From b4ac5fcbe37550159e0464ac28c7a85c35194c32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Fri, 16 Feb 2018 10:34:01 +0100
Subject: [PATCH] feat(variant2): better explanation when kernel supports IBRS
 but CPU does not

---
 spectre-meltdown-checker.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index a752c38..c19ee85 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -1223,7 +1223,7 @@ check_cpu()
 		_warn "the mitigations for Spectre), or upgrade to a newer one if available."
 		_warn
 	else
-		pstatus green NO "$ucode_found"
+		pstatus blue NO "$ucode_found"
 	fi
 
 	_info     "* CPU vulnerability to the three speculative execution attacks variants"
@@ -1648,6 +1648,8 @@ check_variant2()
 				pvulnstatus $cve OK "IBRS is mitigating the vulnerability"
 			elif [ "$ibpb_enabled" = 2 ]; then
 				pvulnstatus $cve OK "Full IBPB is mitigating the vulnerability"
+			elif [ "$ibrs_supported" = 1 ] && [ "$cpuid_spec_ctrl" != 1 ]; then
+				pvulnstatus $cve VULN "Your kernel is compiled with IBRS but your CPU microcode is lacking support to successfully mitigate the vulnerability"
 			else
 				pvulnstatus $cve VULN "IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability"
 			fi