|
|
|
@ -11,7 +11,7 @@
|
|
|
|
|
# |
|
|
|
|
# Stephane Lesimple |
|
|
|
|
# |
|
|
|
|
VERSION='0.42' |
|
|
|
|
VERSION='0.43' |
|
|
|
|
|
|
|
|
|
trap 'exit_cleanup' EXIT |
|
|
|
|
trap '_warn "interrupted, cleaning up..."; exit_cleanup; exit 1' INT |
|
|
|
@ -84,14 +84,14 @@ show_usage()
|
|
|
|
|
--batch prometheus produce output for consumption by prometheus-node-exporter |
|
|
|
|
|
|
|
|
|
--variant VARIANT specify which variant you'd like to check, by default all variants are checked |
|
|
|
|
VARIANT can be one of 1, 2, 3, 3a, 4, l1tf, msbds, mfbds, mlpds, mdsum, taa |
|
|
|
|
VARIANT can be one of 1, 2, 3, 3a, 4, l1tf, msbds, mfbds, mlpds, mdsum, taa, mcepsc |
|
|
|
|
can be specified multiple times (e.g. --variant 2 --variant 3) |
|
|
|
|
--cve [cve1,cve2,...] specify which CVE you'd like to check, by default all supported CVEs are checked |
|
|
|
|
--hw-only only check for CPU information, don't check for any variant |
|
|
|
|
--no-hw skip CPU information and checks, if you're inspecting a kernel not to be run on this host |
|
|
|
|
--vmm [auto,yes,no] override the detection of the presence of a hypervisor (for CVE-2018-3646), default: auto |
|
|
|
|
--update-fwdb update our local copy of the CPU microcodes versions database (using the awesome MCExtractor project |
|
|
|
|
and the Intel firmwares GitHub repository) |
|
|
|
|
--vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto |
|
|
|
|
--update-fwdb update our local copy of the CPU microcodes versions database (using the awesome |
|
|
|
|
MCExtractor project and the Intel firmwares GitHub repository) |
|
|
|
|
--update-builtin-fwdb same as --update-fwdb but update builtin DB inside the script itself |
|
|
|
|
--dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script |
|
|
|
|
|
|
|
|
@ -1040,8 +1040,9 @@ while [ -n "$1" ]; do
|
|
|
|
|
mdsum) opt_cve_list="$opt_cve_list CVE-2019-11091"; opt_cve_all=0;; |
|
|
|
|
l1tf) opt_cve_list="$opt_cve_list CVE-2018-3615 CVE-2018-3620 CVE-2018-3646"; opt_cve_all=0;; |
|
|
|
|
taa) opt_cve_list="$opt_cve_list CVE-2019-11135"; opt_cve_all=0;; |
|
|
|
|
mcepsc) opt_cve_list="$opt_cve_list CVE-2018-12207"; opt_cve_all=0;; |
|
|
|
|
*) |
|
|
|
|
echo "$0: error: invalid parameter '$2' for --variant, expected either 1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, taa or l1tf" >&2; |
|
|
|
|
echo "$0: error: invalid parameter '$2' for --variant, expected either 1, 2, 3, 3a, 4, l1tf, msbds, mfbds, mlpds, mdsum, taa or mcepsc" >&2; |
|
|
|
|
exit 255 |
|
|
|
|
;; |
|
|
|
|
esac |
|
|
|
|