Merge pull request #1 from speed47/master

merge
2018-09-29 14:12:54 +10:00 · 2018-09-29 14:12:54 +10:00 · 664fb7662f
parent fc1dffd09a 297d890ce9
commit 664fb7662f
4 changed files with 685 additions and 161 deletions
--- a/4
+++ b/4
@ -5,3 +5,7 @@ RUN apk --update --no-cache add kmod binutils grep perl
 COPY . /check

 ENTRYPOINT ["/check/spectre-meltdown-checker.sh"]
+
+VOLUME /boot
+VOLUME /dev/cpu
+VOLUME /lib/modules
--- a/README.md
+++ b/README.md
@ -7,9 +7,9 @@ A shell script to tell if your system is vulnerable against the several "specula
 - CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
 - CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
 - CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
- CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow & Foreshadow-NG'
-
-**2018-08-15: Foreshadow support is being worked on, vulnerable/immune CPUs are already detected, and kernel-reported vulnerability status is checked, but manual mitigation detection is currently being implemented, will be available in the next few days**
+- CVE-2018-3615 [L1 terminal fault] aka 'Foreshadow (SGX)'
+- CVE-2018-3620 [L1 terminal fault] aka 'Foreshadow-NG (OS)'
+- CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow-NG (VMM)'

 Supported operating systems:
 - Linux (all versions, flavors and distros)
@ -49,9 +49,18 @@ sudo ./spectre-meltdown-checker.sh

 ### Run the script in a docker container

+#### With docker-compose
+
+```shell
+docker-compose build
+docker-compose run --rm spectre-meltdown-checker
+```
+
+#### Without docker-compose
+
 ```shell
 docker build -t spectre-meltdown-checker .
-docker run --rm --privileged -v /boot:/boot:ro -v /lib/modules:/lib/modules:ro -v /dev/cpu:/dev/cpu:ro spectre-meltdown-checker
+docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker
 ```

 ## Example of script output
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,15 @@
+version: '2'
+
+services:
+  spectre-meltdown-checker:
+    build:
+      context: ./
+      dockerfile: ./Dockerfile
+    image: spectre-meltdown-checker:latest
+    container_name: spectre-meltdown-checker
+    privileged: true
+    network_mode: none
+    volumes:
+      - /boot:/boot:ro
+      - /dev/cpu:/dev/cpu:ro
+      - /lib/modules:/lib/modules:ro
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh