lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180210171459.GA12797@localhost.localdomain>
Date:   Sat, 10 Feb 2018 20:14:59 +0300
From:   Alexander Sergeyev <sergeev917@...il.com>
To:     David Woodhouse <dwmw@...zon.co.uk>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
        Kyle Huey <me@...ehuey.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Levin, Alexander (Sasha Levin)" <alexander.levin@...izon.com>,
        Peter Zijlstra <peterz@...radead.org>,
        linux-kernel@...r.kernel.org
Subject: Re: update spectre v2 microcodes blacklist

>I didn't fully match the updated revision guidance and spectre_bad_microcodes

I compared these lists and it seems that the only difference is about skylakes. 
Everything else is covered by less-or-equal criteria on revision version.

Both desktop and mobile skylakes are stated to be unaffected for 0xC2:

{ INTEL_FAM6_SKYLAKE_DESKTOP,    0x03, 0xc2 }, // signature 0x000506E3
{ INTEL_FAM6_SKYLAKE_MOBILE,     0x03, 0xc2 }, // signature 0x000406E3

I reformated the Intel bulletin into json format for ease of automation and 
batch processing -- it is attached.

Raw diff between the mainline blacklist and the bulletin looks like:
@@ -1,5 +1,6 @@
 { INTEL_FAM6_BROADWELL_CORE,     0x04, 0x28 },
 { INTEL_FAM6_BROADWELL_GT3E,     0x01, 0x1b },
+{ INTEL_FAM6_BROADWELL_X,        0x01, 0x0b000023 },
 { INTEL_FAM6_BROADWELL_X,        0x01, 0x0b000025 },
 { INTEL_FAM6_BROADWELL_XEON_D,   0x02, 0x14 },
 { INTEL_FAM6_BROADWELL_XEON_D,   0x03, 0x07000011 },
@@ -9,12 +10,10 @@
 { INTEL_FAM6_HASWELL_X,          0x02, 0x3b },
 { INTEL_FAM6_HASWELL_X,          0x04, 0x10 },
 { INTEL_FAM6_IVYBRIDGE_X,        0x04, 0x42a },
-{ INTEL_FAM6_KABYLAKE_DESKTOP,   0x09, 0x84 },
-{ INTEL_FAM6_KABYLAKE_DESKTOP,   0x0a, 0x84 },
-{ INTEL_FAM6_KABYLAKE_DESKTOP,   0x0b, 0x84 },
-{ INTEL_FAM6_KABYLAKE_MOBILE,    0x09, 0x84 },
-{ INTEL_FAM6_KABYLAKE_MOBILE,    0x0a, 0x84 },
-{ INTEL_FAM6_SKYLAKE_DESKTOP,    0x03, 0xc2 },
-{ INTEL_FAM6_SKYLAKE_MOBILE,     0x03, 0xc2 },
-{ INTEL_FAM6_SKYLAKE_X,          0x03, 0x0100013e },
+{ INTEL_FAM6_KABYLAKE_DESKTOP,   0x09, 0x80 },
+{ INTEL_FAM6_KABYLAKE_DESKTOP,   0x0a, 0x80 },
+{ INTEL_FAM6_KABYLAKE_DESKTOP,   0x0b, 0x80 },
+{ INTEL_FAM6_KABYLAKE_MOBILE,    0x09, 0x80 },
+{ INTEL_FAM6_KABYLAKE_MOBILE,    0x0a, 0x80 },
+{ INTEL_FAM6_SKYLAKE_X,          0x04, 0x0200003a },
 { INTEL_FAM6_SKYLAKE_X,          0x04, 0x0200003c },

Note: Gemini Lake and Sandy Bridge are not considered (observed in wild).

Download attachment "microcode-update-guidance.json" of type "application/json" (33950 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ