Re: Kernel for Spectre and Meltdown

[Michael Fothergill <michael.fothergill@gmail.com>]

On 29 January 2018 at 13:35, Michael Fothergill <michael.fothergill@gmail.com> wrote:

On 29 January 2018 at 13:28, deloptes <deloptes@gmail.com> wrote:

Michael Fothergill wrote:

> I accept that are some kernels that you could run in stable apparently
> that address the security issue etc.
> I apologise for inaccuracy there.
> But perhaps not all of what I posted is BS.

You can run any kernel in stable

I just build 4.14

make oldconfig
make -j4 deb-pkg

what has gcc7 to do with the patches is unclear to me, but I admit I have
never worried about.

​I thought you had to have gcc7 because it included a backport of some code used in GCC 8 that was needed to allow e.g. the spectre fix to work properly.........

If you could use any compiler to do it then earlier my post truly would be BS.​

PS as I understand (correct me if I am wrong)  the compiler needs to be GCC 7.3.0 or greater (I believe the 7.2 rc2 also works); if you used a compiler earlier that you would get a kernel that works OK in very respect except the for spectre fix itself.

The spectre-meltdown checker  if you ran it (as I did in gentoo with the 7.2.1 compiler or whatever it was) said that the compiler I used was not capable of properly installing the spectre fix so it was not enabled.

GCC 7.3.0 is now available in Debian sid.

Cheers

MF  ​

 

 

​Cheers

MF​

My conclusion to this Spectre and Meltdown hysteria is, that a single
machine in a secure environment is not exactly endangered.
People should better take care of their mobile devices, especially phones
and tablets, where you need neither Spectre nor Meltdown to compromise.

regards