On 12/7/20 3:21 AM, Rainer Neumann wrote:
Thank you, Sven, for your answer to the topic of qubes-hcl-report. I have one aditional question.If I type in a console "cat /proc/cpuinfo", I get an output, where one line is called "bugs". It looks like my cpu has a lot of bugs: null_seg, cpu_meltdown, spectre_v1, spectre_v2, spec_store_bypass, l1tf, mds, swapgs, itlb_multihit, srbds. The producer of my computer offeres a bios and microprocessor update for the purpose to fix these bugs. It is an exe-file for Windows: https://www.dell.com/support/home/de-ch/drivers/driversdetails?driverid=5m70h&oscode=wt32a&productcode=optiplex-7010 Okay, lets say, we can trust Intel and the computer manufacturer. But is it really necesarry to install the update as long as I work with Qubes OS? Kindly regards, Rainer
Have a look at this: https://unix.stackexchange.com/questions/456425/what-does-the-bugs-section-of-proc-cpuinfo-actually-show Specifically:"Dump the flags which denote we have detected and/or have applied bug workarounds to the CPU we're executing on, in a similar manner to the feature flags."
In other words, according to the commit that added it, the "bugs" section doesn't tell you whether your CPU is vulnerable to the things in the list. Maybe a mitigation has already been applied. Maybe it has merely been detected and nothing has been done about it. We have no way to tell just from this section. You would have to do further investigation into each of these in order to try to determine whether your CPU is currently vulnerable.
Here's a discussion about doing that: https://www.reddit.com/r/linux/comments/8k3x3b/til_proccpuinfo_shows_architecture_bugs_such_as/ It specifically mentions checking in: /sys/devices/system/cpu/vulnerabilities/However, Qubes is different from a standard Linux OS, and we often take our own special steps to address security problems, so there may be additional mitigations on top of whatever is mentioned here. In addition, the unique architecture of Qubes makes certain classes of security vulnerabilities inapplicable, so it will probably depend on the specific nature of that particular bug.
-- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03d264ba-9f7f-1146-e265-61fd536a8aa1%40qubes-os.org.
OpenPGP_signature
Description: OpenPGP digital signature