🌐 Website Issue | OS/#cpuvulns: We don't tell people to install microcode update packages #1404

New Issue

2019-10-12T19:52:36Z

Mikaela commented

2019-10-12 19:52:36 +00:00

(Migrated from github.com)

We have previously been unsure about OS suggestions that don't include updated microcode in https://github.com/privacytoolsIO/privacytools.io/issues/936#issuecomment-493655147, https://github.com/privacytoolsIO/privacytools.io/pull/978#pullrequestreview-247364516 and https://github.com/privacytoolsIO/privacytools.io/issues/1146#issuecomment-520619725.

However our recommended command, more accurately cat /sys/devices/system/cpu/vulnerabilities/mds may output the user

Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled

and if the user was to search for it, they would likely find the instruction to install intel-microcode (TODO: what are the other distribution than Debian equivalents?) and after rebooting the output may be

Mitigation: Clear CPU buffers; SMT disabled

Edit: I also mean to recommend users with AMD CPU install amd64-microcode (or non-Debian equivalent?)

We have previously been unsure about OS suggestions that don't include updated microcode in https://github.com/privacytoolsIO/privacytools.io/issues/936#issuecomment-493655147, https://github.com/privacytoolsIO/privacytools.io/pull/978#pullrequestreview-247364516 and https://github.com/privacytoolsIO/privacytools.io/issues/1146#issuecomment-520619725. However our recommended command, more accurately `cat /sys/devices/system/cpu/vulnerabilities/mds` may output the user > Vulnerable: Clear CPU buffers attempted, **no microcode**; SMT disabled and if the user was to search for it, they would likely find the instruction to install `intel-microcode` (TODO: what are the other distribution than Debian equivalents?) and after rebooting the output may be > Mitigation: Clear CPU buffers; SMT disabled Edit: I also mean to recommend users with AMD CPU install `amd64-microcode` (or non-Debian equivalent?)

Mikaela commented

2019-10-12 20:14:12 +00:00

(Migrated from github.com)

The package names are as follows for popular Linux distros:

microcode_ctl and linux-firmware – CentOS/RHEL microcode update package

intel-microcode – Debian/Ubuntu and clones microcode update package for Intel CPUS

amd64-microcode – Debian/Ubuntu and clones microcode firmware for AMD CPUs

linux-firmware – Arch Linux microcode firmware for AMD CPUs (installed by default and no action is needed on your part)

intel-ucode – Arch Linux microcode firmware for Intel CPUs

microcode_ctl, linux-firmware and ucode-intel – Suse/OpenSUSE Linux microcode update package

https://www.cyberciti.biz/faq/install-update-intel-microcode-firmware-linux/

It looks like we would have a long list, maybe we could just link to cyberciti.biz instead and possibly mention looking for the documentation of your distribution?

> The package names are as follows for popular Linux distros: > * microcode_ctl and linux-firmware – CentOS/RHEL microcode update package > * intel-microcode – Debian/Ubuntu and clones microcode update package for Intel CPUS > * amd64-microcode – Debian/Ubuntu and clones microcode firmware for AMD CPUs > * linux-firmware – Arch Linux microcode firmware for AMD CPUs (installed by default and no action is needed on your part) > * intel-ucode – Arch Linux microcode firmware for Intel CPUs > * microcode_ctl, linux-firmware and ucode-intel – Suse/OpenSUSE Linux microcode update package * https://www.cyberciti.biz/faq/install-update-intel-microcode-firmware-linux/ It looks like we would have a long list, maybe we could just link to cyberciti.biz instead and possibly mention looking for the documentation of your distribution?

This repo is archived. You cannot comment on issues.