From a7afc585a965f8b4789402b2a692269b41920040 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Thu, 16 Aug 2018 10:51:55 +0200 Subject: [PATCH 1/3] fix several incorrect ucode version numbers --- spectre-meltdown-checker.sh | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index a142fb9..37f8e5e 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -1274,15 +1274,13 @@ is_latest_known_ucode() ucode_latest="latest microcode version of your CPU is not known to this script" is_intel || return 2 # https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf - # ps2txt sa00115-microcode-update-guidance.ps | grep -Eo '[0-9A-F]+ [0-9A-F]+ [^ ]+ Production 0x[A-F0-9]+ 0x[A-F0-9]+' | awk '{print "0x"$1","$6" \\"}' | sort -u + # ps2txt sa00115-microcode-update-guidance.ps | grep -Eo '[0-9A-F]+ [0-9A-F]+ [^ ]+ Production 0x[A-F0-9]+ 0x[A-F0-9]+' | awk '{print "0x"$1","$6" \\"}' | uniq # cpuid,ucode for tuple in \ 0x106A5,0x1D \ 0x106E5,0x0A \ - 0x20652,0x11A \ - 0x20652,0x11C \ + 0x20652,0x11 \ 0x20655,0x7 \ - 0x20655,0x7C \ 0x206A7,0x2E \ 0x206C2,0x1F \ 0x206D6,0x61D \ @@ -1291,34 +1289,30 @@ is_latest_known_ucode() 0x206F2,0x3B \ 0x306A9,0x20 \ 0x306C3,0x25 \ - 0x306D4,0x2BB \ + 0x306D4,0x2B \ 0x306E4,0x42D \ 0x306E7,0x714 \ 0x306F2,0x3D \ 0x306F4,0x12 \ 0x40651,0x24 \ 0x40661,0x1A \ - 0x40671,0x1EB \ + 0x40671,0x1E \ 0x406E3,0xC6 \ 0x406F1,0xB00002E \ - 0x406F1,0xB00002EB \ 0x50654,0x200004D \ - 0x50662,0x17B \ - 0x50663,0x7000013B \ - 0x50664,0xF000012B \ - 0x50665,0xE00000AB \ - 0x506C2,0x14C \ + 0x50662,0x17 \ + 0x50663,0x7000013 \ + 0x50664,0xF000012 \ + 0x50665,0xE00000A \ + 0x506C2,0x14 \ 0x506E3,0xC6 \ 0x506F1,0x24 \ 0x706A1,0x28 \ 0x806E9,0x8E \ 0x806EA,0x96 \ - 0x806EA,0x96C \ 0x906E9,0x8E \ 0x906EA,0x96 \ - 0x906EA,0x96C \ - 0x906EA,0x96D \ - 0x906EB,0x8EC + 0x906EB,0x8E do cpuid_decimal=$(( $(echo "$tuple" | cut -d, -f1) )) ucode_decimal=$(( $(echo "$tuple" | cut -d, -f2) )) From 794c5be1d200c6659ee7e36fcb93604dfcad9754 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Thu, 16 Aug 2018 15:18:47 +0200 Subject: [PATCH 2/3] feat: add optional git describe support to display inter-release version numbers --- spectre-meltdown-checker.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 37f8e5e..9492331 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -26,6 +26,12 @@ exit_cleanup() [ "$kldload_cpuctl" = 1 ] && kldunload cpuctl 2>/dev/null } +# if we were git clone'd, adjust VERSION +if [ -d "$(dirname "$0")/.git" ] && which git >/dev/null 2>&1; then + describe=$(git -C "$(dirname "$0")" describe --tags --dirty 2>/dev/null) + [ -n "$describe" ] && VERSION=$(echo "$describe" | sed -e s/^v//) +fi + show_usage() { # shellcheck disable=SC2086 @@ -1274,7 +1280,7 @@ is_latest_known_ucode() ucode_latest="latest microcode version of your CPU is not known to this script" is_intel || return 2 # https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf - # ps2txt sa00115-microcode-update-guidance.ps | grep -Eo '[0-9A-F]+ [0-9A-F]+ [^ ]+ Production 0x[A-F0-9]+ 0x[A-F0-9]+' | awk '{print "0x"$1","$6" \\"}' | uniq + # ps2txt sa00115-microcode-update-guidance.ps | grep -Eo '[0-9A-F]+ [0-9A-F]+ [^ ]+ Production 0x[A-F0-9]+ 0x[^ ]+' | awk '{print "0x"$1","$6" \\"}' | uniq # cpuid,ucode for tuple in \ 0x106A5,0x1D \ From 339ad31757d2b27e31b17e2f9a24693c3c93be43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Thu, 16 Aug 2018 15:19:29 +0200 Subject: [PATCH 3/3] fix: add missing l1tf CPU vulnerability display in hw section --- spectre-meltdown-checker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 9492331..0d645b8 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -2094,7 +2094,7 @@ check_cpu() check_cpu_vulnerabilities() { _info "* CPU vulnerability to the speculative execution attack variants" - for v in 1 2 3 3a 4; do + for v in 1 2 3 3a 4 l1tf; do _info_nol " * Vulnerable to Variant $v: " if is_cpu_vulnerable $v; then pstatus yellow YES