On 1/6/2018 19:58, Mouse wrote:
Why? Is there any reason to not deploy known effective countermeasures while waiting for a real fix? Indeed, do we have any reason to think a real fix will be forthcoming from Intel? In view of their attempts to downplay their bugs, I have negative confidence they will actually _fix_ them...if indeed they are fixable on current hardware. (It's not publicly known, as far as I know, to what extent the bugs are fixable in microcode; in some respects they may be baked into the silicon.)
My understanding is that it's not something that can be fixed in microcode, but that Intel has already released a microcode update that provides hardware support for mitigating the problems. I haven't been able to find actual documentation about the changes, but apparently Intel calls them "Indirect Branch Restricted Speculation" and "Indirect Branch Prediction Barriers". On CPUs with the new microcode, there are now new SPEC_CTRL and PRED_CMD model-specific registers that allow you to enable/disable the behavior.
It looks like two of the Dell machines I use have BIOS updates that include the new microcode, but I don't know when it'll be available for the other machines I use. The standalone microcode update at https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File is dated 20171117, and from what I've read, does not contain the latest changes.
-- Name: Dave Huang | Mammal, mammal / their names are called / INet: khym%azeotrope.org@localhost | they raise a paw / the bat, the cat / Telegram: @dahanc | dolphin and dog / koala bear and hog -- TMBGDahan: Hani G Y+C 42 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++