[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Meltdown & Spectre
From: |
Giovanni Biscuolo |
Subject: |
Re: Meltdown & Spectre |
Date: |
Tue, 27 Nov 2018 20:26:11 +0100 |
Hi znavko,
(and Foreshadow? [1])
I'm still not using GuixSD as my primary OS, just in a testing
environment, so I cat't help fully, but...
<address@hidden> writes:
[...]
> Also, how to embed necessary microcode?
AFAIK GuixSD does not provide CPU microcode updates because they are
non-free (not compatible with GNU FSDG)
there was a long thread on Jan 2018 on guix-devel:
http://lists.gnu.org/archive/html/guix-devel/2018-01/msg00067.html
I'm still reading it...
> Could you share your options in meltdown and spectre defense?
unfortunately some vulnerabilities cannot be fixed without microcode
maybe a dedicated GuixSD page on this topic could help better understand
the state of (very sad) affairs
AFAIK using a coreboot supported machine does not solve the problem, the
patched microcode is still needed
this is what Debian is doing:
https://wiki.debian.org/DebianSecurity/SpectreMeltdown
...and no, the "terrible situation" is *not* limited to Intel, Ludo ;-)
(ref. http://lists.gnu.org/archive/html/guix-devel/2018-01/msg00223.html)
e.g. on MIPS we _simply_ have no idea, we have to trust :-O
...and yes, we need **free software microcode** CPUs :-S
\me very sad
Giovanni
[1] https://en.m.wikipedia.org/wiki/Speculative_execution
--
Giovanni Biscuolo
Xelera IT Infrastructures
signature.asc
Description: PGP signature