Commit Graph

159 Commits

Author SHA1 Message Date
Stéphane Lesimple 0aa5857a76 fix(cpu): Pentium Exxxx series are not vulnerable
Pentium E series are not in the vulnerable list from
Intel, and Spectre2 PoC reportedly doesn't work on
an E5200
2018-01-21 16:13:17 +01:00
Stéphane Lesimple b3b7f634e6 fix(display): use text-mode compatible colors
in text-mode 80-cols TERM=linux terminals, colors
were not displaying properly, one had to use
--no-color to be able to read some parts of the
2018-01-21 12:32:22 +01:00
Stéphane Lesimple 263ef65fec bump to v0.32 2018-01-20 12:49:12 +01:00
Stéphane Lesimple a1bd233c49 revert to a simpler check_vmlinux() 2018-01-20 12:26:26 +01:00
Stéphane Lesimple de6590cd09 cache is_cpu_vulnerable result for performance 2018-01-20 12:24:23 +01:00
Stéphane Lesimple 56d4f82484 is_cpu_vulnerable: implement check for multi-arm systems 2018-01-20 12:24:23 +01:00
Stéphane Lesimple 7fa2d6347b check_vmlinux: when readelf doesn't work, try harder with another way 2018-01-20 12:23:55 +01:00
Stéphane Lesimple 3be5e90481 be smarter to find a usable echo command 2018-01-20 12:23:55 +01:00
Stéphane Lesimple 995620a682 add pine64 vmlinuz location 2018-01-20 12:23:19 +01:00
Stéphane Lesimple 193e0d8d08 arm: cosmetic fix for name and handle aarch64 2018-01-20 12:22:48 +01:00
Stéphane Lesimple 72ef94ab3d ARM: display a friendly name instead of empty string 2018-01-20 12:22:48 +01:00
Harald Hoyer ccc0453df7 search in /lib/modules/$(uname -r) for vmlinuz, config,
On Fedora machines /lib/modules/$(uname -r) has all the files.
2018-01-20 11:19:34 +01:00
Stéphane Lesimple 14ca49a042 Atom N270: implement another variation 2018-01-19 18:47:38 +01:00
Stéphane Lesimple db357b8e25 CoreOS: remove ephemeral install of a non-used package 2018-01-18 10:17:25 +01:00
Stéphane Lesimple 42a57dd980 add kern.log as another backend of dmesg output 2018-01-17 17:17:39 +01:00
Stéphane Lesimple 5ab95f3656 fix(atom): don't use a pcre regex, only an extended one 2018-01-17 12:01:13 +01:00
Stéphane Lesimple 5b6e39916d fix(atom): properly detect Nxxx Atom series 2018-01-17 11:07:47 +01:00
Willy Sudiarto Raharjo 556951d5f0 Add Support for Slackware.
Signed-off-by: Willy Sudiarto Raharjo <>
2018-01-16 11:55:03 +01:00
Stéphane Lesimple 7a88aec95f
Implement CoreOS compatibility mode (#84)
* Add special CoreOS compatibility mode
* CoreOS: refuse --coreos if we're not under CoreOS
* CoreOS: warn if launched without --coreos option
* is_coreos: make stderr silent
* CoreOS: tiny adjustments
2018-01-16 10:33:01 +01:00
Stéphane Lesimple bd18323d79 bump to v0.31 to reflect changes 2018-01-14 22:34:09 +01:00
Stéphane Lesimple b89d67dd15 meltdown: detecting Xen PV, reporting as not vulnerable 2018-01-14 22:31:21 +01:00
Stéphane Lesimple 704e54019a is_cpu_vulnerable: add check for old Atoms 2018-01-14 21:32:56 +01:00
Stéphane Lesimple d96093171a verbose: add PCID check for performance impact of PTI 2018-01-14 17:18:34 +01:00
Stéphane Lesimple dcc4488340
Merge pull request #80 from speed47/cpuid_spec_ctrl
v0.30, cpuid spec ctrl and other enhancements
2018-01-14 16:48:02 +01:00
Stéphane Lesimple 32e3fe6c07 bump to v0.30 to reflect changes 2018-01-14 16:45:59 +01:00
Stéphane Lesimple f488947d43
Merge pull request #79 from andir/add-nixos
add support for NixOS kernel
2018-01-14 16:40:10 +01:00
Stéphane Lesimple 71213c11b3 ibrs: check for spec_ctrl_ibrs in cpuinfo 2018-01-14 16:36:51 +01:00
Andreas Rammhold 2964c4ab44
add support for NixOS kernel
this removes the need to specify the kernel version manually on NixOS
2018-01-14 16:18:29 +01:00
Stéphane Lesimple 749f432d32 also check for spec_ctrl flag in cpuinfo 2018-01-14 15:47:51 +01:00
Stéphane Lesimple a422b53d7c also check for cpuinfo flag 2018-01-14 15:47:51 +01:00
Stéphane Lesimple c483a2cf60 check spec_ctrl support using cpuid 2018-01-14 15:47:51 +01:00
Stéphane Lesimple dead0054a4 fix: proper detail msg in vuln status 2018-01-14 15:47:22 +01:00
Stéphane Lesimple 8ed7d465aa
Merge pull request #77 from speed47/exitcode
proper return codes regardless of the batch mode
2018-01-14 14:25:12 +01:00
Stéphane Lesimple e5e4851d72 proper return codes regardless of the batch mode 2018-01-14 14:24:31 +01:00
Stéphane Lesimple 7f92717a2c add info about accuracy when missing kernel files 2018-01-13 13:59:17 +01:00
Stéphane Lesimple b47d505689 AMD now vuln to variant2 (as per their stmt) 2018-01-13 13:35:31 +01:00
Corey Hickey 4a2d051285 minor is_cpu_vulnerable() changes (#71)
* correct is_cpu_vulnerable() comment

As far as I can tell, the function and usage are correct for the comment
to be inverted.

Add a clarifying note as to why the value choice makes sense.

* exit on invalid varient

If this happens, it's a bug in the script. None of the calling code
checks for status 255, so don't let a scripting bug cause a false

* no need to set vulnerable CPUs

According to comment above this code:
'by default, everything is vulnerable, we work in a "whitelist" logic here.'
2018-01-13 13:16:37 +01:00
Sylvestre Ledru f3551b9734 Only show the name of the script, not the full path (#72) 2018-01-13 13:14:19 +01:00
Sylvestre Ledru 45b98e125f fix some typos (#73) 2018-01-13 13:13:40 +01:00
Stéphane Lesimple dce917bfbb add --version, bump to v0.28 2018-01-12 19:10:44 +01:00
Stéphane Lesimple 8f18f53aba add cpu model in output 2018-01-12 19:08:12 +01:00
M. Willis Monroe d3f102b3b3 Typofix in readme (#61) 2018-01-12 13:58:04 +01:00
M. Willis Monroe 8bd093173d Fixed a few spelling errors (#60) 2018-01-12 11:46:36 +01:00
Stéphane Lesimple bfe5a3b840 add some debug 2018-01-12 10:53:19 +01:00
Stéphane Lesimple 6a0242eea3 bump to v0.27 2018-01-11 15:36:41 +01:00
Stéphane Lesimple bc4e39038a fix(opcodes): fix regression introduced in previous commit
We were saying unknown instead of vulnerable when the count of lfence opcodes was low
This was not impacting batch mode or the final decision, just the human-readable output of the script.
2018-01-11 15:35:57 +01:00
Stéphane Lesimple 62f8ed6f61
adding support for new /sys interface (#55)
* adding support for new /sys interface
* fix(objdump): prefer -d instead of -D, some kernels crash objdump otherwise
2018-01-11 12:23:16 +01:00
Gianluca Varisco 56b67f8082 Typo in README (#54) 2018-01-11 12:01:31 +01:00
Tobias Rüetschi 52a8f78885 send warning to stderr. (#53)
With --batch json there must not be any other output on stdout, so redirect warnings to stderr will show the warning on the console and only the json output is on stdout.
2018-01-11 09:55:43 +01:00
Stéphane Lesimple a09a5ba38f bump to v0.25 to reflect changes 2018-01-11 09:08:29 +01:00