Consider adding intel-microcode to the list of dependencies #3663
Comments
emkll
changed the title
|
Closed via #3494 |
This was referenced Dec 3, 2018
|
reopened via #3955 |
|
I think we can look at this again, as both |
|
Closed via #4543 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Several vulnerabilities have been discovered in x86 processors. The initial round of vulnerabilities (Meldown, Spectre v1, v2) could be fully mitigated in the kernel.
At this time, the second round of vulnerabilities (Spectre v3a and v4) require kernel level mitigation and microcode updates (via the
intel-microcodepackage [0] are also required, and are not yet available in Trusty [1].The risk should be quite low, however, as these vulnerabilities require code execution on the hosts in order to exploit these vulnerabilities.
We should also note that the intel-firmware package contains non-free binary blobs that update the cpu's microcode at boot-time.
User Stories
As a SecureDrop administrator, I would like my SecureDrop instance to have the most complete mitigations against CPU-based attacks.
[0] : https://downloadcenter.intel.com/search?keyword=linux+microcode
[1] : https://launchpad.net/ubuntu/+source/intel-microcode
The text was updated successfully, but these errors were encountered: