Hi,
On Fri, Aug 17, 2018 at 08:22:47AM -0300, Henrique de Moraes Holschuh wrote:
> On Fri, 17 Aug 2018, Moritz Mühlenhoff wrote:
> > Have you been able to confirm (e.g. by testing) that 20180807 implements
> > changes
> > necessary for L1TF (such as L1D_FLUSH) or is there some official statement
> > by Intel on this?
>
> It does (privately tested on a few processor models). Exposes L1D_FLUSH
> flags, and the MSRs.
>
> The L1D flush fixes are present on release 20180703, btw. As far as I
> can tell, 20180807 builds on 20180703 by adding more processors and
> fixing the single microcode update that regressed -- but not present in
> 20180703 anyway -- (sig 0x706a1).
>
> This can be inferred from the microcode guidance tables Intel has
> published for SA-00115 and SA-00161.
>
> As far as I can tell, Intel knew about L1TF early enough that they fixed
> the whole thing along with SSBD. They just did not disclose anything
> about it outside of the embargo group, apparently.
Fantastic! I'll update the Debian Security Tracker later on. Those are
somewhat tricky to track since it obviously depends on the CPU in use,
but I'll clarify with some notes.
Do we have also indication whether the 20180703 release also fixed the
SGX angle?
Cheers,
Moritz
