peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2025-10-31 12:40:57 +01:00
Code Issues Projects Releases Wiki Activity
566 Commits 2 Branches 46 Tags
d98be1175d14da075ab877cb692a05a15f5a3835
Commit Graph

509 Commits

Author SHA1 Message Date
speed47
d98be1175d update: fwdb from v344+i20250811+1523 to v344+i20250811+b85d, 2 microcode changes 2025-10-29 09:47:28 +00:00
Gabriel Francisco
a8466b74fe fix CVE-2017-5715 reporting when IBRS_FW is enabled 2025-10-27 08:42:51 +01:00
speed47
b99be2363c update: fwdb from v296+i20240514+988c to v344+i20250811+1523, 128 microcode changes 2025-10-26 22:08:07 +01:00
Stéphane Lesimple
c2c60e0161 chore: fix recent shellcheck warnings 2025-10-25 20:48:38 +02:00
Jörg Sommer
bae43d8370 Replace head -1 by head -n1 
The info page of GNU head says:

> For compatibility 'head' also supports an obsolete option syntax
> '-[NUM][bkm][cqv]', [...] Scripts intended for standard hosts should use
> '-c NUM' or '-n NUM' instead.

At least busybox's head does not support the `-NUM` syntax.
 2025-10-25 20:45:24 +02:00
Stéphane Lesimple
34c6095912 fix: Linux 6.9+ changed some config options names (#490) 
Issue #490 is about retpoline but other options have also changed,
as reported by a comment on the issue, this commit fixes these
other options:

Breno Leitao (10):
      x86/bugs: Rename CONFIG_GDS_FORCE_MITIGATION => CONFIG_MITIGATION_GDS_FORCE
      x86/bugs: Rename CONFIG_CPU_IBPB_ENTRY       => CONFIG_MITIGATION_IBPB_ENTRY
      x86/bugs: Rename CONFIG_CALL_DEPTH_TRACKING  => CONFIG_MITIGATION_CALL_DEPTH_TRACKING
      x86/bugs: Rename CONFIG_PAGE_TABLE_ISOLATION => CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
      x86/bugs: Rename CONFIG_RETPOLINE            => CONFIG_MITIGATION_RETPOLINE
      x86/bugs: Rename CONFIG_SLS                  => CONFIG_MITIGATION_SLS
      x86/bugs: Rename CONFIG_CPU_UNRET_ENTRY      => CONFIG_MITIGATION_UNRET_ENTRY
      x86/bugs: Rename CONFIG_CPU_IBRS_ENTRY       => CONFIG_MITIGATION_IBRS_ENTRY
      x86/bugs: Rename CONFIG_CPU_SRSO             => CONFIG_MITIGATION_SRSO
      x86/bugs: Rename CONFIG_RETHUNK              => CONFIG_MITIGATION_RETHUNK
 2024-08-04 15:15:45 +02:00
Ivan Zahariev
388d44edbd Fix Retpoline detection for Linux 6.9+ (issue #490) 2024-08-04 13:41:01 +02:00
Stéphane Lesimple
bd0c7c94b5 fix: typo introduced by #483, fixes #486 2024-05-18 13:01:48 +02:00
Stéphane Lesimple
d70e4c2974 fwdb: update to v296+i20240514+988c 2024-05-18 13:01:48 +02:00
Stéphane Lesimple
4e29fb5a21 fix: ucode_platformid_mask is hexa (fixes #485) 2024-02-15 17:27:12 +01:00
Stephane Lesimple
0f2edb1a71 feat: blacklist some more microcodes (fixes #475) 2024-01-09 18:54:39 +01:00
Stephane Lesimple
8ac2539a2a fix: microcode check now supports pf_mask (fixes #482) 2024-01-09 17:05:18 +01:00
Stéphane Lesimple
97f4d5f2bc feat(reptar): add detection and mitigation of Reptar 2024-01-09 15:38:16 +01:00
Stéphane Lesimple
9b7b09ada3 fix(inception): continued mitigation detection 2023-08-25 18:50:53 +02:00
Sébastien Mériot
c94811e63d fix(inception): Zen1/2 results based on kernel mitigations 2023-08-25 18:50:53 +02:00
Sébastien Mériot
ecee75716e feat(inception): kernel checks + sbpb support detection 2023-08-25 18:50:53 +02:00
Sébastien Mériot
fb6933dc64 feat(inception): Zen1/2 IBPB and SMT checks 2023-08-25 18:50:53 +02:00
Stéphane Lesimple
dc6921a1ac feat(inception): handle sysfs interface 2023-08-25 18:50:53 +02:00
Sébastien Mériot
3167762cfd feat(inception): start supporting AMD inception 2023-08-25 18:50:53 +02:00
Stéphane Lesimple
44223c5308 fix: bsd: kernel version detection 2023-08-11 18:41:35 +02:00
Stéphane Lesimple
dbe208fc48 enh: downfall: detect kernel mitigation without sysfs 2023-08-11 18:10:27 +02:00
Stéphane Lesimple
aca4e2a9b1 enh: move root warning to the bottom 2023-08-11 18:10:27 +02:00
Sébastien Mériot
c1c1ac4dbb feat(downfall): detection of the kernel mitigation relying on dmesg 2023-08-10 11:14:40 +02:00
Stéphane Lesimple
ba0daa6769 feat: downfall: add kernel soft mitigation support check 2023-08-10 11:14:40 +02:00
Sébastien Mériot
227c0aab1e feat(downfall): add downfall checks 2023-08-10 11:14:40 +02:00
Stéphane Lesimple
8ba3751cf7 fwdb: update to latest Intel ucode versions 2023-08-09 10:35:08 +02:00
Stéphane Lesimple
cbe8ba10ce fix: inteldb: cpuid 0x00090660 and 0x000A0680 2023-07-30 13:21:38 +02:00
Stéphane Lesimple
9c2587bca5 enh: when CPUID can't be read, built it by ourselves 2023-07-30 12:21:12 +02:00
Stéphane Lesimple
2a5ddc87bf feat: add Intel known affected processors DB 2023-07-30 12:21:12 +02:00
Stéphane Lesimple
2ef6c1c80e enh: factorize file download func 2023-07-28 20:03:16 +02:00
Stéphane Lesimple
3c224018f4 chore: update disclaimer and FAQ 2023-07-28 20:03:16 +02:00
Stéphane Lesimple
b8f8c81d51 release v0.46 2023-07-26 18:07:02 +02:00
Stéphane Lesimple
f34dd5fa7b enh: assume CPU is immune to Zenbleed regardless of vendor except AMD 
This contradicts our usual "if we don't know, consider vulnerable" motto,
but as this vuln is extremely specific (which is not the case for the Spectre
range of vulnerabilities, for example), this is the correct approach here.
 2023-07-26 17:54:44 +02:00
Stéphane Lesimple
c0869d7341 enh: zenbleed: give a manual mitigation in --explain 2023-07-26 16:38:02 +02:00
Stéphane Lesimple
e99a548dcc fix: fms2cpuid was incorrect for families > 0xF 2023-07-26 14:33:11 +02:00
Stéphane Lesimple
3d475dfaec feat: fwdb: add linux-firmware as AMD source, update fwdb accordingly 2023-07-26 13:57:05 +02:00
Stéphane Lesimple
cba5010c2a chore: fix typo 2023-07-26 13:57:05 +02:00
Stéphane Lesimple
c5661f098f enh: add --explain text for Zenbleed 2023-07-26 10:56:45 +02:00
Stéphane Lesimple
6844c01242 enh: add zenbleed support to the --variant option 2023-07-26 10:46:38 +02:00
ShadowCurse
0811f28ac6 fix: arm is not affected by zenbleed 2023-07-25 19:59:59 +02:00
Stéphane Lesimple
9bb79a18eb feat: add Zenbleed (CVE-2023-20593) and update fwdb to v270+i20230614 2023-07-25 17:54:59 +02:00
George Cherian
0d93c6ffb4 feat: arm: add Neoverse-N2 and Neoverse-V2 
Signed-off-by: George Cherian <george.cherian@marvell.com>
 2023-06-18 12:19:02 +02:00
Stéphane Lesimple
6a61df200e update: fwdb to v266+i20230512 2023-05-13 10:27:03 +02:00
ShadowCurse
e4b313fe79 feat: arm: add Neoverse-V1 2023-04-22 11:17:06 +02:00
Hilton Chain
60c71ccb7a Add support for Guix System kernel. 2023-02-24 20:58:45 +01:00
Stéphane Lesimple
48abeb5950 fix: bad exitcode with --update-fwdb due to trap exit 2023-02-24 20:57:43 +01:00
Stéphane Lesimple
3c988cc73a fix: rewrite SQL to be sqlite3 >= 3.41 compatible 
closes #443
 2023-02-24 20:54:40 +01:00
glitsj16
bea5cfc3b8 Fix typo: /devnull file created in filesystem 2023-02-24 19:42:16 +01:00
Stéphane Lesimple
b68ebe67f2 fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430) 2022-03-30 09:10:55 +02:00
Stéphane Lesimple
a6c943d38f release v0.45 2022-03-27 12:41:17 +02:00