split script in multiple files, reassembled through build.sh

src/vulns/CVE-2018-3615.sh

@@ -0,0 +1,36 @@
+# vim: set ts=4 sw=4 sts=4 et:
+###########################
+# L1TF / FORESHADOW SECTION
+
+# CVE-2018-3615 Foreshadow (L1 terminal fault SGX) - entry point
+check_CVE_2018_3615() {
+    local cve
+    cve='CVE-2018-3615'
+    pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
+
+    pr_info_nol "* CPU microcode mitigates the vulnerability: "
+    if { [ "$cap_flush_cmd" = 1 ] || { [ "$g_msr_locked_down" = 1 ] && [ "$cap_l1df" = 1 ]; }; } && [ "$cap_sgx" = 1 ]; then
+        # no easy way to detect a fixed SGX but we know that
+        # microcodes that have the FLUSH_CMD MSR also have the
+        # fixed SGX (for CPUs that support it), because Intel
+        # delivered fixed microcodes for both issues at the same time
+        #
+        # if the system we're running on is locked down (no way to write MSRs),
+        # make the assumption that if the L1D flush CPUID bit is set, probably
+        # that FLUSH_CMD MSR is here too
+        pstatus green YES
+    elif [ "$cap_sgx" = 1 ]; then
+        pstatus red NO
+    else
+        pstatus blue N/A
+    fi
+
+    if ! is_cpu_affected "$cve"; then
+        # override status & msg in case CPU is not vulnerable after all
+        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
+    elif [ "$cap_flush_cmd" = 1 ] || { [ "$g_msr_locked_down" = 1 ] && [ "$cap_l1df" = 1 ]; }; then
+        pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability"
+    else
+        pvulnstatus "$cve" VULN "your CPU supports SGX and the microcode is not up to date"
+    fi
+}