Re: Meltdown & Spectre

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Meltdown & Spectre

From:	Giovanni Biscuolo
Subject:	Re: Meltdown & Spectre
Date:	Tue, 27 Nov 2018 20:26:11 +0100

Hi znavko,

(and Foreshadow? [1])

I'm still not using GuixSD as my primary OS, just in a testing
environment, so I cat't help fully, but...

<address@hidden> writes:

[...]

> Also, how to embed necessary microcode?

AFAIK GuixSD does not provide CPU microcode updates because they are
non-free (not compatible with GNU FSDG)

there was a long thread on Jan 2018 on guix-devel:
http://lists.gnu.org/archive/html/guix-devel/2018-01/msg00067.html

I'm still reading it...

> Could you share your options in meltdown and spectre defense?

unfortunately some vulnerabilities cannot be fixed without microcode

maybe a dedicated GuixSD page on this topic could help better understand
the state of (very sad) affairs

AFAIK using a coreboot supported machine does not solve the problem, the
patched microcode is still needed

this is what Debian is doing:
https://wiki.debian.org/DebianSecurity/SpectreMeltdown

...and no, the "terrible situation" is *not* limited to Intel, Ludo ;-)
(ref. http://lists.gnu.org/archive/html/guix-devel/2018-01/msg00223.html)
e.g. on MIPS we _simply_ have no idea, we have to trust :-O

...and yes, we need **free software microcode** CPUs :-S

\me very sad
Giovanni


[1] https://en.m.wikipedia.org/wiki/Speculative_execution

-- 
Giovanni Biscuolo

Xelera IT Infrastructures

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Meltdown & Spectre, znavko, 2018/11/24
- Re: Meltdown & Spectre, Giovanni Biscuolo <=

Prev by Date: Re: how to split config.scm in multiple files
Next by Date: Deleting unnecessary services from %desktop-services
Previous by thread: Meltdown & Spectre
Next by thread: btrfs and subvolumes for root, take 2
Index(es):
- Date
- Thread