Stéphane Lesimple
07484d0ea7
add dump of variables at end of script in debug mode
2018-04-04 23:58:15 +02:00
Stéphane Lesimple
a8b557b9e2
fix(cpu): skip CPU checks if asked to (--no-hw) or if inspecting a kernel of another architecture
2018-04-03 19:36:28 +02:00
Stéphane Lesimple
619b2749d8
fix(sysfs): only check for sysfs for spectre2 when in live mode
2018-04-03 19:32:36 +02:00
Stéphane Lesimple
94857c983d
update readme
2018-04-03 16:00:36 +02:00
Stéphane Lesimple
056ed00baa
feat(arm): detect spectre variant 1 mitigation
2018-04-03 15:52:25 +02:00
Stéphane Lesimple
aef99d20f3
fix(pti): when PTI activation is unknown, don't say we're vulnerable
2018-04-03 12:45:17 +02:00
Stéphane Lesimple
e2d7ed2243
feat(arm): support for variant2 and meltdown mitigation detection
2018-04-01 17:50:18 +02:00
Stéphane Lesimple
eeaeff8ec3
set version to v0.36+ for master branch between releases
2018-04-01 17:45:01 +02:00
Stéphane Lesimple
f5269a362a
feat(bsd): add retpoline detection for BSD
2018-04-01 17:42:29 +02:00
Stéphane Lesimple
f3883a37a0
fix(xen): adjust message for DomUs w/ sysfs
2018-03-31 13:44:04 +02:00
Stéphane Lesimple
b6fd69a022
release: v0.36
2018-03-27 23:08:38 +02:00
Stéphane Lesimple
7adb7661f3
enh: change colors and use red only to report vulnerability
2018-03-25 18:15:08 +02:00
Stéphane Lesimple
c7892e3399
update README.md
2018-03-25 14:18:39 +02:00
Stéphane Lesimple
aa74315df4
feat: speed up kernel version detection
2018-03-25 13:42:19 +02:00
Stéphane Lesimple
0b8a09ec70
fix: mis adjustments for BSD compat
2018-03-25 13:26:00 +02:00
Stéphane Lesimple
b42d8f2f27
fix(write_msr): use /dev/zero instead of manually echoing zeroes
2018-03-25 12:53:50 +02:00
Stéphane Lesimple
f191ec7884
feat: add --hw-only to only show CPU microcode/cpuid/msr details
2018-03-25 12:48:37 +02:00
Stéphane Lesimple
28da7a0103
misc: message clarifications
2018-03-25 12:48:03 +02:00
Stéphane Lesimple
ece25b98a1
feat: implement support for NetBSD/FreeBSD/DragonFlyBSD
2018-03-25 12:28:02 +02:00
Stéphane Lesimple
889172dbb1
feat: add special extract_vmlinux mode for old RHEL kernels
2018-03-25 11:55:44 +02:00
Stéphane Lesimple
37ce032888
fix: bypass MSR/CPUID checks for non-x86 CPUs
2018-03-25 11:55:44 +02:00
Stéphane Lesimple
701cf882ad
feat: more robust validation of extracted kernel image
2018-03-25 11:55:44 +02:00
Stéphane Lesimple
6a94c3f158
feat(extract_vmlinux): look for ELF magic in decompressed blob and cut at found offset
2018-03-25 11:55:42 +02:00
Stéphane Lesimple
2d993812ab
feat: add --prefix-arch for cross-arch kernel inspection
2018-03-25 11:55:10 +02:00
Stéphane Lesimple
4961f8327f
fix(ucode): fix blacklist detection for some ucode versions
2018-03-19 12:09:39 +01:00
Alex
ecdc448531
Check MSR in each CPU/Thread ( #136 )
2018-03-17 17:17:15 +01:00
Stéphane Lesimple
12ea49fe0c
fix(kvm): properly detect PVHVM mode ( fixes #163 )
2018-03-16 18:29:58 +01:00
Stéphane Lesimple
053f1613de
fix(doc): use https:// URLs in the script comment header
2018-03-16 18:24:59 +01:00
Stéphane Lesimple
bda18d04a0
fix: pine64: re-add vmlinuz location and some error checks
2018-03-10 16:02:44 +01:00
Stéphane Lesimple
2551295541
doc: use https URLs
2018-03-10 15:20:07 +01:00
Stéphane Lesimple
d5832dc1dc
feat: add ELF magic detection on kernel image blob for some arm64 systems
2018-03-10 14:57:25 +01:00
Stéphane Lesimple
d2f46740e9
feat: enhance kernel image version detection for some old kernels
2018-03-10 14:57:25 +01:00
Sam Morris
2f6a6554a2
Produce output for consumption by prometheus-node-exporter
...
A report of all vulnerable machines to be produced with a query such as:
spexec_vuln_status{status!="OK"}
2018-02-27 11:08:39 +01:00
Stéphane Lesimple
30842dd9c0
release: bump to v0.35
2018-02-16 10:35:49 +01:00
Stéphane Lesimple
b4ac5fcbe3
feat(variant2): better explanation when kernel supports IBRS but CPU does not
2018-02-16 10:34:01 +01:00
Stéphane Lesimple
fef380d66f
feat(readme): add quick run section
2018-02-15 21:19:49 +01:00
Stéphane Lesimple
55a6fd3911
feat(variant1): better detection for Red Hat/Ubuntu patch
2018-02-15 21:19:49 +01:00
Sylvestre Ledru
35c8a63de6
Remove the color in the title
2018-02-15 20:21:00 +01:00
Stéphane Lesimple
5f914e555e
fix(xen): declare Xen's PTI patch as a valid mitigation for variant3
2018-02-14 14:24:55 +01:00
Stéphane Lesimple
66dce2c158
fix(ucode): update blacklisted ucodes list from latest Intel info
2018-02-14 14:14:16 +01:00
Calvin Walton
155cac2102
Teach checker how to find kernels installed by systemd kernel-install
2018-02-10 20:51:33 +01:00
Stéphane Lesimple
22cae605e1
fix(retpoline): remove the "retpoline enabled" test
...
This test worked for some early versions of the retpoline
implementation in vanilla kernels, but the corresponding
flag has been removed from /proc/cpuinfo in latest kernels.
The full information is available in /sys instead, which
was already implemented in the script.
2018-02-09 20:12:33 +01:00
Stéphane Lesimple
eb75e51975
fix(ucode): update list of blacklisted ucodes from 2018-02-08 Intel document
...
Removed 2 ucodes and added 2 other ones
2018-02-09 19:56:27 +01:00
積丹尼 Dan Jacobson
253e180807
Update spectre-meltdown-checker.sh
...
Dots better than colon for indicating waiting.
2018-02-06 19:02:56 +01:00
Stéphane Lesimple
5d6102a00e
enh: show kernel version in offline mode
2018-02-02 11:27:04 +01:00
Stéphane Lesimple
a2dfca671e
feat: detect disrepancy between found kernel image and running kernel
2018-02-02 11:13:54 +01:00
Stéphane Lesimple
36bd80d75f
enh: speedup by not decompressing kernel on --sysfs-only
2018-02-02 11:13:31 +01:00
Stéphane Lesimple
1834dd6201
feat: add skylake era cpu detection routine
2018-02-02 11:12:10 +01:00
Stéphane Lesimple
3d765bc703
enh: lazy loading of cpu informations
2018-02-02 11:11:51 +01:00
Stéphane Lesimple
07afd95b63
feat: better cleanup routine on exit & interrupt
2018-02-02 11:09:36 +01:00
