From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: Meltdown / Spectre
Date: Fri, 12 Jan 2018 01:25:25 +0100
Message-ID: <87zi5jexe2.fsf@fastmail.com>
References: <874lnzcedp.fsf@gmail.com> <20180106174358.GA28436@jasmine.lan>
	<87lghapeu5.fsf@gmail.com> <87incc6z9o.fsf@gmail.com>
	<87fu7g436e.fsf@fastmail.com> <87vagad3xx.fsf@netris.org>
	<87tvvukqct.fsf@gmail.com> <87efmy9bml.fsf@hyperbola.info>
	<4b496567-2d50-6973-0eda-7c18946dac1b@platen-software.de>
	<CAE4v=pj7azvDfVPFY0D=3vEg3Hu0LBRF60S4v-VSRVt5ROFH2w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57981)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1eZnA4-0003Ys-3m
	for guix-devel@gnu.org; Thu, 11 Jan 2018 19:25:33 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1eZnA0-0005nL-2u
	for guix-devel@gnu.org; Thu, 11 Jan 2018 19:25:32 -0500
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:38859)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1eZn9z-0005mp-TF
	for guix-devel@gnu.org; Thu, 11 Jan 2018 19:25:28 -0500
In-Reply-To: <CAE4v=pj7azvDfVPFY0D=3vEg3Hu0LBRF60S4v-VSRVt5ROFH2w@mail.gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: =?utf-8?Q?G=C3=A1bor?= Boskovits <boskovits@gmail.com>, Guix-devel <guix-devel@gnu.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

G=C3=A1bor Boskovits <boskovits@gmail.com> writes:

> The second thing that comes to my mind is to have a free tool to perform
> the microcode update, so that we can inspect, that nothing else on the
> system gets modified.

FWIW there is a tool that does this in Guix already: "iucode-tool".

Here is the latest microcode from Intel:

https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-D=
ata-File

Unfortunately it does not contain any updates for my two Sandy Bridge
systems.  So while this discussion is very interesting (and important),
there doesn't seem to be any remediation for systems older than 3-4
years, leaving pretty much all Libreboot systems in the dirt.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlpYAHUACgkQoqBt8qM6
VPrs/wgAqTZ+1VATWqVT7A0L0QbuVEyJZAeJPQAwSKo+hcvOmFmRFirpjPCS0Ggf
XrIgFHQLvWqrBNfri+jB5bJTCZSNJREnPIyr7KZkcy0L065+RpSFoKeg57iNvMrJ
2HWT9h3m2hfbUPgM8rmq1sCk76jB8HTIRt4JYEuHAQWHZDRwTFY/9hxssr0WWQrk
PQ48vVmCMEiE9n0eJD/MTZR1XqQU1wbF2qJSvanPY6mQkahQ1VgT6dsbicyFoZSm
a1Q3KiSnZ0i3R/EcBx4qESaCd8ITbXnQa2ephXcnCmPdNwWlXccYrpcq0dJdj3fp
6FQl0RIyHs7+oo7ngB+/LUHGfO0Btw==
=yUqW
-----END PGP SIGNATURE-----
--=-=-=--