On Mon, 29 Jun 2020 16:50:57 +0530 Sreyan Chakravarty <sreyan32@xxxxxxxxx> wrote: > How do I update the microcode ? > > As you can see DNF already tells me my microcode is already the latest > version. > > What else can I do ? It seems that you have got an answer, install a new kernel, or rebuild the initramfs to include the new microcode. On the link you provided, it says this: "The mitigation locks the entire memory bus before updating the staging buffer and only unlocks it after clearing its content. This strategy ensures no information is exposed to offcore requests issued from other CPU cores. Due to the considerable performance overhead of locking the entire system’s memory bus, Intel only applied the mitigation to harden a small number of security-critical instructions, specifically RDRAND, RDSEED, and EGETKEY (a leaf of the ENCLU instruction). This means that output from any other instruction (e.g., RDMSR) that issues offcore requests can be still leaked across CPU cores." Thus, even if the mitigation is loaded, the system is still vulnerable at some level. There is nothing you can do beyond what you have done, though. I don't know how the tool you are using to check functions, but it could be that it is seeing these additional vulnerabilities and reporting that your system is still vulnerable even though the mitigation is in place, and the worst vulnerabilities are protected. An extreme measure you could take might be to buy a system with a CPU that is not vulnerable. The article mentions that they do exist, even some from Intel. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
