Re: Intel Microcode updates

To: debian-security@lists.debian.org
Subject: Re: Intel Microcode updates
From: Davide Prina <davide.prina@gmail.com>
Date: Mon, 10 Jun 2019 19:46:47 +0200
Message-id: <[🔎] 57663467-a219-f5ec-e871-54da608a4778@gmail.com>
Reply-to: debian-security@lists.debian.org
In-reply-to: <[🔎] ae52d4c0-8b70-11e9-9b6a-00163eeb5320@msgid.mathom.us>
References: <[🔎] 3261648.SxaLSeNWXX@xev> <[🔎] ae52d4c0-8b70-11e9-9b6a-00163eeb5320@msgid.mathom.us>

On 10/06/19 13:16, Michael Stone wrote:

On Mon, Jun 10, 2019 at 02:01:25PM +1000, Russell Coker wrote:

I just discovered the spectre-meltdown-checker package

model name      : Intel(R) Core(TM)2 Quad CPU    Q9505  @ 2.83GHz

Your CPU is not supported my Intel, so you either accept the risk or buya new one.


you have another choice: disable the SMP & C. and all mitigation form Linux

(Note that the latest version of the microcode is from2015--long before any of these speculative execution vulnerabilitieswere mitigated.) Yours is a yorkfield:
https://www.theregister.co.uk/2018/04/04/intel_spectre_microcode_updates/

Intel(R) Core(TM)2 Quad CPU was already on sell on many site when thespectre/meltdown hardware bug was discovered and probably you can buyalso now. It is a shame that intel do not give microcode update forthese CPU and others.

For me, buying new CPU do not give you protection against possiblehardware bug because:

* you will get only mitigation and not bug correction. Mitigation == theattack is more hard, but it can be done successfully. I don't have readany new CPU that was designed against this bug... probably because need5-10 years have these CPU on the market

* your CPU run slower because of these mitigation (I have rad that forsome task you can have 50% or less performance), also some software havebeen modified (== make more slower) for these bugs: compiler, browser,... and, in theory, these mitigation in compilation can be propagate toall the software you are running (== slowing all your software)

* each CPU has a lot of undocumented instructions each of these can be apotentially new attack target. There are tools that let you find some ofthese, but after that understand how to use or abuse of them is ananother story

* firmware also is nearly always an obscure piece of code, always biggerthat the previous one and in that can be present back door (recently ithas been found back doors in firmware of some cellphone sell in Germany)

* new hardware bugs and variant of previous bugs are found constantly,so we need a new CPU class designed for security. I have read that somepeople want to create a new CPU under free license, I think that is theonly solution that we can trust


* ...

Ciao
Davide

Reply to:

Follow-Ups:
- Re: Intel Microcode updates
  - From: Michael Stone <mstone@debian.org>

References:
- Intel Microcode updates
  - From: Russell Coker <russell@coker.com.au>
- Re: Intel Microcode updates
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: Intel Microcode updates
Next by Date: Re: Intel Microcode updates
Previous by thread: Re: Intel Microcode updates
Next by thread: Re: Intel Microcode updates
Index(es):
- Date
- Thread