[coreboot] When does AMD release the fam15 spectre microcode updates?
Piotr Kubaj
pkubaj at anongoth.pl
Mon Feb 19 14:13:38 CET 2018
AFAIK it's not only fam15 that is vulnerable. If you're going to ask, could you ask about updates for other CPU's than Ryzen in general? I also have fam14 and fam16 boards.
On 18-02-19 12:00:01, coreboot-request at coreboot.org wrote:
>Send coreboot mailing list submissions to
> coreboot at coreboot.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
> https://mail.coreboot.org/mailman/listinfo/coreboot
>or, via email, send a message with subject or body 'help' to
> coreboot-request at coreboot.org
>
>You can reach the person managing the list at
> coreboot-owner at coreboot.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of coreboot digest..."
>
>
>Today's Topics:
>
> 1. Re: When does AMD release the fam15 spectre microcode
> updates? (Mike Banon)
> 2. Re: When does AMD release the fam15 spectre microcode
> updates? (Rudolf Marek)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Sun, 18 Feb 2018 14:48:05 +0300
>From: Mike Banon <mikebdp2 at gmail.com>
>To: "Taiidan at gmx.com" <Taiidan at gmx.com>, coreboot at coreboot.org
>Subject: Re: [coreboot] When does AMD release the fam15 spectre
> microcode updates?
>Message-ID:
> <CAK7947kcPwzWt0mpc6UttVK-Z8SUy-cL-0E0X5Gz8RdJ41cNgg at mail.gmail.com>
>Content-Type: text/plain; charset="UTF-8"
>
>Maybe its' a good idea to write to AMD support regarding this question
>- please share a reply if you would get an answer. I'm curious about
>other fam15 CPUs as well, e.g. A10-5750M microcode update would be
>nice, maybe a request could be more general, e.g. : what is the
>estimated release date for the microcode updates for fam15 AMD CPUs
>(so a request is not about "opterons only")
>
>On Sun, Feb 18, 2018 at 2:47 PM, Mike Banon <mikebdp2 at gmail.com> wrote:
>> Maybe its' a good idea to write to AMD support regarding this question
>> - please share a reply if you would get an answer. I'm curious about
>> other fam15 CPUs as well, e.g. A10-5750M microcode update would be
>> nice, maybe a request could be more general, e.g. : what is the
>> estimated release date for the microcode updates for fam15 AMD CPUs
>> (so a request is not about "opterons only")
>>
>> On Sun, Feb 18, 2018 at 4:30 AM, Taiidan at gmx.com <Taiidan at gmx.com> wrote:
>>> They said they would be releasing opteron microcode updates in a few weeks
>>> but it has been over a month and I am wondering when this is going to happen
>>> or if it already has and I should re-compile coreboot?
>>>
>>> https://www.amd.com/en/corporate/speculative-execution
>>> "We expect to make updates available for our previous generation products
>>> over the coming weeks."
>>>
>>> Thanks!
>>>
>>>
>>> --
>>> coreboot mailing list: coreboot at coreboot.org
>>> https://mail.coreboot.org/mailman/listinfo/coreboot
>
>
>
>------------------------------
>
>Message: 2
>Date: Sun, 18 Feb 2018 13:03:07 +0100
>From: Rudolf Marek <r.marek at assembler.cz>
>To: Mike Banon <mikebdp2 at gmail.com>, "Taiidan at gmx.com"
> <Taiidan at gmx.com>, coreboot at coreboot.org
>Subject: Re: [coreboot] When does AMD release the fam15 spectre
> microcode updates?
>Message-ID: <e4ebdd27-1446-43eb-e902-aa1ddee54d12 at assembler.cz>
>Content-Type: text/plain; charset=iso-8859-2
>
>Hi,
>
>What do you want to protect? If you want to protect the kernel, retpolines are OK on AMD.
>And you don't need any microcode update. Your CPU needs to have SMEP, otherwise
>you would need to clear RSB on CPL change (the paper on mentined page says that you need to do that
>always, but at least on Ryzen, the attack using RSB is not working (we tried that out, maybe it works
>only on some circumstances).
>
>If you want to protect userspace, the RSB will be clear by IBPB (which you would need if you don't have userspace compiled
>with retpolines). I don't know if intel clears RSB on IBPB... probably not
>
>To sum it up on AMD:
>
>kernel:
>retpolines, RSB clear on CPL change on CPU without SMEP (see above)
>
>userspace:
>retpolines, RSB clear on context switch necessary or IBPB (needs microcode update).
>
>Plus make sure you enable "LFENCE is dispatch serializing" - perhaps coreboot can do that :) it is simple
>MSR write on fam 10h 12h+ the fam 11h and 0fh dont have this MSR but LFENCE is dispatch serilizing.
>
>Besides that, you don't need any microcode update.
>
>Plus of course there is a spectre variant 1, which is more difficult to mitigate, basically you need to check all the software
>and look for any pattern like array_x[array_z[untrusted_index] * any transformation].
>
>The first access would leak just address (ASLR defated), second will leak data.
>The variant 1 works on user/user attack and as well as user/kernel.
>
>As far I know there are no automated tools to check for this.
>
>
>Thanks
>Rudolf
>
>
>
>
>
>
>
>
>
>Dne 18.2.2018 v 12:48 Mike Banon napsal(a):
>> Maybe its' a good idea to write to AMD support regarding this question
>> - please share a reply if you would get an answer. I'm curious about
>> other fam15 CPUs as well, e.g. A10-5750M microcode update would be
>> nice, maybe a request could be more general, e.g. : what is the
>> estimated release date for the microcode updates for fam15 AMD CPUs
>> (so a request is not about "opterons only")
>>
>> On Sun, Feb 18, 2018 at 2:47 PM, Mike Banon <mikebdp2 at gmail.com> wrote:
>>> Maybe its' a good idea to write to AMD support regarding this question
>>> - please share a reply if you would get an answer. I'm curious about
>>> other fam15 CPUs as well, e.g. A10-5750M microcode update would be
>>> nice, maybe a request could be more general, e.g. : what is the
>>> estimated release date for the microcode updates for fam15 AMD CPUs
>>> (so a request is not about "opterons only")
>>>
>>> On Sun, Feb 18, 2018 at 4:30 AM, Taiidan at gmx.com <Taiidan at gmx.com> wrote:
>>>> They said they would be releasing opteron microcode updates in a few weeks
>>>> but it has been over a month and I am wondering when this is going to happen
>>>> or if it already has and I should re-compile coreboot?
>>>>
>>>> https://www.amd.com/en/corporate/speculative-execution
>>>> "We expect to make updates available for our previous generation products
>>>> over the coming weeks."
>>>>
>>>> Thanks!
>>>>
>>>>
>>>> --
>>>> coreboot mailing list: coreboot at coreboot.org
>>>> https://mail.coreboot.org/mailman/listinfo/coreboot
>>
>
>
>
>------------------------------
>
>Subject: Digest Footer
>
>_______________________________________________
>coreboot mailing list
>coreboot at coreboot.org
>https://mail.coreboot.org/mailman/listinfo/coreboot
>
>------------------------------
>
>End of coreboot Digest, Vol 156, Issue 21
>*****************************************
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180219/329456a6/attachment.asc>
More information about the coreboot
mailing list