rrobgill
172c04a78a
32 bit kernel suggestions
...
x86_32 PTI is still under development https://lkml.org/lkml/2018/4/16/561 , but is not yet available in the kernel.
"How to fix" for users of 32 bit kernels suggests recompiling kernel with options that are not yet available.
Added information for 32 bit kernel systems noting this, and suggesting investigating 64 bit kernels through their distro.
2018-04-30 20:31:24 +10:00
Onno Zweers
4acd0f647a
Suggestion to change VM to a CPU with IBRS capability
2018-04-20 20:35:12 +02:00
Stéphane Lesimple
fb52dbe7bf
set master branch to v0.37+
2018-04-20 20:34:42 +02:00
Stéphane Lesimple
edebe4dcd4
bump to v0.37
2018-04-18 23:51:45 +02:00
Stéphane Lesimple
83ea78f523
fix: arm: also detect variant 1 mitigation when using native objdump
2018-04-17 18:50:32 +02:00
Stéphane Lesimple
602b68d493
fix(spectrev2): explain that retpoline is possible for Skylake+ if there is RSB filling, even if IBRS is still better
2018-04-16 09:27:28 +02:00
Stéphane Lesimple
97bccaa0d7
feat: rephrase IBPB warning when only retpoline is enabled in non-paranoid mode
2018-04-16 09:13:25 +02:00
Stéphane Lesimple
68e619b0d3
feat: show RSB filling capability for non-Skylake in verbose mode
2018-04-16 09:08:25 +02:00
Stéphane Lesimple
a6f4475cee
feat: make IBRS_FW blue instead of green
2018-04-16 09:07:54 +02:00
Stéphane Lesimple
223f5028df
feat: add --paranoid to choose whether we require IBPB
2018-04-15 23:05:30 +02:00
Stéphane Lesimple
c0108b9690
fix(spectre2): don't explain how to fix when NOT VULNERABLE
2018-04-15 20:55:55 +02:00
Stéphane Lesimple
a3016134bd
feat: make RSB filling support mandatory for Skylake+ CPUs
2018-04-15 20:55:31 +02:00
Stéphane Lesimple
59d85b39c9
feat: detect RSB filling capability in the kernel
2018-04-15 20:55:01 +02:00
Stéphane Lesimple
baaefb0c31
fix: remove shellcheck warnings
2018-04-11 22:24:03 +02:00
Igor Lubashev
d452aca03a
fix: invalid bash syntax when ibpb_enabled or ibrs_enabled are empty
2018-04-11 10:29:42 +02:00
Stéphane Lesimple
10b8d94724
feat: detect latest Red Hat kernels' RO ibpb_enabled knob
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
8606e60ef7
refactor: no longer display the retoline-aware compiler test when we can't tell for sure
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
6a48251647
fix: regression in 51aeae25, when retpoline & ibpb are enabled
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
f4bf5e95ec
fix: typos
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
60eac1ad43
feat: also do PTI performance check with (inv)pcid for BSD
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
b3cc06a6ad
fix regression introduced by 82c25dc
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
5553576e31
feat(amd/zen): re-introduce IBRS for AMD except ZEN family
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
e16ad802da
feat(ibpb=2): add detection of SMT before concluding the system is not vulnerable
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
29c294edff
feat(bsd): explain how to mitigate variant2
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
59714011db
refactor: IBRS_ALL & RDCL_NO are Intel-only
2018-04-10 22:51:45 +02:00
Stéphane Lesimple
51e8261a32
refactor: separate hw checks for Intel & AMD
2018-04-10 22:49:28 +02:00
Stéphane Lesimple
2a4bfad835
refactor: add is_amd and is_intel funcs
2018-04-10 22:49:28 +02:00
Stéphane Lesimple
7e52cea66e
feat(spectre2): refined how status of this vuln is decided and more precise explanations on how to fix
2018-04-10 22:49:28 +02:00
Benjamin Bouvier
417d7aab91
Fix trailing whitespace and mixed indent styles;
2018-04-10 22:42:47 +02:00
Sylvestre Ledru
67bf761029
Fix some user facing typos with codespell -w -q3 .
2018-04-08 18:44:13 +02:00
Stéphane Lesimple
0eabd266ad
refactor: decrease default verbosity for some tests
2018-04-05 22:20:16 +02:00
Stéphane Lesimple
b77fb0f226
fix: don't override ibrs/ibpb results with later tests
2018-04-05 22:04:20 +02:00
Stéphane Lesimple
89c2e0fb21
fix(amd): show cpuinfo and ucode details
2018-04-05 21:39:27 +02:00
Stéphane Lesimple
b88f32ed95
feat: print raw cpuid, and fetch ucode version under BSD
2018-04-05 00:07:12 +02:00
Stéphane Lesimple
7a4ebe8009
refactor: rewrite read_cpuid to get more common code parts between BSD and Linux
2018-04-05 00:06:24 +02:00
Stéphane Lesimple
0919f5c236
feat: add explanations of what to do when a vulnerability is not mitigated
2018-04-05 00:03:04 +02:00
Stéphane Lesimple
de02dad909
feat: rework Spectre V2 mitigations detection w/ latest vanilla & Red Hat 7 kernels
2018-04-05 00:01:54 +02:00
Stéphane Lesimple
07484d0ea7
add dump of variables at end of script in debug mode
2018-04-04 23:58:15 +02:00
Stéphane Lesimple
a8b557b9e2
fix(cpu): skip CPU checks if asked to (--no-hw) or if inspecting a kernel of another architecture
2018-04-03 19:36:28 +02:00
Stéphane Lesimple
619b2749d8
fix(sysfs): only check for sysfs for spectre2 when in live mode
2018-04-03 19:32:36 +02:00
Stéphane Lesimple
94857c983d
update readme
2018-04-03 16:00:36 +02:00
Stéphane Lesimple
056ed00baa
feat(arm): detect spectre variant 1 mitigation
2018-04-03 15:52:25 +02:00
Stéphane Lesimple
aef99d20f3
fix(pti): when PTI activation is unknown, don't say we're vulnerable
2018-04-03 12:45:17 +02:00
Stéphane Lesimple
e2d7ed2243
feat(arm): support for variant2 and meltdown mitigation detection
2018-04-01 17:50:18 +02:00
Stéphane Lesimple
eeaeff8ec3
set version to v0.36+ for master branch between releases
2018-04-01 17:45:01 +02:00
Stéphane Lesimple
f5269a362a
feat(bsd): add retpoline detection for BSD
2018-04-01 17:42:29 +02:00
Stéphane Lesimple
f3883a37a0
fix(xen): adjust message for DomUs w/ sysfs
2018-03-31 13:44:04 +02:00
Stéphane Lesimple
b6fd69a022
release: v0.36
2018-03-27 23:08:38 +02:00
Stéphane Lesimple
7adb7661f3
enh: change colors and use red only to report vulnerability
2018-03-25 18:15:08 +02:00
Stéphane Lesimple
c7892e3399
update README.md
2018-03-25 14:18:39 +02:00