[ubuntu-hardened] 16.04 LTS (i386/x86): the lack of a kernel hardening patches and config options? (Meltdown and Spectre attacks).
daniel curtis
sidetripping at gmail.com
Thu Feb 1 15:02:54 UTC 2018
Hello Seth
Thank you very much for, as always, very valuable answer. You mentioned
about microcode: "the microcode updates have been even more confusing."
Should I install and activate processor microcode firmware for Intel CPUs?
For now, I don't have any microcode package installed.
Informations about microcode and/or another driver (e.g. nvidia) can be
gathered in "Software & Updates" application. (I turned on the 'nvidia'
driver instead of 'nouveau' this way). But that's not important.
What do you think: should I install e.g. 'intel-microcode' package? I've
never do this, because there never was any issues with computer, processor
etc. And I don't see my microcode value (vide '/proc/cpuinfo') in
'intel-microcode' package changelogs.
Thank you, for mentioning about "Spectre and Meltdown" wiki page. I totally
forgot about this valuable website.
>> 32-bit x86 might not receive mitigations for Meltdown.
>> Our friends at SUSE (...)
So, we have to wait and see what will happen in the future, right? And if
everything will be okey and wide testing will show, that it's worth to do
an update for x86_32 then we (I mean users etc.) can expect an update,
mitigations also for Meltdown?
Let's summarize: there is a chance, that mitigations for Meltdown attack
will not be available for 32-bit x86 architecture, but Spectre variant will
be fixed? Am I right? (Maybe a better solution is to install a 64-bit
variant? But, in my case, it's a testing machine with 1. GB of RAM memory
only and I'm afraid, that there will be problems etc.)
>> This makes sense, 4.4.98 was released in mid-November,
>> when our kernel team was working on Meltdown and Spectre
>> mitigations. (...)
Okay, I understand. Thanks for clarifications. No, I'm not affected by
anything specific, so I will just wait for a next updates. I've been just
afraid, that there is so much new kernel updates (I mean an official v4.4
kernel releases) and in Ubuntu 16.04 LTS there still is a version released
16. updates earlier.
By the way: You're so lucky, that your laptop shows "Kernel/User page
tables isolation: enabled" information :- )
Thanks, best regards.
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20180201/fc61f1a6/attachment.html>
More information about the ubuntu-hardened
mailing list