which means it won't get any more microcode updates. The latest |
| 26 |
available is 'intel-ucode/06-1e-05' and as we know Intel has abandoned all |
| 27 |
older owners of their hardware. One good reason for me to abandon them in |
| 28 |
turn. :-) |
| 29 |
|
| 30 |
-- |
| 31 |
Regards, |
| 32 |
Mick |
Archives