Re: Intel Microcode updates

Mon, 10 Jun 2019 10:47:18 -0700 

On 10/06/19 13:16, Michael Stone wrote:

On Mon, Jun 10, 2019 at 02:01:25PM +1000, Russell Coker wrote:

I just discovered the spectre-meltdown-checker package



model name      : Intel(R) Core(TM)2 Quad CPU    Q9505  @ 2.83GHz



Your CPU is not supported my Intel, so you either accept the risk or buy 
a new one.


you have another choice: disable the SMP & C. and all mitigation form Linux


(Note that the latest version of the microcode is from 
2015--long before any of these speculative execution vulnerabilities 
were mitigated.) Yours is a yorkfield:

https://www.theregister.co.uk/2018/04/04/intel_spectre_microcode_updates/



Intel(R) Core(TM)2 Quad CPU was already on sell on many site when the 
spectre/meltdown hardware bug was discovered and probably you can buy 
also now. It is a shame that intel do not give microcode update for 
these CPU and others.



For me, buying new CPU do not give you protection against possible 
hardware bug because:



* you will get only mitigation and not bug correction. Mitigation == the 
attack is more hard, but it can be done successfully. I don't have read 
any new CPU that was designed against this bug... probably because need 
5-10 years have these CPU on the market



* your CPU run slower because of these mitigation (I have rad that for 
some task you can have 50% or less performance), also some software have 
been modified (== make more slower) for these bugs: compiler, browser, 
... and, in theory, these mitigation in compilation can be propagate to 
all the software you are running (== slowing all your software)



* each CPU has a lot of undocumented instructions each of these can be a 
potentially new attack target. There are tools that let you find some of 
these, but after that understand how to use or abuse of them is an 
another story



* firmware also is nearly always an obscure piece of code, always bigger 
that the previous one and in that can be present back door (recently it 
has been found back doors in firmware of some cellphone sell in Germany)



* new hardware bugs and variant of previous bugs are found constantly, 
so we need a new CPU class designed for security. I have read that some 
people want to create a new CPU under free license, I think that is the 
only solution that we can trust


* ...

Ciao
Davide























					Reply via email to