From: Alex Murray <alex.murray@canonical.com>
To: dave.hansen@linux.intel.com
Cc: bp@alien8.de,linux-kernel@vger.kernel.org,tglx@linutronix.de,x86@kernel.org
Subject: Re: [RFC][PATCH] x86/cpu/bugs: Consider having old Intel microcode to be a vulnerability
Date: Tue, 12 Nov 2024 17:07:27 +1030 [thread overview]
Message-ID: <87v7wtvty0.fsf@canonical.com> (raw)
In-Reply-To: <20241107170630.2A92B8D3@davehans-spike.ostc.intel.com>
>
> == Microcode Revision Discussion ==
>
> The microcode versions in the table were generated from the Intel
> microcode git repo:
>
> 29f82f7429c ("microcode-20241029 Release")
This upstream microcode release only contained an update for a
functional issue[1] - not any fixes for security issues. So it would not
really be correct to say a machine running the previous microcode
revision is vulnerable. As such, should the table of microcode revisions
only be generated from the upstream microcode releases that contain
fixes for security issues?
ie.
> +{ .flags = X86_CPU_ID_FLAG_ENTRY_VALID, .vendor = X86_VENDOR_INTEL, .family = 0x6, .model = 0xb7, .steppings = 0x0002, .driver_data = 0x12b }
should ideally be:
> +{ .flags = X86_CPU_ID_FLAG_ENTRY_VALID, .vendor = X86_VENDOR_INTEL, .family = 0x6, .model = 0xb7, .steppings = 0x0002, .driver_data = 0x129 }
to correspond with the previous microcode release that contained actual
security fixes.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241029
next prev parent reply other threads:[~2024-11-12 6:37 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-07 17:06 [RFC][PATCH] x86/cpu/bugs: Consider having old Intel microcode to be a vulnerability Dave Hansen
2024-11-08 23:36 ` Andrew Cooper
2024-11-12 17:15 ` Dave Hansen
2024-11-12 6:37 ` Alex Murray [this message]
2024-11-12 15:51 ` Dave Hansen
2024-11-13 3:29 ` Alex Murray
2024-11-13 16:00 ` Dave Hansen
2024-11-13 23:58 ` Alex Murray
2024-11-14 0:37 ` Dave Hansen
2024-11-18 8:35 ` Alex Murray
2024-11-13 9:28 ` Nikolay Borisov
2024-11-14 2:09 ` Andrew Cooper
2024-11-18 20:02 ` Dave Hansen
2024-11-19 17:45 ` Pawan Gupta
2024-11-19 18:49 ` Dave Hansen
2024-11-19 19:31 ` Pawan Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v7wtvty0.fsf@canonical.com \
--to=alex.murray@canonical.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox