There is also a test program to see if the vulnerability is there, i'd definately check that as well, best to check both considering how terrible the but is. frankly amd and intel will still have software vulnerabilities, particular apps are being patched but if an exploit is developed in the "wild" or the info leaks it will be used with other vulnerabilities, with user privilages i believe or does it require root/susceptable root code.
Frankly, i suspect with more research, or possibly unreleased details that you could likely use the larger issues in other bad ways, hopefully not easily (there will always be other easier exploits, this one just makes everything else easy if you know it, most people take the easy way whether breaking in or doing anything else). You really can't fix it completely in software on either brand, at best you are counting on code to protect code from a hardware on intel, and more mild but still dangerous design issues on both. hopefully microcode update will help, hopefully it doesn't disable features that are hard to live without. Hopefully things will get better, and hopefully new features on new chips will help or prevent this issue after the OS is rewritten to use them and if you can block code that doesn't work with new features, i.e. no backwards compatibility. modern cpu design has many potential security issues and chips that use things like parallel execution have to be very carefully designed to hopefully avoid such issues, obviously hardware at this complexity is as impossible to fully test and debug as any large modern piece of software. Many hacks result from thinking about things sideways or in ways no one on the engineering team has, no one sees and knows it all, there are simply too many possibilities to test completely. You have to depend on trying not to get weakness in and on protecting from the unseen by keeping everything else secure so that hopefully one good thing will block the exploitation of a flaw. Security in Depth is your' best option, absolute security is unlikely even on quantum computers, and impossible on anything less of any complexity with features modern computing depends on. mad.scientist.at.large (a good madscientist) -- God bless the rich, the greedy and the corrupt politicians they have put into office. God bless them for helping me do the right thing by giving the rich my little pile of cash. After all, the rich know what to do with money. 7. Jan 2018 21:01 by m...@zettlmeissl.de: >> Does the absence of a "microcode updated" message in dmesg imply that the >> microcode was not updated? > > Not necessarily. > >> Is there a way to turn on debugging? > > The easiest way to check whether the microcode update was applied > correctly would be to check the microcode version in /proc/cpuinfo
