Fix detection of CVE-2018-3615 (L1TF_SGX) (#253)

* Add another location of Arch Linux ARM kernel

* Fix detection of CVE-2018-3615

We change the value of variantl1tf in the line directly before so its
value will never be "immune". Instead we can directly use the value of
variantl1tf to initialize variantl1tf_sgx.
This commit is contained in:
Michael Lass 2018-09-29 11:35:10 +02:00 committed by Stéphane Lesimple
parent 297d890ce9
commit 53d6a44754

View File

@ -484,7 +484,7 @@ is_cpu_vulnerable()
[ "$variant3a" = "immune" ] && variant3a=1 || variant3a=0
[ "$variant4" = "immune" ] && variant4=1 || variant4=0
[ "$variantl1tf" = "immune" ] && variantl1tf=1 || variantl1tf=0
[ "$variantl1tf" = "immune" ] && variantl1tf_sgx=1 || variantl1tf_sgx=0
variantl1tf_sgx="$variantl1tf"
# even if we are vulnerable to L1TF, if there's no SGX, we're safe for the original foreshadow
[ "$cpuid_sgx" = 0 ] && variantl1tf_sgx=1
_debug "is_cpu_vulnerable: final results are <$variant1> <$variant2> <$variant3> <$variant3a> <$variant4> <$variantl1tf> <$variantl1tf_sgx>"
@ -1503,6 +1503,8 @@ if [ "$opt_live" = 1 ]; then
[ -e "/boot/Image" ] && opt_kernel="/boot/Image"
# Arch armv5/armv7:
[ -e "/boot/zImage" ] && opt_kernel="/boot/zImage"
# Arch arm7:
[ -e "/boot/kernel7.img" ] && opt_kernel="/boot/kernel7.img"
# Linux-Libre:
[ -e "/boot/vmlinuz-linux-libre" ] && opt_kernel="/boot/vmlinuz-linux-libre"
# pine64