Thomas Merz
f422c8f512
Issue 429: analyse/lint and format script
...
👷 add a fancy GitHub action for 'shellcheck' and 'shfmt'
👷 moved 'shellcheck' and 'check indentation' to new GitHub Action
🚨 fix 'shellcheck' warnings
🚨 fix 'shfmt' warnings
2022-03-30 15:43:31 +02:00
Stéphane Lesimple
b68ebe67f2
fix: fwdb: ignore MCEdb versions where an official Intel version exists ( fixes #430 )
2022-03-30 09:10:55 +02:00
Stéphane Lesimple
a6c943d38f
release v0.45
v0.45
2022-03-27 12:41:17 +02:00
Stéphane Lesimple
dd162301ff
chore: update fwdb to v222+i20220208
2022-03-27 12:38:44 +02:00
Stéphane Lesimple
5f6471d9a4
feat: set default TMPDIR for Android ( #415 )
2022-03-27 12:31:05 +02:00
Stéphane Lesimple
2a5b965b98
feat: add --allow-msr-write, no longer write by default ( #385 ), detect when writing is denied
2022-03-24 12:37:19 +01:00
Stéphane Lesimple
ee266d43b7
chore: fix indentation
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
b61baa90df
feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
a98d92f8bc
chore: wording: model not vulnerable -> model not affected
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
b7c8c4115a
feat: implement detection for MCEPSC under BSD
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
4e7c52767d
chore: update Intel Family 6 models
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
8473d9ba6b
chore: ensure vars are set before being dereferenced (set -u compat)
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
0af4830224
fix: is_ucode_blacklisted: fix some model names
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
81a4329d71
feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
3679776f3c
chore: only attempt to load msr and cpuid module once
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
ba131fcd2f
chore: read_cpuid: use named constants
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
ae6bc31c2c
feat: hw check: add IPRED, RRSBA, BHI features check
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
6d7a6b3666
feat: add subleaf != 0 support for read_cpuid
2022-03-21 22:22:33 +01:00
Stéphane Lesimple
16f2160be5
chore: fwdb: update to v220+i20220208
2022-03-17 19:39:39 +01:00
Aditya-Tolikar
7cad9301b3
typo
...
'A' is more 'X' *than 'B'.
Previously: 'A' is more 'X' that 'B'.
2022-03-17 19:26:12 +01:00
Stéphane Lesimple
580549812a
fix: retpoline: detection on 5.15.28+ ( #420 )
2022-03-17 19:25:24 +01:00
Stéphane Lesimple
a485c7882a
doc: readme: make the FAQ entry more visible
2021-05-25 13:22:54 +02:00
Stéphane Lesimple
7d13f7a0ef
doc: add an FAQ entry about CVE support
2021-05-25 13:17:03 +02:00
Stéphane Lesimple
226b2375ab
chore: speculative execution -> transient execution
2021-05-25 12:39:51 +02:00
Stéphane Lesimple
052a3e66d1
doc: more FAQ and README
2021-05-25 12:31:30 +02:00
Stéphane Lesimple
05d862709d
fix: has_vmm false positive with pcp
...
Fix by matching the full procname with pgrep (-x),
so that the 'pmdakvm' process doesn't match.
Closes #394
2021-05-25 12:31:07 +02:00
Stéphane Lesimple
3846913899
fix: refuse to run under MacOS and ESXi
2021-05-24 22:42:23 +02:00
Stéphane Lesimple
a87ace1f98
doc: add an FAQ.md and update the README.md accordingly
2021-05-24 22:27:46 +02:00
Stéphane Lesimple
0ba71a443e
fix: mcedb: v191 changed the MCE table format
...
Also update the builtin db to v191+i20210217
Closes #400
2021-05-24 12:55:44 +02:00
Stéphane Lesimple
3a486e9985
arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
2021-04-02 15:38:31 +02:00
Stéphane Lesimple
23564cda5d
fix: variant4: added case where prctl ssbd status is tagged as 'unknown'
2021-04-02 15:38:31 +02:00
Stéphane Lesimple
0ea21d09bd
fix: extract_kernel: don't overwrite kernel_err if already set
...
Fixes #395
2021-04-02 15:33:02 +02:00
Stéphane Lesimple
08e30e156d
chore: readme: framapic is gone, host the screenshots on GitHub
2021-02-22 21:22:11 +01:00
Zhiyuan Dai
6d35e780f4
arm64: phytium: Add CPU Implementer Phytium
...
This patch adds 0x70 check for phytium implementer id in function
parse_cpu_details. Also adds that Phytium Soc is not vulnerable to variant 3/3a
2021-01-13 19:14:09 +01:00
Stéphane Lesimple
4ec3154be0
chore: replace 'Vulnerable to' by 'Affected by' in the hw section
...
This seems to be less confusing, suggested by #356
2020-11-10 18:56:25 +01:00
Stéphane Lesimple
843f26630d
feat: arm: add Cortex A77 and Neoverse-N1 ( fixes #371 )
2020-11-10 18:36:42 +01:00
Stéphane Lesimple
7fc2ec65b9
bump to v0.44
v0.44
2020-11-09 18:41:43 +01:00
Stéphane Lesimple
c8cdfd54da
chore: fwdb: update to v165.20201021+i20200616
2020-11-08 21:25:18 +01:00
Stéphane Lesimple
f0c33c7a32
fix: fwdb: use the commit date as the intel fwdb version
...
fixes #379
2020-11-08 21:25:18 +01:00
Stéphane Lesimple
9e874397da
chore: fwdb: update to v163.20200930+i20200904
2020-10-05 20:06:49 +02:00
Stéphane Lesimple
76cb73f3cb
fix: fwdb: update Intel's repository URL
2020-10-05 20:06:49 +02:00
Stéphane Lesimple
90f23d286e
chore: update fwdb to v160.20200912+i20200722
2020-09-14 21:45:09 +02:00
Stéphane Lesimple
e41e311a7f
feat: add zstd kernel decompression ( #370 )
2020-09-14 21:42:55 +02:00
Stéphane Lesimple
1f75f01630
fwdb: update MCEdb to v148 & Intel firmwares to 2020-04-27
2020-06-13 18:11:12 +02:00
Stéphane Lesimple
14a53b19da
chore: add CVE to the README
2020-06-10 00:07:14 +02:00
Stéphane Lesimple
d8f0ddd7a5
chore: fix indentation
2020-06-10 00:07:14 +02:00
Agata Gruza
62d3448a54
Added support for SRBDS related vulnerabilities
2020-06-10 00:07:14 +02:00
Stéphane Lesimple
cb6d139629
chore: tests: now expect 15 CVEs instead of 14 (fix)
2020-06-09 22:56:25 +02:00
Stéphane Lesimple
7e2db09ed9
chore: tests: now expect 15 CVEs instead of 14
2020-06-09 22:51:50 +02:00
Stéphane Lesimple
33cf1cde79
enh: arm: add experimental support for binary arm images
2020-06-06 17:29:32 +02:00