[coreboot] Microcode updates for slightly older intel CPU's re: meltdown/spectre

799 one7two99 at protonmail.com
Thu Jan 11 06:34:43 CET 2018 

Hello,

Off-topic:
Top-posted as Protonmail Android App is still unable to correctly use inline answers without correct quote layout/line breaks. Bug has been reported months ago :-/

Taiidan wrote:

"(...) CPU's....without a fix there will
be only one coreboot compatible laptop with open source hardware
initiation that is remotely secure (...)"

Currently I am using two laptops for my work setup:
A 12.5" Lenovo X230 and a 15.x" Lenovo W540 both machines are running with Qubes OS 4rc3 and 16GB RAM. The W540 is a Dual-Boot system with Win10, the x230 is running Coreboot.

Honestly I am shocked and angry if there will be no Intel Updates for the X230 and W540.
On the other hand, if I am running Qubes and Coreboot, wouldn't this reduce the risk of Meltdown/Spectre attacks as Coreboot will protect me against remote attacks (stripped down AMT/Intel ME) and Qubes might reduce the attack surface as I am using several VMs and DVMs for browsing?

If I compare the Lenovo X230 to Lenovo G505s this looks like a step back: the G505s is targeted at another audience that Lenovo ThinkPad Users. It looks to me like an entry level desktop, which is also very bulky (without the additional performance of a W540).

CPU comparison X230 CPU vs G505s
http://www.cpu-world.com/Compare/725/AMD_A6-Series_for_Notebooks_A6-5350M_vs_Intel_Core_i5_Mobile_i5-3360M_(BGA).html

Also the G505s has less cores/no HT

Frustration. Can't "we" build one or maybe two crowd founded secure Laptops (12", 15.x") with reasonable specs, good keyboard, hardware kill switches, internal wan (kill-switchable)?
I can't think that choice is limited in 2018 to only 1 (in words "one") laptop modell, which is no nearly 5 years old (08/2013).

Brave new world.

[799]

Gesendet von ProtonMail mobile

-------- Original-Nachricht --------
An 11. Jan. 2018, 03:55, Taiidan at gmx.com schrieb:

> I am curious of any intel insiders know if there will be microcode
> updates released for older intel CPU's (ex: sandy/ivybridge) and failing
> that, what can be done in regards to securing them from meltdown/spectre.
>
> I believe this is a relevant coreboot topic considering how many
> coreboot boards have these and older CPU's....without a fix there will
> be only one coreboot compatible laptop with open source hardware
> initiation that is remotely secure (lenovo g505s as has a pre-PSP AMD
> CPU) and theoretically owner controllable (as the previous C2D/C2Q's
> such as the X200 are now permanently insecure without intervention from
> intel apparently)
>
> At this point even a massive performance loss is better than having to
> throw out so much now-useless hardware.
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180111/1e0fd151/attachment.html>

More information about the coreboot mailing list