peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2025-10-16 04:21:15 +02:00
Code Issues Projects Releases Wiki Activity

Check the status of the mitigations indicated by the 'Branch History Injection and Intra-mode Branch Target Injection: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html

Browse Source
This commit is contained in:
Gomez Iglesias, Antonio
2022-03-08 10:14:22 -08:00
parent b68ebe67f2
commit 3c4f5e4d8e
3 changed files with 159 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/check.yml vendored
View File

@@ -24,7 +24,7 @@ jobs:
fi
- name: check direct execution
run: |
expected=15
expected=17
nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then
echo "Invalid number of CVEs reported: $nb instead of $expected"
@@ -34,7 +34,7 @@ jobs:
fi
- name: check docker-compose run execution
run: |
expected=15
expected=17
docker-compose build
nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then
@@ -45,7 +45,7 @@ jobs:
fi
- name: check docker run execution
run: |
expected=15
expected=17
docker build -t spectre-meltdown-checker .
nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then