diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 945866f..0eb8b21 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -1923,20 +1923,20 @@ check_variant2_linux() # when IBPB is enabled on 4.15+, we can see it in sysfs if grep -q ', IBPB' "/sys/devices/system/cpu/vulnerabilities/spectre_v2"; then _debug "ibpb: found enabled in sysfs" - ibpb_supported='IBPB found enabled in sysfs' - ibpb_enabled=1 + [ -z "$ibpb_supported" ] && ibpb_supported='IBPB found enabled in sysfs' + [ -z "$ibpb_enabled" ] && ibpb_enabled=1 fi # when IBRS_FW is enabled on 4.15+, we can see it in sysfs if grep -q ', IBRS_FW' "/sys/devices/system/cpu/vulnerabilities/spectre_v2"; then _debug "ibrs: found IBRS_FW in sysfs" - ibrs_supported='found IBRS_FW in sysfs' + [ -z "$ibrs_supported" ] && ibrs_supported='found IBRS_FW in sysfs' ibrs_fw_enabled=1 fi # when IBRS is enabled on 4.15+, we can see it in sysfs if grep -q 'Indirect Branch Restricted Speculation' "/sys/devices/system/cpu/vulnerabilities/spectre_v2"; then _debug "ibrs: found IBRS in sysfs" - ibrs_supported='found IBRS in sysfs' - ibrs_enabled=3 + [ -z "$ibrs_supported" ] && ibrs_supported='found IBRS in sysfs' + [ -z "$ibrs_enabled" ] && ibrs_enabled=3 fi fi # in live mode, if ibrs or ibpb is supported and we didn't find these are enabled, then they are not @@ -2017,8 +2017,8 @@ check_variant2_linux() fi fi ;; - 1) pstatus green YES "for kernel space";; - 2) pstatus green YES "for both kernel and user space";; + 1) if [ "$ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel space and firmware code"; else pstatus green YES "for kernel space"; fi;; + 2) if [ "$ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel, user space, and firmware code" ; else pstatus green YES "for both kernel and user space"; fi;; 3) if [ "$ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel and firmware code"; else pstatus green YES; fi;; *) pstatus yellow UNKNOWN;; esac