493 Commits (master)
 

Author SHA1 Message Date
Stéphane Lesimple 725eaa8bf5 feat(arm): adjust vulnerable ARM CPUs for variant3a and variant4 4 years ago
Stéphane Lesimple c6ee0358d1 feat(variant4): report SSB_NO CPUs as not vulnerable 4 years ago
Stéphane Lesimple 22d0b203da fix(ssb_no): rename ssbd_no to ssb_no and fix shift 4 years ago
Stéphane Lesimple 3062a8416a fix(msg): add missing words 4 years ago
Stéphane Lesimple 6a4318addf feat(variant3a/4): initial support for 2 new CVEs 4 years ago
Stéphane Lesimple c19986188f fix(variant2): adjust detection for SLES kernels 4 years ago
Rob Gill 7e4899bcb8 ibrs can't be enabled on no ibrs cpu (#195) 4 years ago
rrobgill 5cc77741af Update spectre-meltdown-checker.sh 4 years ago
rrobgill 1c0f6d9580 cpuid and msr module check 4 years ago
Onno Zweers 4acd0f647a Suggestion to change VM to a CPU with IBRS capability 4 years ago
Stéphane Lesimple fb52dbe7bf set master branch to v0.37+ 4 years ago
Stéphane Lesimple edebe4dcd4 bump to v0.37 4 years ago
Stéphane Lesimple 83ea78f523 fix: arm: also detect variant 1 mitigation when using native objdump 4 years ago
Stéphane Lesimple 602b68d493 fix(spectrev2): explain that retpoline is possible for Skylake+ if there is RSB filling, even if IBRS is still better 4 years ago
Stéphane Lesimple 97bccaa0d7 feat: rephrase IBPB warning when only retpoline is enabled in non-paranoid mode 4 years ago
Stéphane Lesimple 68e619b0d3 feat: show RSB filling capability for non-Skylake in verbose mode 4 years ago
Stéphane Lesimple a6f4475cee feat: make IBRS_FW blue instead of green 4 years ago
Stéphane Lesimple 223f5028df feat: add --paranoid to choose whether we require IBPB 4 years ago
Stéphane Lesimple c0108b9690 fix(spectre2): don't explain how to fix when NOT VULNERABLE 4 years ago
Stéphane Lesimple a3016134bd feat: make RSB filling support mandatory for Skylake+ CPUs 4 years ago
Stéphane Lesimple 59d85b39c9 feat: detect RSB filling capability in the kernel 4 years ago
Stéphane Lesimple baaefb0c31 fix: remove shellcheck warnings 4 years ago
Igor Lubashev d452aca03a fix: invalid bash syntax when ibpb_enabled or ibrs_enabled are empty 4 years ago
Stéphane Lesimple 10b8d94724 feat: detect latest Red Hat kernels' RO ibpb_enabled knob 4 years ago
Stéphane Lesimple 8606e60ef7 refactor: no longer display the retoline-aware compiler test when we can't tell for sure 4 years ago
Stéphane Lesimple 6a48251647 fix: regression in 51aeae25, when retpoline & ibpb are enabled 4 years ago
Stéphane Lesimple f4bf5e95ec fix: typos 4 years ago
Stéphane Lesimple 60eac1ad43 feat: also do PTI performance check with (inv)pcid for BSD 4 years ago
Stéphane Lesimple b3cc06a6ad fix regression introduced by 82c25dc 4 years ago
Stéphane Lesimple 5553576e31 feat(amd/zen): re-introduce IBRS for AMD except ZEN family 4 years ago
Stéphane Lesimple e16ad802da feat(ibpb=2): add detection of SMT before concluding the system is not vulnerable 4 years ago
Stéphane Lesimple 29c294edff feat(bsd): explain how to mitigate variant2 4 years ago
Stéphane Lesimple 59714011db refactor: IBRS_ALL & RDCL_NO are Intel-only 4 years ago
Stéphane Lesimple 51e8261a32 refactor: separate hw checks for Intel & AMD 4 years ago
Stéphane Lesimple 2a4bfad835 refactor: add is_amd and is_intel funcs 4 years ago
Stéphane Lesimple 7e52cea66e feat(spectre2): refined how status of this vuln is decided and more precise explanations on how to fix 4 years ago
Benjamin Bouvier 417d7aab91 Fix trailing whitespace and mixed indent styles; 4 years ago
Sylvestre Ledru 67bf761029 Fix some user facing typos with codespell -w -q3 . 4 years ago
Stéphane Lesimple 0eabd266ad refactor: decrease default verbosity for some tests 4 years ago
Stéphane Lesimple b77fb0f226 fix: don't override ibrs/ibpb results with later tests 4 years ago
Stéphane Lesimple 89c2e0fb21 fix(amd): show cpuinfo and ucode details 4 years ago
Stéphane Lesimple b88f32ed95 feat: print raw cpuid, and fetch ucode version under BSD 4 years ago
Stéphane Lesimple 7a4ebe8009 refactor: rewrite read_cpuid to get more common code parts between BSD and Linux 4 years ago
Stéphane Lesimple 0919f5c236 feat: add explanations of what to do when a vulnerability is not mitigated 4 years ago
Stéphane Lesimple de02dad909 feat: rework Spectre V2 mitigations detection w/ latest vanilla & Red Hat 7 kernels 4 years ago
Stéphane Lesimple 07484d0ea7 add dump of variables at end of script in debug mode 4 years ago
Stéphane Lesimple a8b557b9e2 fix(cpu): skip CPU checks if asked to (--no-hw) or if inspecting a kernel of another architecture 4 years ago
Stéphane Lesimple 619b2749d8 fix(sysfs): only check for sysfs for spectre2 when in live mode 4 years ago
Stéphane Lesimple 94857c983d update readme 4 years ago
Stéphane Lesimple 056ed00baa feat(arm): detect spectre variant 1 mitigation 4 years ago