On Sun, Feb 18, 2018 at 10:02:08PM +0000, Tim Daneliuk wrote: > On 02/18/2018 09:50 PM, Eric A. Borisch wrote: > > > > On Sun, Feb 18, 2018 at 3:17 PM Tim Daneliuk <tun...@tundraware.com > > <mailto:tun...@tundraware.com>> wrote: > > > > On 02/18/2018 05:47 PM, David Marec wrote: > > > #cpucontrol??-u??-v??/dev/cpuctl0 > > > cpucontrol: skipping /usr/local/share/cpucontrol/m32306c3_00000022.fw > > of rev??0x22:??up??to??date > > > > > > While we're on the subject ... where does one find these microcode > > updates > > anyway.?? On a 10.4-STABLE system, the command above blows out because > > there is no director /usr/local/share/cpucontrol ... so I am missing > > the magic to get it populated. > > > > -- > > > > ---------------------------------------------------------------------------- > > Tim Daneliuk?? ?? ??tun...@tundraware.com <mailto:tun...@tundraware.com> > > PGP Key:?? ?? ?? ?? ??http://www.tundraware.com/PGP/ > > > > > > It???s provided by the sysutils/devcpu-data port. > > > > ??- Eric > > > > > > > Yes thanks, I finally tripped across that myself :) Do we have any insight on > whether this addresses the latest vulnerabilities?
The latest Intel microcode gives CPUs affected by Spectre new MSRs, one of which is to toggle IBRS. Vendors like Dell have started issuing firmware updates that also applies the new CPU microcode. Check with your vendor to see if they've shipped such firmware updates. Having the CPU microcode applied is not enough. The OS needs to support the new MSRs. FreeBSD 11-STABLE now does after the PTI and IBRS MFCs. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
