On Tue, Jan 16, 2018 at 09:18:47AM -0800, Cy Schubert
wrote:> Might we be jumping the gun with updated firmware in devcpu-data?
>
>
https://www.reddit.com/r/sysadmin/comments/7qjnfx/vmware_pulled_spectre_patches_on_friday/
From what I understand, the new Intel microcode only makes sense if
retpoline is used. On Skylake and above, retpoline by itself isn't
100% effective against Spectre. On those systems, retpoline requires
the new Intel microcode update along with enabling the new IBRS
feature that comes with it.
Simply updating the microcode on Intel systems doesn't really do much
on its own.
Granted, I could have misread and be completely wrong. Please let me
know if I am.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal: +1 443-546-8752
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL:
<http://lists.freebsd.org/pipermail/freebsd-security/attachments/20180116/48a4ce5c/attachment.sig>