Hi,
On Fri, 23 Feb 2018 16:52:12 +0100
Felipe Salvador <felipe.salvador@gmail.com> wrote:
(...)
> > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> > * Mitigated according to the /sys interface: YES (kernel confirms
> > that the mitigation is active)
> > * Mitigation 1
> > * Kernel is compiled with IBRS/IBPB support: NO
> > * Currently enabled features
> > * IBRS enabled for Kernel space: NO
> > * IBRS enabled for User space: NO
> > * IBPB enabled: NO
> > * Mitigation 2
> > * Kernel compiled with retpoline option: YES
> > * Kernel compiled with a retpoline-aware compiler: YES (kernel
> > reports full retpoline compilation)
> > * Retpoline enabled: NO
> ^^
> I get the same result. I wonder why reptoline is disabled.
I asked myself the same question (same result here). Maybe the answer is
that it is a bug in the script? With the latest version from github the
respective part here now looks like:
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: NO
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline)
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
Death. Destruction. Disease. Horror. That's what war is all about.
That's what makes it a thing to be avoided.
-- Kirk, "A Taste of Armageddon", stardate 3193.0