Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #5587

Re: Intel Microcode updates

From Davide Prina <davide.prina@gmail.com>
Newsgroups linux.debian.security
Subject Re: Intel Microcode updates
Date 2019-06-10 19:50 +0200
Message-ID <y7wAF-97-3@gated-at.bofh.it> (permalink)
References <y7jN8-18n-3@gated-at.bofh.it> <y7qvg-55Y-9@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

On 10/06/19 13:16, Michael Stone wrote:
> On Mon, Jun 10, 2019 at 02:01:25PM +1000, Russell Coker wrote:
>> I just discovered the spectre-meltdown-checker package

>> model name      : Intel(R) Core(TM)2 Quad CPU    Q9505  @ 2.83GHz

> Your CPU is not supported my Intel, so you either accept the risk or buy 
> a new one.

you have another choice: disable the SMP & C. and all mitigation form Linux

> (Note that the latest version of the microcode is from 
> 2015--long before any of these speculative execution vulnerabilities 
> were mitigated.) Yours is a yorkfield:
> https://www.theregister.co.uk/2018/04/04/intel_spectre_microcode_updates/

Intel(R) Core(TM)2 Quad CPU was already on sell on many site when the 
spectre/meltdown hardware bug was discovered and probably you can buy 
also now. It is a shame that intel do not give microcode update for 
these CPU and others.

For me, buying new CPU do not give you protection against possible 
hardware bug because:

* you will get only mitigation and not bug correction. Mitigation == the 
attack is more hard, but it can be done successfully. I don't have read 
any new CPU that was designed against this bug... probably because need 
5-10 years have these CPU on the market

* your CPU run slower because of these mitigation (I have rad that for 
some task you can have 50% or less performance), also some software have 
been modified (== make more slower) for these bugs: compiler, browser, 
... and, in theory, these mitigation in compilation can be propagate to 
all the software you are running (== slowing all your software)

* each CPU has a lot of undocumented instructions each of these can be a 
potentially new attack target. There are tools that let you find some of 
these, but after that understand how to use or abuse of them is an 
another story

* firmware also is nearly always an obscure piece of code, always bigger 
that the previous one and in that can be present back door (recently it 
has been found back doors in firmware of some cellphone sell in Germany)

* new hardware bugs and variant of previous bugs are found constantly, 
so we need a new CPU class designed for security. I have read that some 
people want to create a new CPU under free license, I think that is the 
only solution that we can trust

* ...

Ciao
Davide

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Intel Microcode updates Russell Coker <russell@coker.com.au> - 2019-06-10 06:10 +0200
  Re: Intel Microcode updates Michael Stone <mstone@debian.org> - 2019-06-10 13:20 +0200
    Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-10 19:50 +0200
      Re: Intel Microcode updates Michael Stone <mstone@debian.org> - 2019-06-10 20:40 +0200
        Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-11 20:10 +0200
          Re: Intel Microcode updates Michael Stone <mstone@debian.org> - 2019-06-11 22:00 +0200
    Re: Intel Microcode updates Russell Coker <russell@coker.com.au> - 2019-06-11 14:00 +0200
  Re: Intel Microcode updates Henrique de Moraes Holschuh <hmh@debian.org> - 2019-06-11 04:20 +0200
    Re: Intel Microcode updates Russell Coker <russell@coker.com.au> - 2019-06-11 14:00 +0200
      Re: Intel Microcode updates Moritz Mühlenhoff <jmm@inutil.org> - 2019-06-11 14:30 +0200
        Re: Intel Microcode updates Henrique de Moraes Holschuh <hmh@debian.org> - 2019-06-12 17:00 +0200
          Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-18 13:00 +0200
            Re: Intel Microcode updates Henrique de Moraes Holschuh <hmh@debian.org> - 2019-06-23 22:30 +0200
              Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-23 22:40 +0200
                Re: Intel Microcode updates Henrique de Moraes Holschuh <hmh@debian.org> - 2019-06-24 04:10 +0200
              Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-24 19:40 +0200
          Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-18 22:10 +0200
          Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-22 14:30 +0200
    Re: Intel Microcode updates Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> - 2019-06-11 19:10 +0200
      Re: Intel Microcode updates Holger Levsen <holger@layer-acht.org> - 2019-06-11 19:20 +0200
        Re: Intel Microcode updates Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> - 2019-06-11 21:10 +0200
          Re: Intel Microcode updates Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> - 2019-06-11 21:20 +0200
            Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-18 11:20 +0200
              Re: Intel Microcode updates Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> - 2019-06-18 20:30 +0200
                Re: Intel Microcode updates Rob van der Putten <rob@sput.nl> - 2019-06-20 14:40 +0200
            Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-18 22:10 +0200
            Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-22 14:30 +0200
    Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-23 10:00 +0200
      Re: Intel Microcode updates Lou Poppler <LouPoppler@cableone.net> - 2019-06-24 02:20 +0200
        Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-24 20:00 +0200

csiph-web