spectre-meltdown-checker

Commit Graph

Author	SHA1	Message	Date
Stéphane Lesimple	a343bccb49	bump to v0.43	3 years ago
Stéphane Lesimple	1f604c119b	fix var typo	3 years ago
Stéphane Lesimple	bfed3187a6	fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a	3 years ago
Stéphane Lesimple	0cd7e1164f	feat: detect vanilla 5.4+ locked down mode	3 years ago
Stéphane Lesimple	71129d6b48	fix: tsx: rtm feature bit is in EBX(11)	3 years ago
Stéphane Lesimple	6e799e8b01	fix: mcepsc: fix logic error on non-speculative CPUs that prevented detection of MCEPSC immunity	3 years ago
Stéphane Lesimple	4993b04922	fix: taa: CPUs having TAA_NO bit set are not vulnerable	3 years ago
Stéphane Lesimple	4fc2afe1bc	feat: add TSX_CTRL MSR detection in hardware info	3 years ago
Stéphane Lesimple	bd47275501	feat: add detection of iTLB Multihit vuln/mitigation (CVE-2018-12207)	3 years ago
Stéphane Lesimple	8ddf6b2d6d	enh: replace shell wildcard by a find to avoid potiental error (list of args too long)	3 years ago
Stéphane Lesimple	16b6490ffc	chore: avoid ${var:-]} syntax, badly confusing vim's syntax highlighter	3 years ago
Stéphane Lesimple	18df38fae6	fix: sgx: on locked down kernels, fallback to CPUID bit for detection on locked down kernels (Fedora / Red Hat feature that prevents writing to MSRs from userspace, even if root), we can't write to FLUSH_CMD MSR to verify that it's present. So fallback to checking the existence of the L1D flush CPUID feature bit to infer that the microcode has been updated in a recent enough version that also mitigates SGX (fixes for both issues have been included in the same microcode updates for all Intel CPUs)	3 years ago
Stéphane Lesimple	a306757c22	fix: detect Red Hat locked down kernels (impacts MSR writes)	3 years ago
Stéphane Lesimple	e01f97ee75	fix: fwdb: don't use local db if it's older than our builtin version	3 years ago
Stéphane Lesimple	fa7f814f4f	chore: rename mcedb cmdline parameters to fwdb	3 years ago
Stéphane Lesimple	bb32a16a86	update fwdb to v130.20191104+i20191027	3 years ago
Stéphane Lesimple	8c84c0ba17	enh: fwdb: use both Intel GitHub repo and MCEdb to build our database	3 years ago
Stéphane Lesimple	6abe1bc62b	enh: kernel decompression: better tolerance over missing tools fixes #297	3 years ago
Stéphane Lesimple	5ca7fe91ff	fix: pteinv: don't check kernel image if not available	3 years ago
Stéphane Lesimple	4ba68fba74	fix: silence useless error from grep (fixes #322 )	3 years ago
Stéphane Lesimple	59ad312773	fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316 )	3 years ago
Stéphane Lesimple	418533c47e	chore: remove LICENSE file, SPDX id is enough	3 years ago
Stéphane Lesimple	3e757b6177	chore: add github check workflow	3 years ago
Stéphane Lesimple	f724f94085	enh: kernel: autodetect customized arch kernels from cmdline	3 years ago
Stéphane Lesimple	dcf540888d	enh: mock: implement reading from /proc/cmdline	3 years ago
Stéphane Lesimple	9911c243b2	feat: use --live with --kernel/--config/--map to override file detection in live mode	3 years ago
Stéphane Lesimple	cb279a49ec	enh(taa): more complete version	3 years ago
Stéphane Lesimple	c100ce4c0d	mcedb: update from v112 to v130	3 years ago
Stéphane Lesimple	4741b06160	fix: batch mode for TAA	3 years ago
Stéphane Lesimple	e0a1c2ec77	fix shellcheck warnings	3 years ago
Agata Gruza	c18b88d745	Fixing typo	3 years ago
Agata Gruza	d623524342	Added support for TAA related vulnerabilities	3 years ago
Stéphane Lesimple	f5ec320fe5	enh: rework the vuln logic of MDS with --paranoid (fixes #307 )	3 years ago
Stéphane Lesimple	cc224c0522	fix: mocking value for read_msr we were returning the mocking value before actually setting it. also remove spaces around the returned value (no behavior change)	3 years ago
Corey Wright	0518604fe6	Use kernel_err to avoid misreporting missing Linux kernel image When checking for CVE-2017-5715 (i.e. `check_CVE_2017_5715_linux()`), if we can't inspect (with `readelf`) or decompress the Linux kernel image, then we report there is no kernel image (i.e. `we need the kernel image` or `kernel image missing`, respectively), which confuses users when the associated file exists. Instead use `kernel_err` to provide a correct and detailed description of the problem (e.g. `missing '...' tool, please install it, usually it's in the '...' package`), so the user can take the prescribed action.	3 years ago
Erik Zettel	d57fecec91	spectre-meltdown-checker.sh: fix typos	3 years ago
Stéphane Lesimple	f835f4d07d	Explain that Enhanced IBRS is better for performance than classic IBRS	3 years ago
Agata Gruza	482d6c200a	Enhanced IBRS capabilities There are two flavors of IBRS: plain and enhanced. This patch tells which flavor of IBRS is in use.	3 years ago
David Guglielmi	91d0699029	update MCEdb from v111 to v112	3 years ago
Stéphane Lesimple	fcc4ff4de2	update MCEdb from v110 to v111, bump to v0.42	3 years ago
Stéphane Lesimple	0bd38ddda0	enh: -v -v now implies --dump-mock-data	3 years ago
Stéphane Lesimple	e83dc818cd	feat(mds): implement FreeBSD mitigation detection	3 years ago
Stéphane Lesimple	d69ea67101	feat(mock): add --dump-mock-data	3 years ago
Stéphane Lesimple	dfe0d10f2a	fix(mds): remove useless display of MD_CLEAR info in non-hw section	3 years ago
Stéphane Lesimple	58a5acfdbb	fix(bsd): read_msr returned data in an incorrect format	3 years ago
Stéphane Lesimple	ccb4dbef7c	enh(mock): avoid reading the sysfs interface outside sys_interface_check() for higher mocking coverage	3 years ago
Stéphane Lesimple	afbb26277f	feat(mock): add mocking functionality to help reproducing issues under specific CPUs	3 years ago
Stéphane Lesimple	77b34d48c6	fix(mds): check MDS_NO bit in is_cpu_mds_free()	3 years ago
Stéphane Lesimple	497efe6a82	fix(l1tf): RDCL_NO bit didn't take precedence for vulnerability check on some Intel CPUs	3 years ago
Stéphane Lesimple	62b46df4e7	fix(l1tf): remove libvirtd from hypervisor detection (#278 )	3 years ago

1 2 3 4 5 ...

454 Commits (v0.43) All Branches Search

454 Commits (v0.43)

All Branches