Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						e41e311a7f 
					 
					
						
						
							
							feat: add zstd kernel decompression ( #370 )  
						
						
						
						
					 
					
						2020-09-14 21:42:55 +02:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						1f75f01630 
					 
					
						
						
							
							fwdb: update MCEdb to v148 & Intel firmwares to 2020-04-27  
						
						
						
						
					 
					
						2020-06-13 18:11:12 +02:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						d8f0ddd7a5 
					 
					
						
						
							
							chore: fix indentation  
						
						
						
						
					 
					
						2020-06-10 00:07:14 +02:00 
						 
				 
			
				
					
						
							
							
								Agata Gruza 
							
						 
					 
					
						
						
							
						
						62d3448a54 
					 
					
						
						
							
							Added support for SRBDS related vulnerabilities  
						
						
						
						
					 
					
						2020-06-10 00:07:14 +02:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						33cf1cde79 
					 
					
						
						
							
							enh: arm: add experimental support for binary arm images  
						
						
						
						
					 
					
						2020-06-06 17:29:32 +02:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						4a3006e196 
					 
					
						
						
							
							fix: arm64: cve-2017-5753: kernels 4.19+ use a different nospec macro  
						
						
						
						
					 
					
						2020-06-06 17:29:32 +02:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						36f98eff95 
					 
					
						
						
							
							fwdb: update MCEdb to v147 & Intel firmwares to 2020-04-27  
						
						
						
						
					 
					
						2020-05-31 13:03:58 +02:00 
						 
				 
			
				
					
						
							
							
								xaitax 
							
						 
					 
					
						
						
							
						
						fa7b8f9567 
					 
					
						
						
							
							Typo  
						
						
						
						
					 
					
						2020-05-08 16:17:09 +02:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						3beefc2587 
					 
					
						
						
							
							enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode  
						
						
						
						
					 
					
						2020-03-10 22:29:54 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						27c36fdb80 
					 
					
						
						
							
							fwdb: update to v135.20200303+i20200205  
						
						
						
						
					 
					
						2020-03-10 22:29:39 +01:00 
						 
				 
			
				
					
						
							
							
								Matt Christian 
							
						 
					 
					
						
						
							
						
						3d21dae168 
					 
					
						
						
							
							Fixes for FreeBSD to parse CPU info.  
						
						
						
						
					 
					
						2020-02-06 19:56:35 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						7d2a510146 
					 
					
						
						
							
							chore: update fwdb to v132.20200108+i20191124  
						
						
						
						
					 
					
						2020-02-01 18:58:25 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						eec77e1ab9 
					 
					
						
						
							
							fix: fwdb update: remove Intel extract tempdir on exit  
						
						
						
						
					 
					
						2019-12-10 20:21:52 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						5633d374de 
					 
					
						
						
							
							fix: has_vmm: ignore kernel threads when looking for a hypervisor ( fixes   #278 )  
						
						
						
						
					 
					
						2019-12-10 19:10:45 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						a343bccb49 
					 
					
						
						
							
							bump to v0.43  
						
						
						
						
					 
					
						2019-12-08 15:37:17 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						1f604c119b 
					 
					
						
						
							
							fix var typo  
						
						
						
						
					 
					
						2019-12-08 15:25:54 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						bfed3187a6 
					 
					
						
						
							
							fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a  
						
						
						
						
					 
					
						2019-12-08 14:39:31 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						0cd7e1164f 
					 
					
						
						
							
							feat: detect vanilla 5.4+ locked down mode  
						
						
						
						
					 
					
						2019-12-06 23:03:36 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						71129d6b48 
					 
					
						
						
							
							fix: tsx: rtm feature bit is in EBX(11)  
						
						
						
						
					 
					
						2019-12-02 19:07:10 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						6e799e8b01 
					 
					
						
						
							
							fix: mcepsc: fix logic error on non-speculative CPUs that prevented detection of MCEPSC immunity  
						
						
						
						
					 
					
						2019-11-25 23:03:04 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						4993b04922 
					 
					
						
						
							
							fix: taa: CPUs having TAA_NO bit set are not vulnerable  
						
						
						
						
					 
					
						2019-11-25 21:14:54 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						4fc2afe1bc 
					 
					
						
						
							
							feat: add TSX_CTRL MSR detection in hardware info  
						
						
						
						
					 
					
						2019-11-25 20:58:49 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						bd47275501 
					 
					
						
						
							
							feat: add detection of iTLB Multihit vuln/mitigation (CVE-2018-12207)  
						
						
						
						
					 
					
						2019-11-25 19:13:09 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						8ddf6b2d6d 
					 
					
						
						
							
							enh: replace shell wildcard by a find to avoid potiental error (list of args too long)  
						
						
						
						
					 
					
						2019-11-24 17:26:13 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						16b6490ffc 
					 
					
						
						
							
							chore: avoid ${var:-]} syntax, badly confusing vim's syntax highlighter  
						
						
						
						
					 
					
						2019-11-24 17:26:13 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						18df38fae6 
					 
					
						
						
							
							fix: sgx: on locked down kernels, fallback to CPUID bit for detection  
						
						... 
						
						
						
						on locked down kernels (Fedora / Red Hat feature that prevents writing
to MSRs from userspace, even if root), we can't write to FLUSH_CMD MSR
to verify that it's present. So fallback to checking the existence of
the L1D flush CPUID feature bit to infer that the microcode has been
updated in a recent enough version that also mitigates SGX (fixes for
both issues have been included in the same microcode updates for all
Intel CPUs) 
						
						
					 
					
						2019-11-24 17:26:01 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						a306757c22 
					 
					
						
						
							
							fix: detect Red Hat locked down kernels (impacts MSR writes)  
						
						
						
						
					 
					
						2019-11-24 17:26:01 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						e01f97ee75 
					 
					
						
						
							
							fix: fwdb: don't use local db if it's older than our builtin version  
						
						
						
						
					 
					
						2019-11-24 17:25:41 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						fa7f814f4f 
					 
					
						
						
							
							chore: rename mcedb cmdline parameters to fwdb  
						
						
						
						
					 
					
						2019-11-24 17:25:41 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						bb32a16a86 
					 
					
						
						
							
							update fwdb to v130.20191104+i20191027  
						
						
						
						
					 
					
						2019-11-24 17:25:41 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						8c84c0ba17 
					 
					
						
						
							
							enh: fwdb: use both Intel GitHub repo and MCEdb to build our database  
						
						
						
						
					 
					
						2019-11-24 17:25:41 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						6abe1bc62b 
					 
					
						
						
							
							enh: kernel decompression: better tolerance over missing tools  
						
						... 
						
						
						
						fixes  #297  
					
						2019-11-23 16:43:00 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						5ca7fe91ff 
					 
					
						
						
							
							fix: pteinv: don't check kernel image if not available  
						
						
						
						
					 
					
						2019-11-23 14:01:56 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						4ba68fba74 
					 
					
						
						
							
							fix: silence useless error from grep ( fixes   #322 )  
						
						
						
						
					 
					
						2019-11-23 13:51:00 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						59ad312773 
					 
					
						
						
							
							fix: msr: fix msr module detection under Ubuntu 19.10 ( fixes   #316 )  
						
						
						
						
					 
					
						2019-11-19 22:35:08 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						3e757b6177 
					 
					
						
						
							
							chore: add github check workflow  
						
						
						
						
					 
					
						2019-11-18 11:28:20 -08:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						f724f94085 
					 
					
						
						
							
							enh: kernel: autodetect customized arch kernels from cmdline  
						
						
						
						
					 
					
						2019-11-17 13:36:52 -08:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						dcf540888d 
					 
					
						
						
							
							enh: mock: implement reading from /proc/cmdline  
						
						
						
						
					 
					
						2019-11-17 13:36:52 -08:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						9911c243b2 
					 
					
						
						
							
							feat: use --live with --kernel/--config/--map to override file detection in live mode  
						
						
						
						
					 
					
						2019-11-17 13:36:52 -08:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						cb279a49ec 
					 
					
						
						
							
							enh(taa): more complete version  
						
						
						
						
					 
					
						2019-11-13 01:07:10 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						c100ce4c0d 
					 
					
						
						
							
							mcedb: update from v112 to v130  
						
						
						
						
					 
					
						2019-11-12 21:19:03 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						4741b06160 
					 
					
						
						
							
							fix: batch mode for TAA  
						
						
						
						
					 
					
						2019-11-12 21:16:21 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						e0a1c2ec77 
					 
					
						
						
							
							fix shellcheck warnings  
						
						
						
						
					 
					
						2019-11-12 20:06:12 +01:00 
						 
				 
			
				
					
						
							
							
								Agata Gruza 
							
						 
					 
					
						
						
							
						
						c18b88d745 
					 
					
						
						
							
							Fixing typo  
						
						
						
						
					 
					
						2019-11-12 19:40:47 +01:00 
						 
				 
			
				
					
						
							
							
								Agata Gruza 
							
						 
					 
					
						
						
							
						
						d623524342 
					 
					
						
						
							
							Added support for TAA related vulnerabilities  
						
						
						
						
					 
					
						2019-11-12 19:40:47 +01:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						f5ec320fe5 
					 
					
						
						
							
							enh: rework the vuln logic of MDS with --paranoid ( fixes   #307 )  
						
						
						
						
					 
					
						2019-09-22 04:02:33 +02:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						cc224c0522 
					 
					
						
						
							
							fix: mocking value for read_msr  
						
						... 
						
						
						
						we were returning the mocking value before actually setting it.
also remove spaces around the returned value (no behavior change) 
						
						
					 
					
						2019-09-22 01:38:18 +02:00 
						 
				 
			
				
					
						
							
							
								Corey Wright 
							
						 
					 
					
						
						
							
						
						0518604fe6 
					 
					
						
						
							
							Use kernel_err to avoid misreporting missing Linux kernel image  
						
						... 
						
						
						
						When checking for CVE-2017-5715 (i.e. `check_CVE_2017_5715_linux()`),
if we can't inspect (with `readelf`) or decompress the Linux kernel
image, then we report there is no kernel image (i.e. `we need the
kernel image` or `kernel image missing`, respectively), which confuses
users when the associated file exists.
Instead use `kernel_err` to provide a correct and detailed description
of the problem (e.g. `missing '...' tool, please install it, usually
it's in the '...' package`), so the user can take the prescribed
action. 
						
						
					 
					
						2019-09-22 01:09:58 +02:00 
						 
				 
			
				
					
						
							
							
								Erik Zettel 
							
						 
					 
					
						
						
							
						
						d57fecec91 
					 
					
						
						
							
							spectre-meltdown-checker.sh: fix typos  
						
						
						
						
					 
					
						2019-09-20 23:50:52 +02:00 
						 
				 
			
				
					
						
							
							
								Stéphane Lesimple 
							
						 
					 
					
						
						
							
						
						f835f4d07d 
					 
					
						
						
							
							Explain that Enhanced IBRS is better for performance than classic IBRS  
						
						
						
						
					 
					
						2019-08-16 12:53:39 +02:00