Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 18 Aug 2018, 11:02
All times are UTC - 4
 Forum index » Off-Topic Area » Security
It's official: Intel to only patch past 5 yrs chips ;-(
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [13 Posts]  
Author Message
belham2

Joined: 15 Aug 2016
Posts: 1531

PostPosted: Thu 11 Jan 2018, 06:09    Post subject:  It's official: Intel to only patch past 5 yrs chips ;-(  

Straight out of the Sodom & Gomorrah's Santa Clara mouths, Intel has made it official:

".....Intel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this....

.....Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates....

Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched....

...As always, Intel advises it's also worth avoiding suspicious programs, websites, and links.
"

Love, love, absolutely love that last line Laughing


As I mentioned early last week & others have hinted at too, this just confirms my deep suspicion that Intel (and others) are giddy over this Spectre & Meltdown dustup. They are going to force a massive whale load of private citizen's & corporate servers & desktop PCs around the world, many of whom run Intel chips that are older than 5 yrs ago, to upgrade to a new chip & hardware system. Hardware mftrs, from the looks of Dells, HPs and Asus' statements the past few days, are overly joyed too.


Ahhhh, when given lemons, in Santa Clara, they make the most wunderbar lemonade Rolling Eyes
Back to top
View user's profile Send private message 
Sailor Enceladus

Joined: 22 Feb 2016
Posts: 1540

PostPosted: Thu 11 Jan 2018, 09:34    Post subject:  

I found the slowness of disk writes when compiling using kernel 3.16.53 (released January 9th) in Slacko 6.9.9.9 a torturing unbearable experience on my Intel Pentium M laptop, so I reverted back to 3.16.51. Is this the kaiser/kpti patch at work? Twisted Evil

Might see if the newest 4.4 release handles it better in Puduan later...
Back to top
View user's profile Send private message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 1935
Location: Wisconsin USA

PostPosted: Thu 11 Jan 2018, 20:15    Post subject:  

The age of your CPU is irrelevant if the company that makes the motherboard doesn't provide firmware updates anyways.
_________________
....
Back to top
View user's profile Send private message 
anikin

Joined: 10 May 2012
Posts: 1020

PostPosted: Fri 12 Jan 2018, 08:29    Post subject: Re: It's official: Intel to only patch past 5 yrs chips ;-(  

belham2 wrote:
Straight out of the Sodom & Gomorrah's Santa Clara mouths, Intel has made it official:

".....Intel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this....

.....Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates....

Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched....

...As always, Intel advises it's also worth avoiding suspicious programs, websites, and links.
"

Love, love, absolutely love that last line Laughing


As I mentioned early last week & others have hinted at too, this just confirms my deep suspicion that Intel (and others) are giddy over this Spectre & Meltdown dustup. They are going to force a massive whale load of private citizen's & corporate servers & desktop PCs around the world, many of whom run Intel chips that are older than 5 yrs ago, to upgrade to a new chip & hardware system. Hardware mftrs, from the looks of Dells, HPs and Asus' statements the past few days, are overly joyed too.


Ahhhh, when given lemons, in Santa Clara, they make the most wunderbar lemonade Rolling Eyes

The reality is a little bit different. If I understand CEO of Intel correctly, eventually, most if not all their processors will be covered.

An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
Quote:
1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
https://newsroom.intel.com/news-releases/security-first-pledge

Facts about The New Security Research Findings and Intel® Products
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1531

PostPosted: Fri 12 Jan 2018, 08:39    Post subject: Re: It's official: Intel to only patch past 5 yrs chips ;-(  

anikin wrote:
belham2 wrote:
Straight out of the Sodom & Gomorrah's Santa Clara mouths, Intel has made it official:

".....Intel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this....

.....Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates....

Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched....

...As always, Intel advises it's also worth avoiding suspicious programs, websites, and links.
"

Love, love, absolutely love that last line Laughing


As I mentioned early last week & others have hinted at too, this just confirms my deep suspicion that Intel (and others) are giddy over this Spectre & Meltdown dustup. They are going to force a massive whale load of private citizen's & corporate servers & desktop PCs around the world, many of whom run Intel chips that are older than 5 yrs ago, to upgrade to a new chip & hardware system. Hardware mftrs, from the looks of Dells, HPs and Asus' statements the past few days, are overly joyed too.


Ahhhh, when given lemons, in Santa Clara, they make the most wunderbar lemonade Rolling Eyes

The reality is a little bit different. If I understand CEO of Intel correctly, eventually, most if not all their processors will be covered.

An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
Quote:
1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
https://newsroom.intel.com/news-releases/security-first-pledge

Facts about The New Security Research Findings and Intel® Products
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html



No, it is only processors from the past 5 years. You're trying to read between the lines, and employ wishful thinking. Their CEO and various heads came blatantly out (verbally) the other day and said "Only past 5 years". When asked about anything before that, they said "NO". Same is now occurring for hardware manufacturers.


Customers he was referring to are not you and me, not retail. It's the huge commercial companies and vendors servicing them. Would be nice, but they nixed that yesterday.
Back to top
View user's profile Send private message 
Keisha

Joined: 18 Nov 2014
Posts: 465

PostPosted: Fri 12 Jan 2018, 21:13    Post subject:  

The title of this thread, "It's official: Intel to only patch past 5 yrs chips ;-(" is mistaken, since Intel does seem to be making a good-faith effort to supply the necessary microcode to defend against Spectre, for processors older than five years. The Intel microcode update page (https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File), published yesterday January 11 2018, includes a long scrollable list of all the processors the latest update (20180108) applies to. The list appears to include every CPU Intel has ever made during the last 19 years, all the way back to vintage-1999 Pentium 3 and Celeron processors with 100 MHz front side bus.
_________________
“A wise man can learn more from a foolish question than a fool can learn from a wise answer.” --Bruce Lee
Back to top
View user's profile Send private message 
Marv


Joined: 04 May 2005
Posts: 1067
Location: SW Wisconsin

PostPosted: Fri 12 Jan 2018, 21:45    Post subject:  

Keisha wrote:
The title of this thread, "It's official: Intel to only patch past 5 yrs chips ;-(" is mistaken, since Intel does seem to be making a good-faith effort to supply the necessary microcode to defend against Spectre, for processors older than five years. The Intel microcode update page (https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File), published yesterday January 11 2018, includes a long scrollable list of all the processors the latest update (20180108) applies to. The list appears to include every CPU Intel has ever made during the last 19 years, all the way back to vintage-1999 Pentium 3 and Celeron processors with 100 MHz front side bus.
Watching and waiting, not with a lot of hope. I have three classes of intel CPUs older than 5 yrs that are all vulnerable and in that 'covered' list but the relevant microcode for none of them is in the 20180108 update. We'll see. I do have a kernel running on all of my pups that has the kpti patches in and working and ucode load capability in and working (from Fatdog64-721) so I can test any future releases quickly.
_________________
Pups currently in kennel Very Happy LxPupSc and X-slacko-4.4 for my users; LxPupSc, LxPupSc64, and LxPupBB for me. All good pups indeed, and all running savefiles for look'n'feel only. Browsers, etc. solely from SFS. Now tazpup for puzzles Smile
Back to top
View user's profile Send private message 
ozsouth

Joined: 01 Jan 2010
Posts: 346
Location: S.E Australia

PostPosted: Fri 12 Jan 2018, 22:21    Post subject:  

My 5-8 yr old CPUs are on the list, but Slacko 64 does not appear to be able to use the microcode (CONFIG_MICROCODE not enabled in kernels). Tahr 64 6.0.6 has it as a module, also with OLD enabled, so I ran modprobe microcode, then tried to install via dd instruction. Had to delete /dev/cpu/microcode first.
Must re-run on each bootup. Package manager only has iucode-tool, which wouldn't install.

EDIT: Test via pkg in this forum's Security section says VULNERABLE = NOT WORKING. Back to mitigation.

Last edited by ozsouth on Fri 12 Jan 2018, 22:36; edited 2 times in total
Back to top
View user's profile Send private message 
Keisha

Joined: 18 Nov 2014
Posts: 465

PostPosted: Fri 12 Jan 2018, 22:28    Post subject:  

Marv wrote:
...I have three classes of intel CPUs older than 5 yrs that are all vulnerable and in that 'covered' list but the relevant microcode for none of them is in the 20180108 update...
Ah...so it's a list of CPU's which Intel *promises* it can fix some of now and the rest Real Soon with microcode,...and the microcode for the ones it doesn't cover, such as yours, is still vaporware!

Not encouraging, when you consider that Intel has actually had since last June, six or seven months now, to work on devising the needed microcode.

_________________
“A wise man can learn more from a foolish question than a fool can learn from a wise answer.” --Bruce Lee
Back to top
View user's profile Send private message 
Keisha

Joined: 18 Nov 2014
Posts: 465

PostPosted: Sat 13 Jan 2018, 00:07    Post subject:  

(***edited: I should've studied the readme that comes with the source to iucode-tool before I tried fixing this.***)

I've deleted my wild guesses and rants which were formerly here.

A few links and useful code snippets:

Download the iucode-tool source:
Code:
git clone https://gitlab.com/iucode-tool/iucode-tool.git

To check versions of after-boot application of Intel microcode:
Code:
iucode_tool -tb -lS /lib/firmware/intel-ucode/*

The Intel microcode updates as of Jan. 12 2018:
https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
The spectre-meltdown-checker.sh script:
https://www.ghacks.net/2018/01/11/check-linux-for-spectre-or-meltdown-vulnerability/
Ubuntu kernel updates against Spectre and Meltdown:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown, https://usn.ubuntu.com/usn/usn-3524-1/)

_________________
“A wise man can learn more from a foolish question than a fool can learn from a wise answer.” --Bruce Lee

Last edited by Keisha on Sat 13 Jan 2018, 15:24; edited 2 times in total
Back to top
View user's profile Send private message 
Keisha

Joined: 18 Nov 2014
Posts: 465

PostPosted: Sat 13 Jan 2018, 03:48    Post subject:  

(deleted by poster)
_________________
“A wise man can learn more from a foolish question than a fool can learn from a wise answer.” --Bruce Lee

Last edited by Keisha on Sat 13 Jan 2018, 15:23; edited 1 time in total
Back to top
View user's profile Send private message 
Keisha

Joined: 18 Nov 2014
Posts: 465

PostPosted: Sat 13 Jan 2018, 12:28    Post subject:  

Uh...wait a minute...in Fedora, microcode is loaded during the initramfs...
_________________
“A wise man can learn more from a foolish question than a fool can learn from a wise answer.” --Bruce Lee
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 3151
Location: The Blue Marble

PostPosted: Sat 13 Jan 2018, 23:15    Post subject:  

The best source of information is straight from the horse's mouth: https://www.kernel.org/doc/Documentation/x86/microcode.txt.

For the record, Fatdog64 721 uses early microcode loading. The kernel actually supports both. The early microcode data is in Fatdog's initrd under /kernel directory, which comes from Intel's website, processed according to the link given above.

The iucode-tool that Keisha referred to earlier is useful to check if there is an update to the CPU where that tool is running on, and if yes, the last updated date of that update.
Here's output from my system:
Code:
# ./iucode_tool -v -S -l /tmp/x/microcode.dat
...
selected microcodes:
  001/142: sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
./iucode_tool: selected 1 microcode(s), 1 signature(s)
This output matches my "dmesg" output:
Code:
[    0.000000] microcode: microcode updated early to revision 0x21, date = 2017-11-20

Now the bigger question is this: what does the microcode update fix, actually? Twisted Evil

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [13 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0660s ][ Queries: 12 (0.0048s) ][ GZIP on ]