It's official: Intel to only patch past 5 yrs chips ;-(
It's official: Intel to only patch past 5 yrs chips ;-(
Straight out of the Sodom & Gomorrah's Santa Clara mouths, Intel has made it official:
".....Intel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this....
.....Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates....
Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched....
...As always, Intel advises it's also worth avoiding suspicious programs, websites, and links."
Love, love, absolutely love that last line
As I mentioned early last week & others have hinted at too, this just confirms my deep suspicion that Intel (and others) are giddy over this Spectre & Meltdown dustup. They are going to force a massive whale load of private citizen's & corporate servers & desktop PCs around the world, many of whom run Intel chips that are older than 5 yrs ago, to upgrade to a new chip & hardware system. Hardware mftrs, from the looks of Dells, HPs and Asus' statements the past few days, are overly joyed too.
Ahhhh, when given lemons, in Santa Clara, they make the most wunderbar lemonade
".....Intel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this....
.....Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates....
Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched....
...As always, Intel advises it's also worth avoiding suspicious programs, websites, and links."
Love, love, absolutely love that last line
As I mentioned early last week & others have hinted at too, this just confirms my deep suspicion that Intel (and others) are giddy over this Spectre & Meltdown dustup. They are going to force a massive whale load of private citizen's & corporate servers & desktop PCs around the world, many of whom run Intel chips that are older than 5 yrs ago, to upgrade to a new chip & hardware system. Hardware mftrs, from the looks of Dells, HPs and Asus' statements the past few days, are overly joyed too.
Ahhhh, when given lemons, in Santa Clara, they make the most wunderbar lemonade
-
- Posts: 1543
- Joined: Mon 22 Feb 2016, 19:43
I found the slowness of disk writes when compiling using kernel 3.16.53 (released January 9th) in Slacko 6.9.9.9 a torturing unbearable experience on my Intel Pentium M laptop, so I reverted back to 3.16.51. Is this the kaiser/kpti patch at work?
Might see if the newest 4.4 release handles it better in Puduan later...
Might see if the newest 4.4 release handles it better in Puduan later...
-
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
Re: It's official: Intel to only patch past 5 yrs chips ;-(
belham2 wrote:Straight out of the Sodom & Gomorrah's Santa Clara mouths, Intel has made it official:
".....Intel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this....
.....Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates....
Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched....
...As always, Intel advises it's also worth avoiding suspicious programs, websites, and links."
Love, love, absolutely love that last line
As I mentioned early last week & others have hinted at too, this just confirms my deep suspicion that Intel (and others) are giddy over this Spectre & Meltdown dustup. They are going to force a massive whale load of private citizen's & corporate servers & desktop PCs around the world, many of whom run Intel chips that are older than 5 yrs ago, to upgrade to a new chip & hardware system. Hardware mftrs, from the looks of Dells, HPs and Asus' statements the past few days, are overly joyed too.
Ahhhh, when given lemons, in Santa Clara, they make the most wunderbar lemonade
The reality is a little bit different. If I understand CEO of Intel correctly, eventually, most if not all their processors will be covered.
An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
https://newsroom.intel.com/news-release ... rst-pledge1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
Facts about The New Security Research Findings and Intel® Products
https://www.intel.com/content/www/us/en ... ducts.html
Re: It's official: Intel to only patch past 5 yrs chips ;-(
anikin wrote:belham2 wrote:Straight out of the Sodom & Gomorrah's Santa Clara mouths, Intel has made it official:
".....Intel today announced that the firmware updates and software patches that are being released for its CPUs render Intel-based computer systems "immune" to both the Spectre and Meltdown exploits that were widely publicized this....
.....Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems -- including personal computers and servers -- that render those systems immune from both exploits (referred to as "Spectre" and "Meltdown") reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates....
Intel says updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched....
...As always, Intel advises it's also worth avoiding suspicious programs, websites, and links."
Love, love, absolutely love that last line
As I mentioned early last week & others have hinted at too, this just confirms my deep suspicion that Intel (and others) are giddy over this Spectre & Meltdown dustup. They are going to force a massive whale load of private citizen's & corporate servers & desktop PCs around the world, many of whom run Intel chips that are older than 5 yrs ago, to upgrade to a new chip & hardware system. Hardware mftrs, from the looks of Dells, HPs and Asus' statements the past few days, are overly joyed too.
Ahhhh, when given lemons, in Santa Clara, they make the most wunderbar lemonade
The reality is a little bit different. If I understand CEO of Intel correctly, eventually, most if not all their processors will be covered.
An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leadershttps://newsroom.intel.com/news-release ... rst-pledge1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
Facts about The New Security Research Findings and Intel® Products
https://www.intel.com/content/www/us/en ... ducts.html
No, it is only processors from the past 5 years. You're trying to read between the lines, and employ wishful thinking. Their CEO and various heads came blatantly out (verbally) the other day and said "Only past 5 years". When asked about anything before that, they said "NO". Same is now occurring for hardware manufacturers.
Customers he was referring to are not you and me, not retail. It's the huge commercial companies and vendors servicing them. Would be nice, but they nixed that yesterday.
The title of this thread, "It's official: Intel to only patch past 5 yrs chips ;-(" is mistaken, since Intel does seem to be making a good-faith effort to supply the necessary microcode to defend against Spectre, for processors older than five years. The Intel microcode update page (https://downloadcenter.intel.com/downlo ... -Data-File), published yesterday January 11 2018, includes a long scrollable list of all the processors the latest update (20180108) applies to. The list appears to include every CPU Intel has ever made during the last 19 years, all the way back to vintage-1999 Pentium 3 and Celeron processors with 100 MHz front side bus.
“A wise man can learn more from a foolish question than a fool can learn from a wise answer.†--Bruce Lee
Watching and waiting, not with a lot of hope. I have three classes of intel CPUs older than 5 yrs that are all vulnerable and in that 'covered' list but the relevant microcode for none of them is in the 20180108 update. We'll see. I do have a kernel running on all of my pups that has the kpti patches in and working and ucode load capability in and working (from Fatdog64-721) so I can test any future releases quickly.Keisha wrote:The title of this thread, "It's official: Intel to only patch past 5 yrs chips ;-(" is mistaken, since Intel does seem to be making a good-faith effort to supply the necessary microcode to defend against Spectre, for processors older than five years. The Intel microcode update page (https://downloadcenter.intel.com/downlo ... -Data-File), published yesterday January 11 2018, includes a long scrollable list of all the processors the latest update (20180108) applies to. The list appears to include every CPU Intel has ever made during the last 19 years, all the way back to vintage-1999 Pentium 3 and Celeron processors with 100 MHz front side bus.
Pups currently in kennel :D Older LxPupSc and X-slacko-4.4 for my users; LxPupSc, LxPupSc64 and upupEF for me. All good pups indeed, and all running savefiles for look'n'feel only. Browsers, etc. solely from SFS.
My 5-8 yr old CPUs are on the list, but Slacko 64 does not appear to be able to use the microcode (CONFIG_MICROCODE not enabled in kernels). Tahr 64 6.0.6 has it as a module, also with OLD enabled, so I ran modprobe microcode, then tried to install via dd instruction. Had to delete /dev/cpu/microcode first.
Must re-run on each bootup. Package manager only has iucode-tool, which wouldn't install.
EDIT: Test via pkg in this forum's Security section says VULNERABLE = NOT WORKING. Back to mitigation.
Must re-run on each bootup. Package manager only has iucode-tool, which wouldn't install.
EDIT: Test via pkg in this forum's Security section says VULNERABLE = NOT WORKING. Back to mitigation.
Last edited by ozsouth on Sat 13 Jan 2018, 02:36, edited 2 times in total.
Ah...so it's a list of CPU's which Intel *promises* it can fix some of now and the rest Real Soon with microcode,...and the microcode for the ones it doesn't cover, such as yours, is still vaporware!Marv wrote:...I have three classes of intel CPUs older than 5 yrs that are all vulnerable and in that 'covered' list but the relevant microcode for none of them is in the 20180108 update...
Not encouraging, when you consider that Intel has actually had since last June, six or seven months now, to work on devising the needed microcode.
“A wise man can learn more from a foolish question than a fool can learn from a wise answer.†--Bruce Lee
(***edited: I should've studied the readme that comes with the source to iucode-tool before I tried fixing this.***)
I've deleted my wild guesses and rants which were formerly here.
A few links and useful code snippets:
Download the iucode-tool source:
To check versions of after-boot application of Intel microcode:
The Intel microcode updates as of Jan. 12 2018:
https://downloadcenter.intel.com/downlo ... -Data-File
The spectre-meltdown-checker.sh script:
https://www.ghacks.net/2018/01/11/check ... erability/
Ubuntu kernel updates against Spectre and Meltdown:
https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown, https://usn.ubuntu.com/usn/usn-3524-1/)
I've deleted my wild guesses and rants which were formerly here.
A few links and useful code snippets:
Download the iucode-tool source:
Code: Select all
git clone https://gitlab.com/iucode-tool/iucode-tool.git
Code: Select all
iucode_tool -tb -lS /lib/firmware/intel-ucode/*
https://downloadcenter.intel.com/downlo ... -Data-File
The spectre-meltdown-checker.sh script:
https://www.ghacks.net/2018/01/11/check ... erability/
Ubuntu kernel updates against Spectre and Meltdown:
https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown, https://usn.ubuntu.com/usn/usn-3524-1/)
Last edited by Keisha on Sat 13 Jan 2018, 19:24, edited 2 times in total.
“A wise man can learn more from a foolish question than a fool can learn from a wise answer.†--Bruce Lee
The best source of information is straight from the horse's mouth: https://www.kernel.org/doc/Documentatio ... rocode.txt.
For the record, Fatdog64 721 uses early microcode loading. The kernel actually supports both. The early microcode data is in Fatdog's initrd under /kernel directory, which comes from Intel's website, processed according to the link given above.
The iucode-tool that Keisha referred to earlier is useful to check if there is an update to the CPU where that tool is running on, and if yes, the last updated date of that update.
Here's output from my system:This output matches my "dmesg" output:
Now the bigger question is this: what does the microcode update fix, actually?
For the record, Fatdog64 721 uses early microcode loading. The kernel actually supports both. The early microcode data is in Fatdog's initrd under /kernel directory, which comes from Intel's website, processed according to the link given above.
The iucode-tool that Keisha referred to earlier is useful to check if there is an update to the CPU where that tool is running on, and if yes, the last updated date of that update.
Here's output from my system:
Code: Select all
# ./iucode_tool -v -S -l /tmp/x/microcode.dat
...
selected microcodes:
001/142: sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
./iucode_tool: selected 1 microcode(s), 1 signature(s)
Code: Select all
[ 0.000000] microcode: microcode updated early to revision 0x21, date = 2017-11-20
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]