peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2025-10-31 04:30:57 +01:00
Code Issues Projects Releases Wiki Activity
566 Commits 2 Branches 46 Tags
d98be1175d14da075ab877cb692a05a15f5a3835
Commit Graph

509 Commits

Author SHA1 Message Date
Luis Ponce
96798b1932 chore: add SPDX GPL-3.0 license identifier (#245) 
The spectre-meltdown-checker.sh file is missing licensing information.
The SPDX identifier is a legally binding shorthand, which can be
used instead of the full boiler plate text.
 2018-09-15 15:33:41 +02:00
Stéphane Lesimple
687ce1a7fa fix: load cpuid module if absent even when /dev/cpu/0/cpuid is there 2018-09-08 23:15:50 +02:00
Stéphane Lesimple
80e0db7cc4 fix: don't show erroneous ucode version when latest version is unknown (fixes #238) 2018-08-28 20:51:46 +02:00
David Guglielmi
e8890ffac6 feat(config): support for genkernel kernel config file (#239) 
Add support for distributions using genkernel.
 2018-08-28 20:24:37 +02:00
Karsten Weiss
afb36c519d Fix typo: 'RBS filling' => 'RSB filling' (#237) 2018-08-18 12:05:17 +02:00
Stéphane Lesimple
0009c0d473 fix: --batch now implies --no-color to avoid colored warnings 2018-08-18 12:04:18 +02:00
Stéphane Lesimple
dd67fd94d7 feat: add FLUSH_CMD MSR availability detection (part of L1TF mitigation) 2018-08-16 19:05:09 +02:00
Stéphane Lesimple
339ad31757 fix: add missing l1tf CPU vulnerability display in hw section 2018-08-16 15:19:29 +02:00
Stéphane Lesimple
794c5be1d2 feat: add optional git describe support to display inter-release version numbers 2018-08-16 15:18:47 +02:00
Stéphane Lesimple
a7afc585a9 fix several incorrect ucode version numbers 2018-08-16 10:51:55 +02:00
Stéphane Lesimple
fc1dffd09a feat: implement detection of latest known versions of intel microcodes 2018-08-15 12:53:49 +02:00
Stéphane Lesimple
e942616189 feat: initial support for L1TF 2018-08-15 12:05:08 +02:00
Stéphane Lesimple
360be7b35f fix: hide arch_capabilities_msr_not_read warning under !intel 2018-08-13 15:42:56 +02:00
Stéphane Lesimple
5f59257826 bump to v0.39 2018-08-13 15:33:03 +02:00
Stéphane Lesimple
92d59cbdc1 chore: adjust some comments, add 2 missing inits 2018-08-11 10:31:10 +02:00
Stéphane Lesimple
4747b932e7 feat: add detection of RSBA feature bit and adjust logic accordingly 2018-08-10 10:26:23 +02:00
Stéphane Lesimple
860023a806 fix: ARCH MSR was not read correctly, preventing proper SSB_NO and RDCL_NO detection 2018-08-10 10:26:23 +02:00
Stéphane Lesimple
ab67a9221d feat: read/write msr now supports msr-tools or perl as dd fallback 2018-08-10 10:26:23 +02:00
0x9fff00
f4592bf3a8 Add Arch armv5/armv7 kernel image location (#227) 2018-08-09 22:13:30 +02:00
Stéphane Lesimple
be15e47671 chore: setting master to v0.38+ 2018-08-09 14:25:22 +02:00
Nathan Parsons
d3481d9524 Add support for the kernel being within a btrfs subvolume (#226) 
- /boot may be within a named root subvolume (eg. "/@/boot")
- /boot may be in its own subvolume (eg. "/@boot")
 2018-08-09 14:00:35 +02:00
Stéphane Lesimple
21af561148 bump to v0.38 2018-08-07 10:55:50 +02:00
Stéphane Lesimple
cb740397f3 feat(arm32): add spectrev1 mitigation detection 2018-08-07 10:42:03 +02:00
Stéphane Lesimple
84195689af change: default to --no-explain, use --explain to get detailed mitigation help 2018-08-04 16:31:41 +02:00
Stéphane Lesimple
b637681fa8 fix: debug output: msg inaccuracy for ARM checks 2018-08-04 16:19:54 +02:00
Stéphane Lesimple
9316c30577 fix: armv8: models < 0xd07 are not vulnerable 2018-08-04 16:19:54 +02:00
Lily Wilson
f9dd9d8cb9 add guess for archlinuxarm aarch64 kernel image on raspberry pi 3 (#222) 2018-08-01 00:15:52 +02:00
Stéphane Lesimple
0f0d103a89 fix: correctly init capabilities_ssb_no var in all cases 2018-07-26 10:18:14 +02:00
Stéphane Lesimple
b262c40541 fix: remove spurious character after an else statement 2018-07-25 21:55:50 +02:00
Stéphane Lesimple
cc2910fbbc fix: read_cpuid: don't use iflag=skip_bytes for compat with old dd versions 
This closes #215 #199 #193
 2018-07-23 09:12:30 +02:00
manish jaggi
30c4a1f6d2 arm64: cavium: Add CPU Implementer Cavium (#216) 
This patch adds 0x43 check for cavium implementor id in function
parse_cpu_details. Also adds that Cavium Soc is not vulnerable to variant 3/3a

Signed-off-by: Manish Jaggi <manish.jagg@cavium.com>
 2018-07-22 19:06:19 +02:00
Stéphane Lesimple
cf06636a3f fix: prometheus output: use printf for proper \n interpretation (#204) 2018-06-21 23:35:51 +02:00
Stéphane Lesimple
60077c8d12 fix(arm): rewrite vuln logic from latest arm statement for Cortex A8 to A76 2018-06-21 23:24:18 +02:00
Rob Gill
c181978d7c fix(arm): Updated arm cortex status (#209) 
* Cortex A8 Vulnerable

Arm Cortex A8 is vulnerable to variants 1 & 2  (https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability)

Part number is 0xc08 (https://developer.arm.com/docs/ddi0344/b/system-control-coprocessor/system-control-coprocessorregisters/c0-main-id-register)

False negative reported by @V10lator in #206

* ARM Cortex A12 Vulnerable to 1&2

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

* A76 vulnerable to variant 4

All arch 8 cortex A57-A76 are vulnerable to variant 4.

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

* Whitelist variant4 nonvuln Arms

* ARM Cortex Whitelist & Cumulative Blacklist

Applies all information about vulnerabilities of ARM Cortex processors (from https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability).

Whitelist & blacklist approach, using both vulnerable and non vulnerable status for each identified CPU, with vulnerabilities tracked cumulatively for multi CPU systems.
 2018-06-16 12:14:39 +02:00
Rob Gill
5962d20ba7 fix(variant4): whitelist from common.c::cpu_no_spec_store_bypass (#202) 
* variant4 from common.c::cpu_no_spec_store_bypass

Variant 4 - Add function to 'whitelist' the hand-full of CPUs unaffected by speculative store bypass. 

This would allow improved determination of variant 4 status ( #189 ) of immune CPUs while waiting for the 4.17/stable patches to be backported to distro kernels.

Source of cpu list : https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/common.c#n945)
Modeled after is_cpu_specex_free()

* amd families fix

amd families are reported by parse_cpu_details() in decimal

* remove duplicates

Only list processors which speculate and are immune to variant 4.
Avoids duplication with non-speculating CPUs listed in is_cpu_specex_free()
 2018-05-27 15:14:29 +02:00
Rob Gill
17a3488505 fix(help): add missing references to variants 3a & 4 (#201) 2018-05-24 16:35:57 +02:00
Stéphane Lesimple
e54e8b3e84 chore: remove warning in README, fix display indentation 2018-05-24 16:32:53 +02:00
Stéphane Lesimple
39c778e3ac fix(amd): AMD families 0x15-0x17 non-arch MSRs are a valid way to control SSB 2018-05-23 23:08:07 +02:00
Stéphane Lesimple
2cde6e4649 feat(ssbd): add detection of proper CPUID bits on AMD 2018-05-23 22:50:52 +02:00
Stéphane Lesimple
f4d51e7e53 fix(variant4): add another detection way for Red Hat kernel 2018-05-23 22:47:54 +02:00
Stéphane Lesimple
85d46b2799 feat(variant4): add more detailed explanations 2018-05-23 21:08:58 +02:00
Stéphane Lesimple
61e02abd0c feat(variant3a): detect up to date microcode 2018-05-23 21:08:08 +02:00
Stéphane Lesimple
114756fab7 fix(amd): not vulnerable to variant3a 2018-05-23 20:38:43 +02:00
Rob Gill
ea75969eb7 fix(help): Update variant options in usage message (#200) 2018-05-22 15:54:25 +02:00
Stéphane Lesimple
ca391cbfc9 fix(variant2): correctly detect IBRS/IBPB in SLES kernels 2018-05-22 12:06:46 +02:00
Stéphane Lesimple
68af5c5f92 feat(variant4): detect SSBD-aware kernel 2018-05-22 12:05:46 +02:00
Stéphane Lesimple
f75cc0bb6f feat(variant4): add sysfs mitigation hint and some explanation about the vuln 2018-05-22 09:39:11 +02:00
Stéphane Lesimple
f33d65ff71 feat(variant3a): add information about microcode-sufficient mitigation 2018-05-22 09:38:29 +02:00
Stéphane Lesimple
725eaa8bf5 feat(arm): adjust vulnerable ARM CPUs for variant3a and variant4 2018-05-22 09:19:29 +02:00
Stéphane Lesimple
c6ee0358d1 feat(variant4): report SSB_NO CPUs as not vulnerable 2018-05-22 09:18:30 +02:00