[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intel Microcode updates

On 10/06/19 13:16, Michael Stone wrote:
On Mon, Jun 10, 2019 at 02:01:25PM +1000, Russell Coker wrote:
I just discovered the spectre-meltdown-checker package

model name      : Intel(R) Core(TM)2 Quad CPU    Q9505  @ 2.83GHz

Your CPU is not supported my Intel, so you either accept the risk or buy a new one.

you have another choice: disable the SMP & C. and all mitigation form Linux

(Note that the latest version of the microcode is from 2015--long before any of these speculative execution vulnerabilities were mitigated.) Yours is a yorkfield:

Intel(R) Core(TM)2 Quad CPU was already on sell on many site when the spectre/meltdown hardware bug was discovered and probably you can buy also now. It is a shame that intel do not give microcode update for these CPU and others.

For me, buying new CPU do not give you protection against possible hardware bug because:

* you will get only mitigation and not bug correction. Mitigation == the attack is more hard, but it can be done successfully. I don't have read any new CPU that was designed against this bug... probably because need 5-10 years have these CPU on the market

* your CPU run slower because of these mitigation (I have rad that for some task you can have 50% or less performance), also some software have been modified (== make more slower) for these bugs: compiler, browser, ... and, in theory, these mitigation in compilation can be propagate to all the software you are running (== slowing all your software)

* each CPU has a lot of undocumented instructions each of these can be a potentially new attack target. There are tools that let you find some of these, but after that understand how to use or abuse of them is an another story

* firmware also is nearly always an obscure piece of code, always bigger that the previous one and in that can be present back door (recently it has been found back doors in firmware of some cellphone sell in Germany)

* new hardware bugs and variant of previous bugs are found constantly, so we need a new CPU class designed for security. I have read that some people want to create a new CPU under free license, I think that is the only solution that we can trust

* ...


Reply to: