Spectre and Meltdown mitigation detection tool

SliTaz Forum » English Support » Live and installation

Spectre and Meltdown mitigation detection tool

(4 posts) (3 voices)

Started 6 years ago by Erkan_Yilmaz
Latest reply from Ceel
This topic is not a support question

Tags:

No tags yet.

Erkan_Yilmaz

offline
Member

Hi,

I've used the "Spectre and Meltdown mitigation detection tool" (A).

1.
What can be seen nicely is, that in Slitaz NEXT (B) one test is better than in Slitaz 5.0 cooking (C).

When looking at the test: CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
It shows as "NOT VULNERABLE" (green)

2.
At the CVE-2017-5754 test, (C) has PTI (Page Table Isolation) included (green).

3.
For: CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
both have "couldn't extract your kernel from /boot/vmlinuz-x.y.z-slitaz".

4.
Can others also use this tool and check what they have? thx

5.
Can someone make an estimate what is needed to"fix" this? (and how much time it'd take?)
Of course, we must also always assume that this tool (A) is not working perfectly, but at least we could use it as indicator for the futurewhen changes are made.

Merci,
Erkan

see results in pic and text: (D)

(A) https://github.com/speed47/spectre-meltdown-checker
(B) on Slitaz NEXT (kernel 4.14.16, 32bit)
(C) Slitaz 5.0, cooking (kernel 3.16.55, 64bit)
(D) http://people.slitaz.org/~eyilmaz/Spectre_and_Meltdown/

Posted 6 years ago #
kultex

offline
Key Master

http://forum.slitaz.org/topic/new-kernel-in-core64-and-compatibility-with-uefi#post-46021

Can you try the early microcode loading

I want to make a testing iso, but I have absolute no time

Posted 6 years ago #
kultex

offline
Key Master

By the way, there are 8 new spectra vulnerabilities

Posted 6 years ago #
Ceel

offline
Administrator

Maybe this will be easier to follow that all the posts of the topic.

Posted 6 years ago #

RSS feed for this topic

Reply

You must log in to post.