diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 2152264..69b54f4 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -13,7 +13,7 @@ # # Stephane Lesimple # -VERSION='26.32.0410728' +VERSION='26.32.0410743' # --- Common paths and basedirs --- readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities" @@ -11147,44 +11147,48 @@ check_CVE_2023_28746_linux() { fi if [ "$opt_sysfs_only" != 1 ]; then - pr_info_nol "* CPU microcode mitigates the vulnerability: " - if [ "$cap_rfds_clear" = 1 ]; then - pstatus green YES "RFDS_CLEAR capability indicated by microcode" - elif [ "$cap_rfds_clear" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read MSR" - fi - - pr_info_nol "* Kernel supports RFDS mitigation (VERW on transitions): " - kernel_rfds='' - kernel_rfds_err='' - if [ -n "$g_kernel_err" ]; then - kernel_rfds_err="$g_kernel_err" - elif is_x86_kernel && grep -q 'Clear Register File' "$g_kernel"; then - kernel_rfds="found 'Clear Register File' string in kernel image" - elif is_x86_kernel && grep -q 'reg_file_data_sampling' "$g_kernel"; then - kernel_rfds="found reg_file_data_sampling in kernel image" - fi - if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -r "$opt_config" ]; then - if grep -q '^CONFIG_MITIGATION_RFDS=y' "$opt_config"; then - kernel_rfds="RFDS mitigation config option found enabled in kernel config" + if is_x86_cpu; then + pr_info_nol "* CPU microcode mitigates the vulnerability: " + if [ "$cap_rfds_clear" = 1 ]; then + pstatus green YES "RFDS_CLEAR capability indicated by microcode" + elif [ "$cap_rfds_clear" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read MSR" fi fi - if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -n "$opt_map" ]; then - if grep -q 'rfds_select_mitigation' "$opt_map"; then - kernel_rfds="found rfds_select_mitigation in System.map" + + if is_x86_kernel; then + pr_info_nol "* Kernel supports RFDS mitigation (VERW on transitions): " + kernel_rfds='' + kernel_rfds_err='' + if [ -n "$g_kernel_err" ]; then + kernel_rfds_err="$g_kernel_err" + elif grep -q 'Clear Register File' "$g_kernel"; then + kernel_rfds="found 'Clear Register File' string in kernel image" + elif grep -q 'reg_file_data_sampling' "$g_kernel"; then + kernel_rfds="found reg_file_data_sampling in kernel image" + fi + if [ -z "$kernel_rfds" ] && [ -r "$opt_config" ]; then + if grep -q '^CONFIG_MITIGATION_RFDS=y' "$opt_config"; then + kernel_rfds="RFDS mitigation config option found enabled in kernel config" + fi + fi + if [ -z "$kernel_rfds" ] && [ -n "$opt_map" ]; then + if grep -q 'rfds_select_mitigation' "$opt_map"; then + kernel_rfds="found rfds_select_mitigation in System.map" + fi + fi + if [ -n "$kernel_rfds" ]; then + pstatus green YES "$kernel_rfds" + elif [ -n "$kernel_rfds_err" ]; then + pstatus yellow UNKNOWN "$kernel_rfds_err" + else + pstatus yellow NO fi fi - if [ -n "$kernel_rfds" ]; then - pstatus green YES "$kernel_rfds" - elif [ -n "$kernel_rfds_err" ]; then - pstatus yellow UNKNOWN "$kernel_rfds_err" - else - pstatus yellow NO - fi - if [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then + if is_x86_cpu && [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then pr_info_nol "* RFDS mitigation is enabled and active: " if echo "$ret_sys_interface_check_fullmsg" | grep -qi '^Mitigation'; then rfds_mitigated=1