Page 3 of 3

Intel processors with a security bug

Posted: 12 Jan 2018, 18:10
by Blaze

Code: Select all

model name	: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
model name	: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
model name	: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
model name	: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz

Code: Select all

Spectre and Meltdown mitigation detection tool v0.27

Checking for vulnerabilities against live running kernel Linux 4.15.0-rc6-porteus #1 SMP PREEMPT Sun Jan 7 15:55:13 UTC 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  UNKNOWN 
> STATUS:  UNKNOWN  (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
*   Kernel compiled with a retpoline-aware compiler:  UNKNOWN  (couldn't find your kernel image or System.map)
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  UNKNOWN  (couldn't read your kernel configuration nor System.map file)
* PTI enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

Intel processors with a security bug

Posted: 12 Jan 2018, 23:13
by ncmprhnsbl

Intel processors with a security bug

Posted: 13 Jan 2018, 11:59
by brokenman
i suspect brokenman will be on to this, as soon as he returns from the wilderness
Thanks. Yes I am compiling the latest kernel tonight, and I am back from the land of no radio wave pollution. Really clears your head when you have no radio/micro waves passing through it all day long.

As more and more people get into cyber security, these bugs/sploits are only going to increase in number. It's not that our systems are like swiss cheese, these holes didn't exist until someone poked them there. People are now tapping on weak areas until something breaks in order to build a more robust base, which we will certainly need as more and more people get into cyber security.

Added in 1 day 4 hours 14 minutes 14 seconds:
ncmprhnsbl wrote:
11 Jan 2018, 23:11
brokenman has (previously) implemented microcode injection in the upcoming 4.0 release..
afaiui, it involves some modifications to the initrd.xz (i'll investigate this further)
hopefully brokenman will return shortly to set us straight..
The newer kernel (4.14.13) with page table isolation will protect from meltdown and the latest microcode will help protect from spectre. You can get the latest microcode from the slackbuilds.org website. Just build the slackbuild and then copy th file inside the slackware package to replace the file in porteus boot older. The created file is a 'cpio' file.

Intel processors with a security bug

Posted: 14 Jan 2018, 17:15
by fanthom
Hi brokenman,

"Just build the slackbuild and then copy th file inside the slackware package to replace the file in porteus boot older. The created file is a 'cpio' file."
Is this method working for you?

Do you get this output:

Code: Select all

# dmesg | grep micro
[    0.000000] microcode: microcode updated early to revision 0x23, date = 2017-11-20
[    0.714037] microcode: sig=0x306c3, pf=0x2, revision=0x23
[    0.714198] microcode: Microcode Update Driver: v2.2.
Asking cause cpio archive never worked for me so i just compiled all microcode directly into kernel and now its updating "early".

Thanks

Intel processors with a security bug

Posted: 14 Jan 2018, 17:33
by brokenman
Yes this is the correct output. The previous was: date = 2017-01-xx
You'll now be protected against one vector of spectre2. Keep a close eye on updates because we still need to mitigate other areas. IBRS support or retpoline options in the kernel should be coming soon. The latter will require a new version of gcc that is retpoline-aware.
Asking cause cpio archive never worked for me so i just compiled all microcode directly into kernel and now its updating "early".
Did it add a large amount of size? I would prefer it all in the kernel but it also has disadvantages.

Running the spectre/meltdown checker script will tell you if the intel-microcode update did indeed work. The older versions are vulnerable to branch target injection. The newer version is not.

Be sure in porteus to use the --kernel and --config arguments when running this script as we don't keep everything in /boot

Intel processors with a security bug

Posted: 14 Jan 2018, 22:24
by Ed_P
Too bad those options don't help with Porteus ISOs. :(

Intel processors with a security bug

Posted: 15 Jan 2018, 07:54
by raja
microcode: updated to revision 0x80, date = 2018-01-04

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: YES
Performance Variations:

Blowfish-before :3.316
Blowfish after :3.401

CryptoHash-before:368.949
CryptoHash-after : 356.334

Fibonacci-before:2.040
Fibonacci-after :1.766

FPU Raytracing-before:4.524
FPU Raytracing-after :4.713

30% deterioration , as speculated is highly exaggerated!

Intel processors with a security bug

Posted: 15 Jan 2018, 08:28
by fanthom
@brokenman
"Did it add a large amount of size?"
kernel is compressed with xz so its same size as it would go to initrd or xzm: +1.5 MB.

It would be nicer to have all the microcode in initrd for the sake of cleaner kernel config. Currently i have:

Code: Select all

CONFIG_EXTRA_FIRMWARE="amd-ucode/microcode_amd.bin amd-ucode/microcode_amd_fam15h.bin amd-ucode/microcode_amd_fam16h.bin intel-ucode/06-56-04 intel-ucode/06-8e-0a intel-ucode/0f-01-02 intel-ucode/06-08-06 intel-ucode/06-0f-02 intel-ucode/0f-03-03 intel-ucode/0f-00-07 intel-ucode/06-0b-01 intel-ucode/06-08-03 intel-ucode/06-03-02 intel-ucode/06-2a-07 intel-ucode/06-0f-07 intel-ucode/06-3e-06 intel-ucode/06-3f-02 intel-ucode/06-2f-02 intel-ucode/06-06-0a intel-ucode/0f-04-09 intel-ucode/0f-02-09 intel-ucode/06-07-01 intel-ucode/0f-06-04 intel-ucode/0f-06-08 intel-ucode/0f-04-03 intel-ucode/06-05-01 intel-ucode/06-0f-06 intel-ucode/0f-04-04 intel-ucode/0f-04-0a intel-ucode/06-3f-04 intel-ucode/06-8e-09 intel-ucode/06-5c-09 intel-ucode/06-2d-06 intel-ucode/06-4f-01 intel-ucode/06-2d-07 intel-ucode/06-3d-04 intel-ucode/06-17-06 intel-ucode/06-9e-0b intel-ucode/06-0e-0c intel-ucode/06-3a-09 intel-ucode/0f-02-04 intel-ucode/06-05-02 intel-ucode/06-0a-00 intel-ucode/0f-04-08 intel-ucode/06-4e-03 intel-ucode/0f-03-04 intel-ucode/06-45-01 intel-ucode/06-0f-0a intel-ucode/06-06-0d intel-ucode/06-9e-0a intel-ucode/06-08-01 intel-ucode/06-08-0a intel-ucode/06-0f-0d intel-ucode/06-0f-0b intel-ucode/06-3e-04 intel-ucode/06-1a-05 intel-ucode/06-06-00 intel-ucode/06-9e-09 intel-ucode/06-3e-07 intel-ucode/06-17-0a intel-ucode/0f-02-05 intel-ucode/06-1a-04 intel-ucode/06-1c-02 intel-ucode/06-0a-01 intel-ucode/0f-00-0a intel-ucode/0f-02-06 intel-ucode/0f-02-07 intel-ucode/06-1c-0a intel-ucode/0f-06-05 intel-ucode/0f-03-02 intel-ucode/06-25-05 intel-ucode/0f-06-02 intel-ucode/0f-04-07 intel-ucode/06-7a-01 intel-ucode/06-0d-06 intel-ucode/06-46-01 intel-ucode/06-55-04 intel-ucode/06-05-00 intel-ucode/06-1d-01 intel-ucode/06-05-03 intel-ucode/06-56-03 intel-ucode/06-3c-03 intel-ucode/06-16-01 intel-ucode/06-1e-05 intel-ucode/06-0b-04 intel-ucode/06-25-02 intel-ucode/06-09-05 intel-ucode/06-0e-08 intel-ucode/06-26-01 intel-ucode/06-5e-03 intel-ucode/0f-04-01 intel-ucode/06-47-01 intel-ucode/06-07-03 intel-ucode/06-56-02 intel-ucode/06-07-02 intel-ucode/06-06-05 intel-ucode/06-17-07"
And you cant really update it from 'make manuconfig' as ncurses crashes :) Probably this line is too long.

Intel processors with a security bug

Posted: 16 Jan 2018, 09:11
by raja
Proof of Concept and Theory behind Spectre,Meltdown

https://medium.com/@mattklein123/meltdo ... ned-6bc863(4cc0c2

https://support.google.com/faqs/answer/7625886

Hardly gets in for layman like me...but may be fun to digest for Computer Engineers.

Cheers.