Porteus Kernel Builder

Here is a place for your projects which are not officially supported by the Porteus Team. For example: your own kernel patched with extra features; desktops not included in the standard ISO like Gnome; base modules that are different than the standard ISO, etc...
neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#271 by neko » 07 Jan 2018, 14:47

Performance comparison
PAGE_TABLE_ISOLATION
"ON" VS "OFF"

==== PC ====

Code: Select all

Computer
Processor	4x Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
Memory	3863MB (355MB used)
Operating System	Arch Linux
User Name	guest (Unknown)
Date/Time	Sun 07 Jan 2018 08:02:00 PM UTC
==== OS ====

Code: Select all

Operating System
Version
Kernel	Linux 4.15.0-rc6-porteus (x86_64)
Compiled	#1 SMP PREEMPT Sun Jan 7 15:55:13 UTC 2018
C Library	GNU C Library version 2.26 (stable)
Default C Compiler	Unknown
Distribution	Arch Linux

==== Measurement result with "hardinfo" tool ====
--------------------------------
"ON"

Code: Select all

CPU Blowfish
CPU Blowfish
This Machine	1672 MHz	3.233
Intel(R) Celeron(R) M processor 1.50GHz	(null)	26.1876862
PowerPC 740/750 (280.00MHz)	(null)	172.816713
CPU CryptoHash
CPU CryptoHash
This Machine	1672 MHz	123.983
CPU Fibonacci
CPU Fibonacci
This Machine	1672 MHz	3.394
Intel(R) Celeron(R) M processor 1.50GHz	(null)	8.1375674
PowerPC 740/750 (280.00MHz)	(null)	58.07682
CPU N-Queens
CPU N-Queens
This Machine	1672 MHz	17.254
FPU FFT
FPU FFT
This Machine	1672 MHz	1.992
FPU Raytracing
FPU Raytracing
This Machine	1672 MHz	17.346
Intel(R) Celeron(R) M processor 1.50GHz	(null)	40.8816714
PowerPC 740/750 (280.00MHz)	(null)	161.312647
"OFF"

Code: Select all

CPU Blowfish
CPU Blowfish
This Machine	2007 MHz	3.228
Intel(R) Celeron(R) M processor 1.50GHz	(null)	26.1876862
PowerPC 740/750 (280.00MHz)	(null)	172.816713
CPU CryptoHash
CPU CryptoHash
This Machine	2007 MHz	108.972
CPU Fibonacci
CPU Fibonacci
This Machine	2007 MHz	3.396
Intel(R) Celeron(R) M processor 1.50GHz	(null)	8.1375674
PowerPC 740/750 (280.00MHz)	(null)	58.07682
CPU N-Queens
CPU N-Queens
This Machine	2007 MHz	15.702
FPU FFT
FPU FFT
This Machine	2007 MHz	1.990
FPU Raytracing
FPU Raytracing
This Machine	2007 MHz	17.496
Intel(R) Celeron(R) M processor 1.50GHz	(null)	40.8816714
PowerPC 740/750 (280.00MHz)	(null)	161.312647
==== Kernel ====
ON_OFF.tar (133 M)
http://www.mediafire.com/file/jgaescps3 ... ON_OFF.tar
md5sum: 3345f95a6d0bcfde1da5da17522a958c ON_OFF.tar

Code: Select all

% su
# ls
ON_OFF.tar
# tar -xf ON_OFF.tar
# ls -R1
.:
OFF
ON

./OFF:
crippled_sources-4.15-rc6-64bit.xzm
v4.15-rc6.tar.xz

./ON:
crippled_sources-4.15-rc6-64bit.xzm
v4.15-rc6.tar.xz
# cd OFF
# xz -dc v4.15-rc6.tar.xz | tar -x
# cd ../ON
# xz -dc v4.15-rc6.tar.xz | tar -x
# cd ..
# ls */*/*/
OFF/v4.15-rc6/32/:
32bit.config

OFF/v4.15-rc6/64/:
64bit.config  lib  repo_getFW-v4.15-rc6-64  vmlinuz

ON/v4.15-rc6/32/:
32bit.config

ON/v4.15-rc6/64/:
64bit.config  lib  repo_getFW-v4.15-rc6-64  vmlinuz
# diff OFF/v4.15-rc6/64/64bit.config ON/v4.15-rc6/64/64bit.config
6037c6037
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y
Note: Changing "CONFIG_PAGE_TABLE_ISOLATION" by "make menuconfig"
Security options --> Remove the kernel mapping in user mode


Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#272 by neko » 08 Jan 2018, 15:20

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15-rc7 <---NEW
The latest stable 4.14 version of the Linux kernel is: 4.14.12
The latest longterm 4.9 version of the Linux kernel is: 4.9.75
The latest longterm 4.4 version of the Linux kernel is: 4.4.110
The latest longterm 4.1 version of the Linux kernel is: 4.1.48
The latest longterm 3.18 version of the Linux kernel is: 3.18.91 (EOL)
The latest linux-next version of the Linux kernel is: next-20180108


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to Porteus Kernel Builder (Post by neko #57468)
or
refer to Porteus Kernel Builder (Post by neko #52232)


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Example "kernel 4.15-rc7" includes 3 kind kernels;
32 bit kernel.
64 bit kernel built with prototype config "PAGE_TABLE_ISOLATION" OFF.
64 bit kernel built with prototype config "PAGE_TABLE_ISOLATION" ON.

If you update the kernel with the example of "PAGE_TABLE_ISOLATION ON" by using "Kernel builder",
please change the symbolic link from "v4.15-rc7/64 --> 64-off" to "v4.15-rc7/64 --> 64-on".


Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#273 by neko » 10 Jan 2018, 23:32

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15-rc7
The latest stable 4.14 version of the Linux kernel is: 4.14.13 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.76 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.111 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.48
The latest longterm 3.18 version of the Linux kernel is: 3.18.91 (EOL)
The latest linux-next version of the Linux kernel is: next-20180110


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to Porteus Kernel Builder (Post by neko #57468)
or
refer to Porteus Kernel Builder (Post by neko #52232)


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note 1:
"64 bit kernel 4.14.13/4.9.76/4.4.111" example was built with prototype config "PAGE_TABLE_ISOLATION ON".

Note 2: Changing "CONFIG_PAGE_TABLE_ISOLATION" by "make menuconfig"
Security options --> Remove the kernel mapping in user mode


Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#274 by neko » 15 Jan 2018, 07:38

1. "Porteus Kernel Builder" was updated to mkKernel-18.01.15-noarch-1.xzm
Please refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232

(1) Config prototypes were updated.

Code: Select all

[4.15-rc 32 Bit]
404a405
> CONFIG_RETPOLINE=y
1333a1335
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

[4.15-rc 64 Bit]
221a222
> CONFIG_BPF_JIT_ALWAYS_ON=y
422a424
> CONFIG_RETPOLINE=y
1342a1345
> CONFIG_GENERIC_CPU_VULNERABILITIES=y
6037c6040
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y

[4.14 64 Bit]
5999c5999
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y

[4.9 64 Bit]
5753c5753
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y

[4.4 64 Bit]
5305c5305
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y
(2) "Kernel Builder" specification is not redesigned yet.
not fix the bug yet:
Please refer to http://forum.porteus.org/viewtopic.php?p=61024#p61024


2. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15-rc8 <---NEW
The latest stable 4.14 version of the Linux kernel is: 4.14.13
The latest longterm 4.9 version of the Linux kernel is: 4.9.76
The latest longterm 4.4 version of the Linux kernel is: 4.4.111
The latest longterm 4.1 version of the Linux kernel is: 4.1.48
The latest longterm 3.18 version of the Linux kernel is: 3.18.91 (EOL)
The latest linux-next version of the Linux kernel is: next-20180112


3. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note: "4.15-rc8 64" config "CONFIG_RETPOLINE=y"
Please refer to
https://www.blog.google/topics/google-c ... rformance/

[Running report of "example 64 Bit 4.15-rc8" kernel]

Code: Select all

# dmesg | grep isolation
[    0.000000] Kernel/User page tables isolation: enabled
# 
# sh ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.27

Checking for vulnerabilities against live running kernel Linux 4.15.0-rc8-porteus #1 SMP PREEMPT Mon Jan 15 10:51:29 UTC 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking wheter we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking wheter we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable: Minimal generic ASM retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking wheter we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
#


Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#275 by neko » 18 Jan 2018, 00:38

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15-rc8
The latest stable 4.14 version of the Linux kernel is: 4.14.14 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.77 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.112 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.48
The latest longterm 3.18 version of the Linux kernel is: 3.18.92 (EOL) <---NEW
The latest linux-next version of the Linux kernel is: next-20180117


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note: Updating config "CONFIG_RETPOLINE=y" by "make oldconfig".
[64bit 4.14.14]
Avoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] (NEW) y
[32bit 4.14.14]
Avoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] (NEW) y
[64bit 4.9.77]
Avoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] (NEW) y
[32bit 4.9.77]
Avoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] (NEW) y



Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#276 by neko » 23 Jan 2018, 02:02

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15-rc9 <---NEW
The latest stable 4.14 version of the Linux kernel is: 4.14.14
The latest longterm 4.9 version of the Linux kernel is: 4.9.77
The latest longterm 4.4 version of the Linux kernel is: 4.4.112
The latest longterm 4.1 version of the Linux kernel is: 4.1.48
The latest longterm 3.18 version of the Linux kernel is: 3.18.92 (EOL)
The latest linux-next version of the Linux kernel is: next-20180119


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".



Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#277 by neko » 24 Jan 2018, 10:50

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15-rc9
The latest stable 4.14 version of the Linux kernel is: 4.14.15 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.78 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.113 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.49 <---NEW
The latest longterm 3.18 version of the Linux kernel is: 3.18.92 (EOL)
The latest linux-next version of the Linux kernel is: next-20180119


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".

Note: Updating config "CONFIG_RETPOLINE=y" by "make oldconfig".
[64bit v4.4.113]
Avoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] (NEW) y
[32bit v4.4.113]
Avoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] (NEW) y



Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#278 by neko » 29 Jan 2018, 07:15

1. "Porteus Kernel Builder" was updated to mkKernel-18.01.29-noarch-1.xzm
Please refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232

(1) New kernel version line 4.15 was added.

(2) Config prototypes were updated.

Code: Select all

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.14/32bit.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.14/32bit.config
3c3
< # Linux/x86 4.14.12 Kernel Configuration
---
> # Linux/x86 4.14.14 Kernel Configuration
402a403
> CONFIG_RETPOLINE=y
1327a1329
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.14/64bit-on.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.14/64bit-on.config
3c3
< # Linux/x86 4.14.13 Kernel Configuration
---
> # Linux/x86 4.14.14 Kernel Configuration
420a421
> CONFIG_RETPOLINE=y
1335a1337
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.14/64bit.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.14/64bit.config
3c3
< # Linux/x86 4.14.13 Kernel Configuration
---
> # Linux/x86 4.14.14 Kernel Configuration
420a421
> CONFIG_RETPOLINE=y
1335a1337
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.4/32bit.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.4/32bit.config
3c3
< # Linux/x86 4.4.110 Kernel Configuration
---
> # Linux/x86 4.4.113 Kernel Configuration
348a349
> CONFIG_RETPOLINE=y
1260a1262
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.4/64bit.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.4/64bit.config
3c3
< # Linux/x86 4.4.111 Kernel Configuration
---
> # Linux/x86 4.4.113 Kernel Configuration
360a361
> CONFIG_RETPOLINE=y
1256a1258
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.9/32bit.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.9/32bit.config
3c3
< # Linux/x86 4.9.75 Kernel Configuration
---
> # Linux/x86 4.9.77 Kernel Configuration
369a370
> CONFIG_RETPOLINE=y
1322a1324
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.9/64bit-on.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.9/64bit-on.config
3c3
< # Linux/x86 4.9.76 Kernel Configuration
---
> # Linux/x86 4.9.77 Kernel Configuration
385a386
> CONFIG_RETPOLINE=y
1325a1327
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.9/64bit.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.9/64bit.config
3c3
< # Linux/x86 4.9.76 Kernel Configuration
---
> # Linux/x86 4.9.77 Kernel Configuration
385a386
> CONFIG_RETPOLINE=y
1325a1327
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.15-rc/32bit.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.15/32bit.config
3c3
< # Linux/x86 4.15.0-rc8 Kernel Configuration
---
> # Linux/x86 4.15.0 Kernel Configuration
1836,1838d1835
< CONFIG_B44_PCI_AUTOSELECT=y
< CONFIG_B44_PCICORE_AUTOSELECT=y
< CONFIG_B44_PCI=y
2134,2135d2130
< CONFIG_B43_PCI_AUTOSELECT=y
< CONFIG_B43_PCICORE_AUTOSELECT=y
2147,2148d2141
< CONFIG_B43LEGACY_PCI_AUTOSELECT=y
< CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y
3243,3245d3235
< CONFIG_SSB_PCIHOST_POSSIBLE=y
< CONFIG_SSB_PCIHOST=y
< CONFIG_SSB_B43_PCI_BRIDGE=y
3252,3253d3241
< CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y
< CONFIG_SSB_DRIVER_PCICORE=y

diff -r mkKernel-18.01.15-noarch-1/usr/local/share/mkKernel/lib/v4.15-rc/64bit.config mkKernel-18.01.29-noarch-1/usr/local/share/mkKernel/lib/v4.15/64bit.config
3c3
< # Linux/x86 4.15.0-rc8 Kernel Configuration
---
> # Linux/x86 4.15.0 Kernel Configuration
1844,1846d1843
< CONFIG_B44_PCI_AUTOSELECT=y
< CONFIG_B44_PCICORE_AUTOSELECT=y
< CONFIG_B44_PCI=y
2150,2151d2146
< CONFIG_B43_PCI_AUTOSELECT=y
< CONFIG_B43_PCICORE_AUTOSELECT=y
2163,2164d2157
< CONFIG_B43LEGACY_PCI_AUTOSELECT=y
< CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y
3248,3250d3240
< CONFIG_SSB_PCIHOST_POSSIBLE=y
< CONFIG_SSB_PCIHOST=y
< CONFIG_SSB_B43_PCI_BRIDGE=y
3257,3258d3246
< CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y
< CONFIG_SSB_DRIVER_PCICORE=y
(3) "Kernel Builder" specification is not redesigned yet.
not fix the bug yet:
Please refer to http://forum.porteus.org/viewtopic.php?p=61024#p61024


2. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15 <---NEW
The latest stable 4.14 version of the Linux kernel is: 4.14.15
The latest longterm 4.9 version of the Linux kernel is: 4.9.78
The latest longterm 4.4 version of the Linux kernel is: 4.4.113
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.92 (EOL)
The latest linux-next version of the Linux kernel is: next-20180126


3. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note: "Linux 4.0 To Linux 4.15 Kernel Benchmarks"
https://www.phoronix.com/scan.php?page= ... -415&num=1


Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#279 by neko » 01 Feb 2018, 03:16

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15
The latest stable 4.14 version of the Linux kernel is: 4.14.16 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.79 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.114 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.93 (EOL) <---NEW
The latest linux-next version of the Linux kernel is: next-20180131


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note: Updating config "BPF_JIT_ALWAYS_ON" is not set by "make oldconfig".
[64bit v4.14.16]
Permanently enable BPF JIT and remove BPF interpreter (BPF_JIT_ALWAYS_ON) [N/y/?] (NEW) N
[64bit v4.9.79]
Permanently enable BPF JIT and remove BPF interpreter (BPF_JIT_ALWAYS_ON) [N/y/?] (NEW) N


Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#280 by neko » 05 Feb 2018, 01:09

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15
The latest stable 4.15 version of the Linux kernel is: 4.15.1 <---NEW
The latest stable 4.14 version of the Linux kernel is: 4.14.17 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.80 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.115 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.93 (EOL)
The latest linux-next version of the Linux kernel is: next-20180202


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note 1: Updating config "CONFIG_BPF_JIT_ALWAYS_ON=y" by "make oldconfig".
[64bit v4.14.17]
Permanently enable BPF JIT and remove BPF interpreter (BPF_JIT_ALWAYS_ON) [N/y/?] (NEW) y
[64bit v4.9.80]
Permanently enable BPF JIT and remove BPF interpreter (BPF_JIT_ALWAYS_ON) [N/y/?] (NEW) y
[64bit v4.4.115]
Permanently enable BPF JIT and remove BPF interpreter (BPF_JIT_ALWAYS_ON) [N/y/?] (NEW) y


Note 2: check spectre/meltdown on kernel 4.15.1
tool: spectre-meltdown-checker.sh (VERSION='0.34+')
https://github.com/speed47/spectre-melt ... checker.sh

result:

Code: Select all

Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.15.1-porteus #1 SMP PREEMPT Sun Feb 4 14:38:09 UTC 2018 x86_64
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
We're missing some kernel info (see -v), accuracy might be reduced

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
* Kernel has array_index_mask_nospec:  UNKNOWN  (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
* Checking count of LFENCE instructions following a jump in kernel:  UNKNOWN  (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
> STATUS:  VULNERABLE  (Kernel source needs to be patched to mitigate the vulnerability)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  UNKNOWN  (couldn't read your kernel configuration nor System.map file)
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer

Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#281 by neko » 08 Feb 2018, 12:43

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15
The latest stable 4.15 version of the Linux kernel is: 4.15.2 <---NEW
The latest stable 4.14 version of the Linux kernel is: 4.14.18 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.80
The latest longterm 4.4 version of the Linux kernel is: 4.4.115
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.94 (EOL) <---NEW
The latest linux-next version of the Linux kernel is: next-20180208


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note 1: Updating config "CONFIG_BPF_JIT_ALWAYS_ON=y" by "make oldconfig".
[64bit v4.14.18]
Permanently enable BPF JIT and remove BPF interpreter (BPF_JIT_ALWAYS_ON) [N/y/?] (NEW) y


Note 2: check spectre/meltdown on kernel 4.15.2
tool: spectre-meltdown-checker.sh (VERSION='0.34+')
https://github.com/speed47/spectre-melt ... checker.sh
result: (set vmlinuz in /boot)

Code: Select all

Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.15.2-porteus #1 SMP PREEMPT Thu Feb 8 11:14:21 UTC 2018 x86_64
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
We're missing some kernel info (see -v), accuracy might be reduced

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer


Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#282 by neko » 12 Feb 2018, 14:25

1. "Porteus Kernel Builder" was updated to mkKernel-18.02.12-noarch-1.xzm
Please refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232

(1) Firmware packages was updated.
constructed with following archlinux packages.
alsa-firmware-1.0.29-noarch-1
bluez-firmware-1.2-noarch-8
ipw2100-fw-1.3-noarch-8
ipw2200-fw-3.1-noarch-6
linux-atm-2.5.2-x86_64-4
linux-firmware-20180119.2a713be-noarch-1
zd1211-firmware-1.5-noarch-1

(2) New kernel version line v4.16-rc was added.
AUF patch for kernel 4.16-rc is not yet offered.
Therefore "aufs4.x-rcN" patch was used for kernel 4.16-rc.
But patching error and compiling error will occur.

[Patching error]
patching file include/linux/mm.h
Hunk #1 FAILED at 1362.
1 out of 1 hunk FAILED -- saving rejects to file include/linux/mm.h.rej

[Compiling error] : error is concerning on type 'atomic64_t'.
fs/aufs/sbinfo.c:163:18: error: wrong type argument to increment
inode->i_version++;
etc.,

[Own patch for v4.16-rc was added]
Own patch for v4.16-rc are mainly used for avoiding AUFS errors.
But the contents of the patch was not understood.
Therefore the result of built with these patches is not assured.

[config for 4.16-rc]
64 Bit config was generated from 64 Bit 4.15 config by the command "make oldconfig".

Code: Select all

*
* GCC plugins
*
GCC plugins (GCC_PLUGINS) [N/y/?] n
Stack Protector buffer overflow detection
> 1. None (CC_STACKPROTECTOR_NONE)
  2. Regular (CC_STACKPROTECTOR_REGULAR)
  3. Strong (CC_STACKPROTECTOR_STRONG)
  4. Automatic (CC_STACKPROTECTOR_AUTO) (NEW)
choice[1-4?]: 1
*
* Linux guest support
*
Linux guest support (HYPERVISOR_GUEST) [Y/n/?] y
  Enable paravirtualization code (PARAVIRT) [N/y/?] n
  Jailhouse non-root cell support (JAILHOUSE_GUEST) [N/y/?] (NEW) N
Defer initialisation of struct pages to kthreads (DEFERRED_STRUCT_PAGE_INIT) [N/y/?] (NEW) N
ACPI Serial Port Console Redirection Support (ACPI_SPCR_TABLE) [Y/n/?] (NEW) Y
"srh" Segment Routing header match support (IP6_NF_MATCH_SRH) [N/m/?] (NEW) N
Enable USB autosuspend for Bluetooth USB devices by default (BT_HCIBTUSB_AUTOSUSPEND) [N/y/?] (NEW) N
Realtek PCI-E card reader (MISC_RTSX_PCI) [N/m/y/?] (NEW) N
Realtek USB card reader (MISC_RTSX_USB) [N/m/y/?] (NEW) N
Default SATA Link Power Management policy for mobile chipsets (SATA_MOBILE_LPM_POLICY) [0] (NEW) 
Unstriped target (DM_UNSTRIPED) [N/m/?] (NEW) N
Cavium PTP coprocessor as PTP clock (CAVIUM_PTP) [Y/n/m/?] (NEW) n
Cortina Gemini devices (NET_VENDOR_CORTINA) [Y/n/?] (NEW) n
Socionext ethernet drivers (NET_VENDOR_SOCIONEXT) [Y/n/?] (NEW) n
MediaTek MT76x2E (PCIe) support (MT76x2E) [N/m/?] (NEW) m
Simulated networking device (NETDEVSIM) [N/m/y/?] (NEW) m
ACCES PCIe-IDIO-24 GPIO support (GPIO_PCIE_IDIO_24) [N/m/y/?] (NEW) m
Nuvoton W83773G (SENSORS_W83773G) [N/m/y/?] (NEW) m
LIRC user interface (LIRC) [N/y/?] (NEW) N
Enable DVB memory-mapped API (EXPERIMENTAL) (DVB_MMAP) [N/y/?] (NEW) N
Enable DVB net ULE packet debug messages (DVB_ULE_DEBUG) [N/y/?] (NEW) N
OmniVision OV7740 sensor support (VIDEO_OV7740) [N/m/y/?] (NEW) m
NXP TDA18250 silicon tuner (MEDIA_TUNER_TDA18250) [M/n/y/?] (NEW) m
Jabra USB HID Driver (HID_JABRA) [N/m/y/?] (NEW) m
xHCI support for debug capability (USB_XHCI_DBGCAP) [N/y/?] (NEW) N
SDHCI support for Fujitsu Semiconductor F_SDH30 (MMC_SDHCI_F_SDH30) [N/m/y/?] (NEW) y
LED Netdev Trigger (LEDS_TRIGGER_NETDEV) [N/m/y/?] (NEW) n
Virtio drivers (VIRTIO_MENU) [Y/n/?] (NEW) n
Acer Wireless Radio Control Driver (ACER_WIRELESS) [N/m/y/?] (NEW) m
GPD Pocket Fan Controller support (GPD_POCKET_FAN) [N/m/y/?] (NEW) N
Platform support for Mellanox hardware (MELLANOX_PLATFORM) [N/y/?] (NEW) N
SoundWire support (SOUNDWIRE) [N/y/?] (NEW) N
Xilinx VCU logicoreIP Init (XILINX_VCU) [N/m/y/?] (NEW) N
Unisys visorbus driver (UNISYS_VISORBUS) [N/m/y/?] (NEW) N
Eckelmann SIOX Support (SIOX) [N/m/y/?] (NEW) N
SLIMbus support (SLIMBUS) [N/m/y/?] (NEW) N
Overlayfs: turn on NFS export feature by default (OVERLAY_FS_NFS_EXPORT) [N/y/?] (NEW) y
Runtime Testing (RUNTIME_TESTING_MENU) [N/y/?] (NEW) N
Platform Security Processor (PSP) device (CRYPTO_DEV_SP_PSP) [Y/n/?] (NEW) Y
AMD Secure Encrypted Virtualization (SEV) support (KVM_AMD_SEV) [Y/n/?] (NEW) Y
32 Bit config was generated from 64 Bit config by the command "make menuconfig".


2. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc1 <---NEW
The latest stable 4.15 version of the Linux kernel is: 4.15.3 <---NEW
The latest longterm 4.14 version of the Linux kernel is: 4.14.18
The latest longterm 4.9 version of the Linux kernel is: 4.9.80
The latest longterm 4.4 version of the Linux kernel is: 4.4.115
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.94 (EOL)
The latest linux-next version of the Linux kernel is: next-20180212


3. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note 1: check spectre/meltdown on kernel 4.16-rc1
tool: spectre-meltdown-checker.sh (VERSION='0.34+')
https://github.com/speed47/spectre-melt ... checker.sh
result: (set vmlinuz in /boot)

Code: Select all

Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.16.0-rc1-porteus #1 SMP PREEMPT Mon Feb 12 12:05:18 UTC 2018 x86_64
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
We're missing some kernel info (see -v), accuracy might be reduced

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer


Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#283 by neko » 15 Feb 2018, 04:02

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.16-rc1
The latest stable 4.15 version of the Linux kernel is: 4.15.3
The latest longterm 4.14 version of the Linux kernel is: 4.14.19 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.81 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.115
The latest longterm 4.1 version of the Linux kernel is: 4.1.49
The latest longterm 3.18 version of the Linux kernel is: 3.18.94 (EOL)
The latest linux-next version of the Linux kernel is: next-20180214


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to http://forum.porteus.org/viewtopic.php?p=57468#p57468
or
refer to http://forum.porteus.org/viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note 1: check spectre/meltdown on kernel 4.14.19
tool: spectre-meltdown-checker.sh (VERSION='0.34+')
https://github.com/speed47/spectre-melt ... checker.sh

result: (set vmlinuz in /boot)

Code: Select all

Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.14.19-porteus #1 SMP PREEMPT Thu Feb 15 01:26:07 UTC 2018 x86_64
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
We're missing some kernel info (see -v), accuracy might be reduced

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer


Thanks.

neko
DEV Team
DEV Team
Posts: 2107
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#284 by neko » 16 Feb 2018, 08:38

==== Kernel of Porteus 4.0rc4 ====

[check spectre/meltdown on Porteus-XFCE-v4.0rc4-x86_64.iso]
tool: spectre-meltdown-checker.sh (VERSION='0.34+')
https://github.com/speed47/spectre-melt ... checker.sh

result: (set vmlinuz in /boot)

Code: Select all

Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.15.2-porteus #3 SMP PREEMPT Sun Feb 11 18:34:01 -02 2018 x86_64
CPU is Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
We're missing some kernel info (see -v), accuracy might be reduced

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 92 stepping 9 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  UNKNOWN  (couldn't check (missing 'readelf' tool, please install it, usually it's in the 'binutils' package))
* Checking count of LFENCE instructions following a jump in kernel:  UNKNOWN  (couldn't check (missing 'readelf' tool, please install it, usually it's in the 'binutils' package))
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  UNKNOWN  (couldn't read your kernel configuration)
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline - vulnerable module loaded)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  UNKNOWN  (couldn't read your kernel configuration nor System.map file)
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer

[update to kernel 4.15.3 with the config of Porteus-XFCE-v4.0rc4-x86_64.iso kernel by gcc-7.3.0-x86_64-1]
4.0rc4-v4.15.3.tar.xz (47 M)
http://www.mediafire.com/file/7jaxhovex ... 5.3.tar.xz
md5sum: 0db6569968ddf786dcfe9bf4b5744aa7 4.0rc4-v4.15.3.tar.xz

4.0rc4-crippled_sources-4.15.3-64bit.xzm (20 M)
http://www.mediafire.com/file/2e6476c1g ... -64bit.xzm
md5sum: 436a3b9993f9709aff7e4fd29ef57e4c 4.0rc4-crippled_sources-4.15.3-64bit.xzm


Thanks.

Jack
Contributor
Contributor
Posts: 1857
Joined: 09 Aug 2013, 14:25
Distribution: Porteus and Nemesis
Location: USA

Porteus Kernel Builder

Post#285 by Jack » 17 Feb 2018, 07:45

Did you forget to upgrade these?

Code: Select all

crippled_sources-4.14.18-32bit.xzm (19 M)
http://www.mediafire.com/file/3j67x6pcx ... -32bit.xzm
md5sum: b02382e352947c5f3b08bb27fbe814c2 crippled_sources-4.14.18-32bit.xzm

crippled_sources-4.14.18-64bit.xzm (20 M)
http://www.mediafire.com/file/bhhfmkhgg ... -64bit.xzm
md5sum: e8da89f1023f03922211a5fe79736b29 crippled_sources-4.14.18-64bit.xzm

crippled_sources-4.9.80-32bit.xzm (18 M)
http://www.mediafire.com/file/9xbv56663 ... -32bit.xzm
md5sum: 0a50ff97ccf3e3f22ea24b6cab97740e crippled_sources-4.9.80-32bit.xzm

crippled_sources-4.9.80-64bit.xzm (18 M9
http://www.mediafire.com/file/xx2ru3m8b ... -64bit.xzm
md5sum: a7fe3ecb95ef7556a13c6174b1564643 crippled_sources-4.9.80-64bit.xzm
I just like Slackware because I think it teach you about Linux to build packages where Ubuntu is like Windows you just install programs you want.

Post Reply