From c0108b9690b9266ee6fa74402211db78274ced32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Sun, 15 Apr 2018 20:55:55 +0200
Subject: [PATCH] fix(spectre2): don't explain how to fix when NOT VULNERABLE

---
 spectre-meltdown-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 2f0b19c..1b89f8f 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2366,7 +2366,7 @@ check_variant2_linux()
 		fi
 
 		# if we are in live mode, we can check for a lot more stuff and explain further
-		if [ "$opt_live" = 1 ]; then
+		if [ "$opt_live" = 1 ] && [ "$vulnstatus" != "OK" ]; then
 			_explain_hypervisor="An updated CPU microcode will have IBRS/IBPB capabilities indicated in the Hardware Check section above. If you're running under an hypervisor (KVM, Xen, VirtualBox, VMware, ...), the hypervisor needs to be up to date to be able to export the new host CPU flags to the guest. You can run this script on the host to check if the host CPU is IBRS/IBPB. If it is, and it doesn't show up in the guest, upgrade the hypervisor."
 			# IBPB (amd & intel)
 			if [ "$ibpb_enabled" = 0 ] && ( is_intel || is_amd ); then