From: Leo Famulari <leo@famulari.name>
To: Alex Vong <alexvong1995@gmail.com>
Cc: development@libreboot.org, guix-devel@gnu.org
Subject: Meltdown / Spectre
Date: Sat, 6 Jan 2018 12:43:58 -0500 [thread overview]
Message-ID: <20180106174358.GA28436@jasmine.lan> (raw)
In-Reply-To: <874lnzcedp.fsf@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2430 bytes --]
On Sat, Jan 06, 2018 at 09:20:50PM +0800, Alex Vong wrote:
> I hope this is on topic. Recently, 2 critical vulnerabilities (see
> https://meltdownattack.com/) affecting virtually all intel cpus are
> discovered. I am running libreboot x200 (see
> https://www.fsf.org/ryf).
> What should I do right now to patch my laptop?
### What to do now ###
Assuming you are running GuixSD, do this as root to update your kernel:
# guix pull && guix system reconfigure path/to/config.scm && reboot
If you are running another distro, update the kernel in the normal way.
Take any updates to your web browser packages on that distro.
### Who is affected? ###
I'd like to clarify that these issues are not limited to Intel CPUs.
They affect any CPU that executes out-of-order, which is almost all of
them for several years now.
Some of the very slow and simple ARM CPUs execute in-order and are not
affected.
Please consult the chip makers for more detail.
### Guix status ###
The CPU makers are issuing microcode updates as a hardware-level
mitigation, but I don't think we'll be providing those in Guix.
The first mitigations available in Guix are in the kernel.
We got the initial mitigation for Meltdown, Linux page table isolation
(KPTI), in linux-libre 4.14.11 on January 3:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=10db5e98ed7036e873060501462345c37fe2855c
Last night we got KPTI for the 4.4 and 4.9 kernel series, in 4.4.110 and
4.9.75, respectively. At the same time, we made 4.14.12 available, which
has some changes to KPTI in that kernel:
4.4.110:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=630437d94eeeae52586ab2362aa4273e0424cdf3
4.9.75:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=f2462bc3662733801d7df7c532c1d8b0c67b3c18
4.14.12:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=af3f7f22f43fbbdca9bdc00afc476dd2ac86c017
The primary Linux stable kernel maintainer, Greg Kroah-Hartman, has more
details about these problems, what Linux is doing about them, and what
you can expect from them next:
http://kroah.com/log/blog/2018/01/06/meltdown-status/
The Spectre bugs have to be fixed per-application for now. As far as I
know, we haven't made any related changes to packages besides
linux-libre.
Mozilla has released an update that is supposed to mitigate the
vulnerability but I don't if they'll be porting it back to the extended
support release that Icecat is based on.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-01-06 17:44 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-06 13:20 What do Meltdown and Spectre mean for libreboot x200 user? Alex Vong
2018-01-06 17:23 ` Mark H Weaver
2018-01-06 17:43 ` Leo Famulari [this message]
2018-01-06 20:15 ` Meltdown / Spectre Mark H Weaver
2018-01-07 6:38 ` Mark H Weaver
2018-01-07 21:29 ` Mark H Weaver
2018-01-09 21:39 ` Alex Vong
2018-01-10 4:59 ` Leo Famulari
2018-01-16 10:57 ` Ludovic Courtès
2018-01-19 22:06 ` Mark H Weaver
2018-01-20 0:17 ` Leo Famulari
2018-01-21 16:26 ` Mark H Weaver
2018-01-24 14:23 ` Ludovic Courtès
2018-01-24 16:19 ` Mark H Weaver
2018-01-26 22:05 ` Mark H Weaver
2018-01-27 16:12 ` Ludovic Courtès
2018-01-10 15:00 ` ng0
2018-01-08 10:30 ` Ludovic Courtès
2018-01-10 5:27 ` Leo Famulari
2018-01-07 2:44 ` Chris Marusich
2018-01-08 17:22 ` Katherine Cox-Buday
2018-01-08 18:26 ` Marius Bakke
2018-01-08 21:51 ` Tobias Geerinckx-Rice
2018-01-08 22:01 ` Tobias Geerinckx-Rice
2018-01-09 20:13 ` Katherine Cox-Buday
2018-01-09 21:18 ` Tobias Geerinckx-Rice
2018-01-10 5:26 ` Leo Famulari
2018-01-11 19:45 ` Katherine Cox-Buday
2018-01-11 21:49 ` Adonay Felipe Nogueira
2018-01-10 10:46 ` Tobias Platen
2018-01-10 17:20 ` Leo Famulari
2018-01-10 6:43 ` Christopher Lemmer Webber
2018-01-10 18:41 ` Kei Kebreau
2018-01-16 3:58 ` Chris Marusich
2018-01-17 19:20 ` Gábor Boskovits
2018-01-14 15:11 ` Alex Vong
2018-01-09 23:10 ` Mark H Weaver
2018-01-10 5:04 ` Leo Famulari
2018-01-16 11:10 ` Ludovic Courtès
2018-01-17 2:38 ` Mike Gerwitz
2018-01-17 14:11 ` Ludovic Courtès
2018-01-10 9:36 ` Chris Marusich
2018-01-10 11:49 ` Adonay Felipe Nogueira
2018-01-10 12:35 ` Tobias Platen
2018-01-10 14:04 ` Gábor Boskovits
2018-01-12 0:25 ` Marius Bakke
2018-01-15 8:07 ` Pjotr Prins
2018-01-16 3:08 ` Mike Gerwitz
2018-01-16 10:04 ` Pjotr Prins
2018-01-12 7:39 ` Chris Marusich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180106174358.GA28436@jasmine.lan \
--to=leo@famulari.name \
--cc=alexvong1995@gmail.com \
--cc=development@libreboot.org \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).