feat(inception): README

feat(inception): kernel checks + sbpb support detection
feat(inception): Zen1/2 IBPB and SMT checks
2025-12-15 15:23:55 +01:00 · 2023-08-14 16:43:10 +00:00 · 2023-08-14 16:37:51 +00:00 · 2023-08-14 09:34:48 +00:00 · 2023-08-12 12:19:05 +02:00 · 2023-08-11 17:21:01 +00:00
5 changed files with 966 additions and 1361 deletions
--- a/.github/workflows/autoupdate.yml
+++ b/.github/workflows/autoupdate.yml
@@ -1,34 +0,0 @@
-name: autoupdate
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '42 9 * * *'
-
-jobs:
-  autoupdate:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Install prerequisites
-        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends iucode-tool sqlite3 unzip
-      - name: Update microcode versions
-        run: ./spectre-meltdown-checker.sh --update-builtin-fwdb
-      - name: Check git diff
-        id: diff
-        run: |
-          echo change="$(git diff spectre-meltdown-checker.sh | awk '/MCEDB/ { if(V) { print V" to "$4; exit } else { V=$4 } }')" >> "$GITHUB_OUTPUT"
-          echo nbdiff="$(git diff spectre-meltdown-checker.sh | grep -cE -- '^\+# [AI],')" >> "$GITHUB_OUTPUT"
-          git diff
-          cat "$GITHUB_OUTPUT"
-      - name: Create Pull Request if needed
-        if: steps.diff.outputs.nbdiff != '0'
-        uses: peter-evans/create-pull-request@v7
-        with:
-          token: ${{ secrets.SMC_PR_PAT }}
-          branch: autoupdate-fwdb
-          commit-message: "update: fwdb from ${{ steps.diff.outputs.change }}, ${{ steps.diff.outputs.nbdiff }} microcode changes"
-          title: "[Auto] Update fwdb from ${{ steps.diff.outputs.change }}"
-          body: |
-            Automated PR to update fwdb from ${{ steps.diff.outputs.change }}
-            Detected ${{ steps.diff.outputs.nbdiff }} microcode changes
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -24,7 +24,7 @@ jobs:
        fi
    - name: check direct execution
      run: |
-        expected=19
+        expected=18
        nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
@@ -32,11 +32,11 @@ jobs:
        else
          echo "OK $nb CVEs reported"
        fi
-    - name: check docker compose run execution
+    - name: check docker-compose run execution
      run: |
-        expected=19
-        docker compose build
-        nb=$(docker compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
+        expected=18
+        docker-compose build
+        nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
          exit 1
@@ -45,7 +45,7 @@ jobs:
        fi
    - name: check docker run execution
      run: |
-        expected=19
+        expected=18
        docker build -t spectre-meltdown-checker .
        nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
--- a/README.md
+++ b/README.md
@@ -23,7 +23,6 @@ CVE
 [CVE-2022-40982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982) | Gather Data Sampling                                | GDS, Downfall
 [CVE-2023-20569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569) | Return Address Security                             | Inception, RAS, SRSO
 [CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak                      | Zenbleed
-[CVE-2023-23583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583) | Redundant Prefix issue                              | Reptar

 Supported operating systems:
 - Linux (all versions, flavors and distros)
@@ -76,13 +75,10 @@ sudo ./spectre-meltdown-checker.sh
 #### With docker-compose

 ```shell
-docker compose build
-docker compose run --rm spectre-meltdown-checker
+docker-compose build
+docker-compose run --rm spectre-meltdown-checker
 ```

-Note that on older versions of docker, `docker-compose` is a separate command, so you might
-need to replace the two `docker compose` occurences above by `docker-compose`.
-
 #### Without docker-compose

 ```shell
@@ -203,9 +199,3 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m
   - Impact: Kernel & all software
   - Mitigation: either kernel mitigation by disabling a CPU optimization through an MSR bit, or CPU microcode mitigation
   - Performance impact of the mitigation: TBD
-
-**CVE-2023-23583** Redundant Prefix issue (Reptar)
-
-   - Impact: All software
-   - Mitigation: microcode update for the affected CPU
-   - Performance impact of the mitigation: low
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,3 +1,5 @@
+version: '2'
+
 services:
  spectre-meltdown-checker:
    build:
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
Author	SHA1	Message	Date
Sébastien Mériot	a55378d439	feat(inception): README	2023-08-14 16:43:10 +00:00
Sébastien Mériot	637de90bd9	feat(inception): kernel checks + sbpb support detection	2023-08-14 16:37:51 +00:00
Sébastien Mériot	0b70d8da79	feat(inception): Zen1/2 IBPB and SMT checks	2023-08-14 09:34:48 +00:00
Stéphane Lesimple	23f720cc82	feat(inception): handle sysfs interface	2023-08-12 12:19:05 +02:00
Sébastien Mériot	444876f8ec	feat(inception): start supporting AMD inception	2023-08-11 17:21:01 +00:00