DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
Old 11th January 2018
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 314
Default

Fujitsu has published a list of affected machines which includes some affected Sparc-Models:
Fujitsu SPARC M12-1/M12-2/M12-2S and M10-1/M10-4/M10-4S

https://sp.ts.fujitsu.com/dmsp/Publi...u-products.pdf
Reply With Quote
Old 14th January 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

https://marc.info/?l=openbsd-cvs&m=151570987406841&w=2
Quote:
Log message:
Update the Intel microcode once the root filesystem has been mounted.
This depends on the intel-firmware package that contains newer Intel
microcode which will be installed automatically by fw_update(1).

The update should happen much earlier since updating the microcode can
add or remove not only feature flags but also whole features. For now
only update feature flags that are relevant to Spectre.
<Edit>
https://marc.info/?l=openbsd-tech&m=151588857304763&w=2
Quote:
Patrick and others commited amd64 Intel cpu microcode update code
over the last few days. The approach isn't perfect, but it is good
enough for a start. I want to explain the situation.

When you fw_update, you'll get the firmware files.

Upon a reboot, it will attempt to update the microcode on your cpus.
Maybe there isn't a new microcode.
</Edit>

It is worth to note that a lot of sources claims that updated microcode contains flaws.
https://support.lenovo.com/pl/pl/solutions/len-18282
Quote:
Withdrawn Broadwell & Haswell CPU Microcode Update: Intel provides the CPU microcode updates required to address Variant 2, which manufacturers like Lenovo then incorporate into their UEFI firmware. Intel has notified manufacturers of quality issues in the initial Broadwell and Haswell microcode updates with instructions to no longer distribute the affected microcode. As such, Lenovo has withdrawn previously issued UEFI firmware containing the affected Broadwell and Haswell CPU microcode.
http://www.dell.com/support/article/...-?lang=en#bios
Quote:
Intel has communicated a potential issue with the microcode included in these BIOS updates for Intel Xeon Haswell and Broadwell processors listed below.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 14th January 2018 at 02:37 PM. Reason: Added edit, because saw Theo de Raadt mail to tech
Reply With Quote
Old 14th January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

I'm running -current with the Intel firmware and having no issues, but on a Sandy Bridge (I5-2520M).
Reply With Quote
Old 14th January 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by jggimi View Post
I'm running -current with the Intel firmware and having no issues, but on a Sandy Bridge (I5-2520M).
I think that Intel does not prepared microcode update for Sandy Bridge yet. Older generations, such as Sandy Bridge, are going to receive microcode updates to mitiagate Spectre later. Probably February or even March.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 15th January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

The January 8 microcode update was applicable, according to Intel, but it may just be an all-inclusive package.
Reply With Quote
Old 15th January 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by jggimi View Post
The January 8 microcode update was applicable, according to Intel, but it may just be an all-inclusive package.
I extracted that archive and in release notes I don't see any Sandy Bridge update, but maybe these shortcuts and numbers are hiding Sandy Bridge from me.

Quote:
-- Updates upon 20171117 release --
IVT C0 (06-3e-04:ed) 428->42a
SKL-U/Y D0 (06-4e-03:c0) ba->c2
BDW-U/Y E/F (06-3d-04:c0) 25->28
HSW-ULT Cx/Dx (06-45-01:72) 20->21
Crystalwell Cx (06-46-01:32) 17->18
BDW-H E/G (06-47-01:22) 17->1b
HSX-EX E0 (06-3f-04:80) 0f->10
SKL-H/S R0 (06-5e-03:36) ba->c2
HSW Cx/Dx (06-3c-03:32) 22->23
HSX C0 (06-3f-02:6f) 3a->3b
BDX-DE V0/V1 (06-56-02:10) 0f->14
BDX-DE V2 (06-56-03:10) 700000d->7000011
KBL-U/Y H0 (06-8e-09:c0) 62->80
KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80
KBL-H/S B0 (06-9e-09:2a) 5e->80
CFL U0 (06-9e-0a:22) 70->80
CFL B0 (06-9e-0b:02) 72->80
SKX H0 (06-55-04:b7) 2000035->200003c
GLK B0 (06-7a-01:01) 1e->22
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 15th January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

There is microcode for it, but it doesn't appear to have been updated since November 17.
  • The web page lists the CPU in its "This download is valid for the product(s) listed below" section.
  • The kernel searches for /etc/firmware/intel/06-2a-07 which is included in the bundle.
Reply With Quote
Old 23rd January 2018
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 163
Default Any sufficiently advanced bug is indistinguishable from a feature...

It looks like Linus Torvalds is not happy with Intel again apparently because Intel is treating bug fixing as a optional "feature".

http://www.theregister.co.uk/2018/01...tre_fix_linux/
__________________
When you see a good move, look for a better one.
--Lasker
Reply With Quote
Old 23rd January 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

https://newsroom.intel.com/news/root...-and-partners/
Quote:
As we start the week, I want to provide an update on the reboot issues we reported Jan. 11. We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed.
http://www.dell.com/support/article/...oducts?lang=en
Quote:
Intel has communicated new guidance regarding the "reboot issues" with the microcode included in the BIOS updates released to address Spectre (Variant 2), CVE-2017-5715.
[..]
As a reminder, the Operating System patches are not impacted and still provide mitigations to Spectre (Variant 1) and Meltdown (Variant 3). The microcode update is only required for Spectre (Variant 2), CVE-2017-5715.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 23rd January 2018
blackhole's Avatar
blackhole blackhole is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 314
Default

Quote:
Originally Posted by comet--berkeley View Post
It looks like Linus Torvalds is not happy with Intel again apparently because Intel is treating bug fixing as a optional "feature".
I find it hard to take Torvalds seriously. "Security features" in Linux have almost always been "opt in", so not sure why he's suddenly mouthing off about this.
Reply With Quote
Old 25th January 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Richard Stallman statement:
Quote:
Originally Posted by Richard Stallman
Meltdown and Spectre are errors. Grave errors, to be sure, but not evidently malicious. Everyone makes mistakes.

Intel has done far worse with its CPUs than make a mistake. It has built in an intentional back door called the Management Engine.

Important as these bugs are, don't let Intel's mistakes distract you from Intel's deliberate attack!
https://www.fsf.org/blogs/community/...13-take-action
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 25th January 2018
LeFrettchen's Avatar
LeFrettchen LeFrettchen is offline
Marveled user
 
Join Date: Aug 2012
Location: France
Posts: 405
Default

Quote:
Originally Posted by e1-531g View Post
Richard Stallman statement:
Personaly, I don't give any credence to him...
__________________
ThinkPad W500 P8700 6GB HD3650 - faultry
ThinkStation P700 2x2620v3 32GB 1050ti 3xSSD 1xHDD
Reply With Quote
Old 8th February 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Intel releases stable Spectre patches for Skylake PCs, recovering from a bad bout of bugs

Intel’s updates come as part of a new document that tracks the progress of the microcode revisions, which will presumably continue to be updated over time.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 14th February 2018
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 163
Default

Quote:
Originally Posted by gpatrick View Post
This is why I have for the longest time been saying that Linux/x86 is a bad thing to have take over the world. There should and need to be more options than just Linux and just x86_64.

The world still needs mainframes and it still needs AIX and Solaris. The world still needs Z, POWER, SPARC.
Many machines use speculative_execution and are susceptible to Spectre.

Unfortunately this may include the IBM Z system. Here is an article on Spectre changes to GCC for the system 390:

https://www.phoronix.com/scan.php?pa...tre-V2-Changes

When I look through my own old hardware, the slower simpler machines seem safer.

I have an Intel Atom D510 machine whose cpu was released in 2010. It appears to be immune to Meltdown and Spectre. It was designed to operate at low power and apparently does not do speculative execution.
__________________
When you see a good move, look for a better one.
--Lasker
Reply With Quote
Old 17th February 2018
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

32 class-action suits filed against Intel over Spectre and Meltdown flaws (Ars Technica)

32 so far ...
Reply With Quote
Old 22nd February 2018
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

MeltDown fix committed to current

https://undeadly.org/cgi?action=arti...20180221201856
Reply With Quote
Old 3rd March 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Date: 2018-02-28 22:09:52
Workaround solving Meltdown problem available for -release.
Quote:
Originally Posted by T.J. Townsend
Errata patches for a speculative execution flaw in Intel CPUs have been
released for OpenBSD 6.2 and 6.1.

Intel CPUs contain a flaw called "Meltdown" which allows userspace programs
to access kernel memory.

Binary updates for the amd64 platform are available via the syspatch utility.
Source code patches can be found on the respective errata pages:

https://www.openbsd.org/errata61.html
https://www.openbsd.org/errata62.html

As these affect the kernel, a reboot will be needed after patching.
https://newsroom.intel.com/wp-conten...e-guidance.pdf
Intel prepared fixed, stable microcode for Broadwell and Haswell CPUs and sent them to OEMs as part of Spectre v2 mitigation.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 3rd March 2018 at 09:52 AM. Reason: added microcode status
Reply With Quote
Old 7th March 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

It seems Intel has fixed microcode for Ivy Bridge, Sandy Bridge and made it available for OEMs, but I don't know whether regular users can find this updated microcode at their sites.
march 6, 2018
https://newsroom.intel.com/wp-conten...e-guidance.pdf
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 17th March 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by jggimi View Post
There is microcode for it, but it doesn't appear to have been updated since November 17.
  • The web page lists the CPU in its "This download is valid for the product(s) listed below" section.
  • The kernel searches for /etc/firmware/intel/06-2a-07 which is included in the bundle.
Can you tell how did you managed to know which microcode file kernel is searching for?
I would like to know about microcode for my processor i5-3320M
Windows program called CPU-Z says:
Code:
Family:6
Model: A
Ext. Model: 3A
Stepping: 9
Revision: E1/L1
Intel provided microcode package 2018-03-12:
https://downloadcenter.intel.com/dow...code-Data-File
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 18th March 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Yesterday OpenBSD-current had previous Intel firmware from November. Today it has firmware released in march. It should contain Spectre fixes for Sandy and Ivy Bridge, Haswell and so on, but probably mitigations need also OS kernel counterparts to be effective, which at the moment OpenBSD does not have.
http://firmware.openbsd.org/firmware/snapshots/

Meltdown and Spectre PoC for OpenBSD. This is not mine. Use at your own risk.
https://github.com/genua/meltdown
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD Porting Workshop January 3, 2018 ibara OpenBSD Packages and Ports 26 8th March 2018 07:43 PM
Russia Wants to Launch Backup DNS System by August 1, 2018 e1-531g News 2 1st December 2017 10:47 AM
Home LAN design help. silex OpenBSD General 0 15th December 2012 09:40 AM
Hardware Intel finds flaw in Sandy Bridge chipset J65nko News 5 2nd February 2011 11:58 AM
HTTP cookies, or how not to design protocols J65nko News 2 31st October 2010 07:39 AM


All times are GMT. The time now is 11:14 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick