The CPU firmware can be delivered either by the bios (install at post) or the firmware package (install at linux boot, only temporary for this boot and the specific kernels that have that firmware). As noted before the firmware is put at the start of the initramfs and is loaded early in kernel startup, so if firmware is updated you would need to rebuild all initramfs'es to make sure all get the new firmware. And at the end of the day the new firmware comes from Intel itself, and Intel has not been updating the older affected cpus, and some of the older affected cpus that are getting updates come much later than the newest cpus. And on top of that some of the firmware updates that have been released for a few days or weeks have caused fatal crashes from rare defects in the firmware, before the firmware update is pulled and fixed. On Tue, Jun 30, 2020 at 9:15 AM Ted Roche <tedroche@xxxxxxxxx> wrote: > > Sreyen: > > I ran the scripts as you suggested and also got the > > * CPU microcode is the latest known available version: NO > > and went to my vendor's website (Dell, in my case) and found there was a new BIOS update, installed it, re-ran the tests and passed. > > Is it possible that it is your firmware that needs an update? > > > > On Sun, Jun 28, 2020 at 7:34 PM Sreyan Chakravarty <sreyan32@xxxxxxxxx> wrote: >> >> Hi, >> >> Well guys, its time to panic once again. >> >> >> I just found out my system is vulnerable to the new Crosstalk vulnerability by running the popular Meltdown OVH script. >> >> More about the vulnerability over here: >> >> https://www.vusec.net/projects/crosstalk/ >> >> These exploits get worse each time, this one affects all cores. >> >> >> This is how I tested for the vulnerability. >> >> Downloaded spectre-meltdown-checker.sh via : >> >> wget https://meltdown.ovh -O spectre-meltdown-checker.sh >> >> and then just executed with sudo. >> >> This is the output I got: >> >> * SRBDS mitigation control is enabled and active: NO >> > STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability) >> >> CVE-2020-0543:KO >> >> Full output here: >> https://pastebin.com/raw/hyfFBbaF >> >> >> As you can see the tool specifies that my microcode is not the latest. >> >> That being said, where do I find the latest microcode from ? >> >> My OS is fully updated, and the firmware and microcode is also latest >> according to DNF: >> >> $ sudo dnf update linux-firmware >> Dependencies resolved. >> Nothing to do. >> Complete! >> >> $ sudo dnf update microcode_ctl >> Dependencies resolved. >> Nothing to do. >> Complete! >> >> So where is the microcode update in Fedora for this ?? >> >> Canonical has already published microcode updates for this, as shown here: >> https://youtu.be/UR-5vAZ1cGg?t=1160 >> >> <rant> >> It kind of seems frustrating that a bleeding edge distro like Fedora still hasn't >> provided updates yet. While Ubuntu a distro that doesn't always use the latest >> software already has a fix. >> </rant> >> >> What can I do now ? What is progress for Fedora ? >> >> Will the microcode from Canonical work for Fedora ? Dumb question I know but I >> am desperate. >> >> Let me know if any further info is required. >> >> Some more info about my CPU: >> https://pastebin.com/raw/TNJS930F >> >> >> What is everyone else in the community doing about this ? >> >> Thanks. >> >> -- >> Regards, >> Sreyan >> >> _______________________________________________ >> users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx > > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
