friendica.eskimo.com

Welcome to Friendica.Eskimo.Com

Home of Censorship Free Hosting

 Eskimo North Linux Shells, E-mail, Virtual Machines, Web Hosting.

E-mail, Web Hosting, Linux Shell Accounts terminal or full remote desktops.

Sign Up For A Free Trial Here

Please tell your friends about federated social media site that speaks several fediverse protocols thus serving as a hub uniting them, hubzilla.eskimo.com, also check out friendica.eskimo.com, federated macroblogging social media site, mastodon.eskimo.com a federated microblogging site, and yacy.eskimo.com an uncensored federated search engine. All Free!
captainkangaroo
captainkangaroo via Linux lemmy

Intel Linux Patch Would Report Outdated CPU Microcode As A Security Vulnerability


Intel Linux Patch Would Report Outdated CPU Microcode As A Security Vulnerability

A patch posted on Thursday by one of Intel's long-time Linux kernel engineers would begin treating outdated Intel CPU microcode as a security vulnerability that would be reported to user-space via the existing sysfs vulnerabilities reporting.
www.phoronix.com
Link to source
125 2 1
Nanook
Nanook friendica (DFRN)
Microcode would not be a concern with that particular CPU.
Link to source
19 1 1
ryannathans
ryannathans lemmy
How does it know if the microcode is outdated?
Link to source
4 1
Nanook
Nanook friendica (DFRN)
@ryannathans @captainkangaroo I'm going to make the wild assumption that the kernel will have a table of the current microcode versions at the time of it's release, but I doubt that
will get updated except by kernel upgrades.
Link to source
14 1
Strit
Strit lemmy
There's probably an efivar that reads the current microcode version.
Link to source
2 1
DaPorkchop_
DaPorkchop_ lemmy
Debian-based distros (and probably most othera as well) actually have a package called "intel-microcode" which gets updated fairly regularly.
Link to source
2
Nanook
Nanook friendica (DFRN)
@DaPorkchop_ Oddly, if you build your own kernel and remove the system provided one, the package gets automatically removed as well which is weird, because it is really still needed regardless.
Link to source
1
ryannathans
ryannathans lemmy
If that's the case, why wouldn't they put the microcode in the kernel?
Link to source
1
Nanook
Nanook friendica (DFRN)
@ryannathans Why bloat the kernel with the microcode for every intel processor that might need it (and there is a similar thing for AMD) when you don't have that specific processor? It does make more sense for it to be a separate, especially on memory constrained systems. I mean if you've got 256GB of RAM probably not a big deal but if you've got 256MB a big deal.
Link to source
1
ryannathans
ryannathans lemmy

The kernel compilation is already configurable between megabytes and gigabyte+

Distros pick their featureset

This entry was edited (4 months ago)
Link to source
1
Cousin Mose
Cousin Mose lemmy
I mean, it’s still good to know if you’re vulnerable right (for sake of discussion)?
This entry was edited (4 months ago)
Link to source
22 1
Nanook
Nanook friendica (DFRN)
@GolfNovemberUniform @captainkangaroo Yes and Linux includes software to do this.
Link to source
10 1
IrritableOcelot
IrritableOcelot lemmy
The article does specify that it would report if the newest version of the firmware for the CPU family is not installed, so it doesn't seem like this is that particular kind of BS.
Link to source
6 1
stuner
stuner lemmy
It sounds like the criterion is "is newer microcode available". So it doesn't look like a marketing strategy to sell new CPUs.
Link to source
16 1
ouch
ouch lemmy
The Linux kernel would maintain a list of the latest Intel microcode versions for each CPU family, which is based on the data from the Intel microcode GitHub repository. In turn this list would need to be kept updated with new Linux kernel releases and as Intel pushes out new CPU microcode files.


Sounds like that would be outdated for everyone without a rolling distro.

Link to source
4 3 1
Atemu
Atemu lemmy
Stable distros can and will backport security fixes. Good ones that is.
Link to source
10 1
AndrewZabar
AndrewZabar lemmy
Yeah, methinks this will be one of those alerts pretty much everyone will be like "yeah, yeah, I know" and click to silence those notifications.
Link to source
1 1
trolololol
trolololol lemmy
Sounds like a user space application, there's no place for this in the kernel. So would you need to upgrade kennel and reboot to update the list? Nonsense.
This entry was edited (4 months ago)
Link to source
2 1
electricprism
electricprism lemmy

How about a Linux Patch that reports binary blobs wirh no source AS __ Security Vulnerabilities __

Or are we not allowed to criticize the back doors that hackers gain access to.

Link to source
13 1 1
mvirts
mvirts lemmy
So the patch is just copying the existing warning to a standard location?
Link to source
1 1