mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2025-07-19 17:21:23 +02:00
Compare commits
6 Commits
v0.45
...
a2843575be
| Author | SHA1 | Date | |
|---|---|---|---|
| a2843575be | |||
| 60c71ccb7a | |||
| 48abeb5950 | |||
| 3c988cc73a | |||
| bea5cfc3b8 | |||
| b68ebe67f2 |
@ -1,7 +1,7 @@
|
||||
FROM alpine:3.7
|
||||
FROM alpine:latest
|
||||
|
||||
RUN apk --update --no-cache add kmod binutils grep perl
|
||||
RUN apk --update --no-cache add kmod binutils grep perl zstd wget sharutils unzip sqlite procps coreutils iucode-tool gzip xz bzip2 lz4
|
||||
|
||||
COPY . /check
|
||||
COPY spectre-meltdown-checker.sh /
|
||||
|
||||
ENTRYPOINT ["/check/spectre-meltdown-checker.sh"]
|
||||
ENTRYPOINT ["/spectre-meltdown-checker.sh"]
|
||||
|
||||
@ -18,6 +18,7 @@ trap 'exit_cleanup' EXIT
|
||||
trap '_warn "interrupted, cleaning up..."; exit_cleanup; exit 1' INT
|
||||
exit_cleanup()
|
||||
{
|
||||
saved_ret=$?
|
||||
# cleanup the temp decompressed config & kernel image
|
||||
[ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
|
||||
[ -n "${kerneltmp:-}" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp"
|
||||
@ -30,6 +31,7 @@ exit_cleanup()
|
||||
[ "${insmod_msr:-}" = 1 ] && rmmod msr 2>/dev/null
|
||||
[ "${kldload_cpuctl:-}" = 1 ] && kldunload cpuctl 2>/dev/null
|
||||
[ "${kldload_vmm:-}" = 1 ] && kldunload vmm 2>/dev/null
|
||||
exit $saved_ret
|
||||
}
|
||||
|
||||
# if we were git clone'd, adjust VERSION
|
||||
@ -896,13 +898,13 @@ update_fwdb()
|
||||
echo ERROR "please install the \`sqlite3\` program"
|
||||
return 1
|
||||
fi
|
||||
mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE")
|
||||
mcedb_revision=$(sqlite3 "$mcedb_tmp" "SELECT \"revision\" from \"MCE\"")
|
||||
if [ -z "$mcedb_revision" ]; then
|
||||
echo ERROR "downloaded file seems invalid"
|
||||
return 1
|
||||
fi
|
||||
sqlite3 "$mcedb_tmp" "alter table Intel add column origin text"
|
||||
sqlite3 "$mcedb_tmp" "update Intel set origin='mce'"
|
||||
sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT"
|
||||
sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'"
|
||||
|
||||
echo OK "MCExtractor database revision $mcedb_revision"
|
||||
|
||||
@ -940,7 +942,7 @@ update_fwdb()
|
||||
_version=$(echo "$_line" | awk '{print $8}')
|
||||
_version=$(( _version ))
|
||||
_version=$(printf "0x%08X" "$_version")
|
||||
_sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
|
||||
_sqlstm="$(printf "INSERT INTO \"Intel\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
|
||||
sqlite3 "$mcedb_tmp" "$_sqlstm"
|
||||
done
|
||||
_intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null)
|
||||
@ -949,7 +951,7 @@ update_fwdb()
|
||||
_intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp")
|
||||
else
|
||||
echo "Falling back to the latest microcode date"
|
||||
_intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;")
|
||||
_intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT \"yyyymmdd\" FROM \"Intel\" WHERE \"origin\"='intel' ORDER BY \"yyyymmdd\" DESC LIMIT 1;")
|
||||
fi
|
||||
echo DONE "(version $_intel_latest_date)"
|
||||
|
||||
@ -964,8 +966,11 @@ update_fwdb()
|
||||
{
|
||||
echo "# Spectre & Meltdown Checker";
|
||||
echo "# %%% MCEDB v$dbversion";
|
||||
sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
|
||||
sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD AS t1 LEFT OUTER JOIN AMD AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
|
||||
# ensure the official Intel DB always has precedence over mcedb, even if mcedb has seen a more recent fw
|
||||
sqlite3 "$mcedb_tmp" "DELETE FROM \"Intel\" WHERE \"origin\"!='intel' AND \"cpuid\" IN (SELECT \"cpuid\" FROM \"Intel\" WHERE \"origin\"='intel' GROUP BY \"cpuid\" ORDER BY \"cpuid\" ASC);"
|
||||
# we'll use the more recent fw for Intel and AMD
|
||||
sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"Intel\" AS \"t1\" LEFT OUTER JOIN \"Intel\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
|
||||
sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"AMD\" AS \"t1\" LEFT OUTER JOIN \"AMD\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
|
||||
} > "$mcedb_cache"
|
||||
echo DONE "(version $dbversion)"
|
||||
|
||||
@ -2248,6 +2253,8 @@ if [ "$opt_live" = 1 ]; then
|
||||
[ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
|
||||
# NixOS:
|
||||
[ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel"
|
||||
# Guix System:
|
||||
[ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage"
|
||||
# systemd kernel-install:
|
||||
[ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux"
|
||||
# Clear Linux:
|
||||
@ -3383,7 +3390,7 @@ check_has_vmm()
|
||||
else
|
||||
# ignore SC2009 as `ps ax` is actually used as a fallback if `pgrep` isn't installed
|
||||
# shellcheck disable=SC2009
|
||||
if command -v ps >/devnull && ps ax | grep -vw grep | grep -q -e '\<qemu' -e '/qemu' -e '<\kvm' -e '/kvm' -e '/xenstored' -e '/xenconsoled'; then
|
||||
if command -v ps >/dev/null && ps ax | grep -vw grep | grep -q -e '\<qemu' -e '/qemu' -e '<\kvm' -e '/kvm' -e '/xenstored' -e '/xenconsoled'; then
|
||||
has_vmm=1
|
||||
fi
|
||||
fi
|
||||
@ -5847,8 +5854,8 @@ exit 0 # ok
|
||||
# I,0x00000633,0x00000036,19980923
|
||||
# I,0x00000634,0x00000037,19980923
|
||||
# I,0x00000650,0x00000045,19990525
|
||||
# I,0x00000651,0x00000042,19990525
|
||||
# I,0x00000652,0x0000002D,19990518
|
||||
# I,0x00000651,0x00000040,19990525
|
||||
# I,0x00000652,0x0000002C,19990517
|
||||
# I,0x00000653,0x00000010,19990628
|
||||
# I,0x00000660,0x0000000A,19990505
|
||||
# I,0x00000665,0x00000003,19990505
|
||||
@ -5859,8 +5866,8 @@ exit 0 # ok
|
||||
# I,0x00000672,0x00000038,19990922
|
||||
# I,0x00000673,0x0000002E,19990910
|
||||
# I,0x00000680,0x00000017,19990610
|
||||
# I,0x00000681,0x00000014,19991209
|
||||
# I,0x00000683,0x00000014,20010206
|
||||
# I,0x00000681,0x00000011,19990921
|
||||
# I,0x00000683,0x00000008,19991015
|
||||
# I,0x00000686,0x00000008,20000505
|
||||
# I,0x0000068A,0x00000005,20001207
|
||||
# I,0x00000690,0x00000004,20000206
|
||||
@ -5883,8 +5890,8 @@ exit 0 # ok
|
||||
# I,0x000006E0,0x00000008,20050215
|
||||
# I,0x000006E1,0x0000000C,20050413
|
||||
# I,0x000006E4,0x00000026,20050816
|
||||
# I,0x000006E8,0x0000003C,20060208
|
||||
# I,0x000006EC,0x0000005B,20070208
|
||||
# I,0x000006E8,0x00000039,20051115
|
||||
# I,0x000006EC,0x00000059,20060912
|
||||
# I,0x000006F0,0x00000005,20050818
|
||||
# I,0x000006F1,0x00000012,20051129
|
||||
# I,0x000006F2,0x0000005D,20101002
|
||||
@ -5894,7 +5901,7 @@ exit 0 # ok
|
||||
# I,0x000006F7,0x0000006B,20101002
|
||||
# I,0x000006F9,0x00000084,20061012
|
||||
# I,0x000006FA,0x00000095,20101002
|
||||
# I,0x000006FB,0x000000C1,20111004
|
||||
# I,0x000006FB,0x000000BC,20101003
|
||||
# I,0x000006FD,0x000000A4,20101002
|
||||
# I,0x00000F00,0xFFFF0001,20000130
|
||||
# I,0x00000F01,0xFFFF0007,20000404
|
||||
@ -5908,7 +5915,7 @@ exit 0 # ok
|
||||
# I,0x00000F09,0x00000008,20010104
|
||||
# I,0x00000F0A,0x00000015,20020821
|
||||
# I,0x00000F11,0x0000000A,20030729
|
||||
# I,0x00000F12,0x0000002F,20030502
|
||||
# I,0x00000F12,0x0000002E,20030502
|
||||
# I,0x00000F13,0x00000005,20030508
|
||||
# I,0x00000F20,0x00000001,20010423
|
||||
# I,0x00000F21,0x00000003,20010529
|
||||
@ -5941,23 +5948,23 @@ exit 0 # ok
|
||||
# I,0x00000F62,0x0000000F,20051215
|
||||
# I,0x00000F63,0x00000005,20051010
|
||||
# I,0x00000F64,0x00000004,20051223
|
||||
# I,0x00000F65,0x0000000B,20070510
|
||||
# I,0x00000F65,0x00000008,20060426
|
||||
# I,0x00000F66,0x0000001B,20060310
|
||||
# I,0x00000F68,0x00000009,20060714
|
||||
# I,0x00001632,0x00000002,19980610
|
||||
# I,0x00010650,0x00000002,20060513
|
||||
# I,0x00010660,0x00000004,20060612
|
||||
# I,0x00010661,0x00000045,20101004
|
||||
# I,0x00010661,0x00000044,20101004
|
||||
# I,0x00010670,0x00000005,20070209
|
||||
# I,0x00010671,0x00000106,20070329
|
||||
# I,0x00010674,0x84050100,20070726
|
||||
# I,0x00010676,0x00000612,20150802
|
||||
# I,0x00010677,0x0000070D,20150802
|
||||
# I,0x0001067A,0x00000A0E,20150729
|
||||
# I,0x00010676,0x0000060F,20100929
|
||||
# I,0x00010677,0x0000070A,20100929
|
||||
# I,0x0001067A,0x00000A0B,20100928
|
||||
# I,0x000106A0,0xFFFF001A,20071128
|
||||
# I,0x000106A1,0xFFFF000B,20080220
|
||||
# I,0x000106A2,0xFFFF0019,20080714
|
||||
# I,0x000106A4,0x00000013,20150630
|
||||
# I,0x000106A4,0x00000012,20130621
|
||||
# I,0x000106A5,0x0000001D,20180511
|
||||
# I,0x000106C0,0x00000007,20070824
|
||||
# I,0x000106C1,0x00000109,20071203
|
||||
@ -5965,7 +5972,7 @@ exit 0 # ok
|
||||
# I,0x000106C9,0x00000007,20090213
|
||||
# I,0x000106CA,0x00000107,20090825
|
||||
# I,0x000106D0,0x00000005,20071204
|
||||
# I,0x000106D1,0x0000002A,20150803
|
||||
# I,0x000106D1,0x00000029,20100930
|
||||
# I,0x000106E0,0xFFFF0022,20090116
|
||||
# I,0x000106E1,0xFFFF000D,20090206
|
||||
# I,0x000106E2,0xFFFF0011,20090924
|
||||
@ -6017,7 +6024,7 @@ exit 0 # ok
|
||||
# I,0x00030672,0x0000022E,20140401
|
||||
# I,0x00030673,0x83290100,20190916
|
||||
# I,0x00030678,0x00000838,20190422
|
||||
# I,0x00030679,0x0000090D,20190710
|
||||
# I,0x00030679,0x0000090C,20190423
|
||||
# I,0x000306A0,0x00000007,20110407
|
||||
# I,0x000306A2,0x0000000C,20110725
|
||||
# I,0x000306A4,0x00000007,20110908
|
||||
@ -6070,7 +6077,7 @@ exit 0 # ok
|
||||
# I,0x00050652,0x80000037,20170502
|
||||
# I,0x00050653,0x0100015C,20210526
|
||||
# I,0x00050654,0x02006C0A,20210616
|
||||
# I,0x00050655,0x03000012,20190412
|
||||
# I,0x00050655,0x03000010,20181116
|
||||
# I,0x00050656,0x0400320A,20210813
|
||||
# I,0x00050657,0x0500320A,20210813
|
||||
# I,0x0005065A,0x86002302,20210416
|
||||
@ -6086,12 +6093,12 @@ exit 0 # ok
|
||||
# I,0x000506C2,0x00000014,20180511
|
||||
# I,0x000506C8,0x90011010,20160323
|
||||
# I,0x000506C9,0x00000046,20210510
|
||||
# I,0x000506CA,0x00000022,20210622
|
||||
# I,0x000506CA,0x00000024,20210510
|
||||
# I,0x000506D1,0x00000102,20150605
|
||||
# I,0x000506E0,0x00000018,20141119
|
||||
# I,0x000506E1,0x0000002A,20150602
|
||||
# I,0x000506E2,0x0000002E,20150815
|
||||
# I,0x000506E3,0x000000F0,20211112
|
||||
# I,0x000506E3,0x000000EC,20210429
|
||||
# I,0x000506E8,0x00000034,20160710
|
||||
# I,0x000506F0,0x00000010,20160607
|
||||
# I,0x000506F1,0x00000036,20210510
|
||||
@ -6102,7 +6109,7 @@ exit 0 # ok
|
||||
# I,0x000606A0,0x80000031,20200308
|
||||
# I,0x000606A4,0x0B000280,20200817
|
||||
# I,0x000606A5,0x0C0002F0,20210308
|
||||
# I,0x000606A6,0x0D000332,20211217
|
||||
# I,0x000606A6,0x0D000331,20211203
|
||||
# I,0x000606E0,0x0000000B,20161104
|
||||
# I,0x000606E1,0x00000108,20190423
|
||||
# I,0x000706A0,0x00000026,20170712
|
||||
@ -6120,7 +6127,7 @@ exit 0 # ok
|
||||
# I,0x000806A0,0x00000010,20190507
|
||||
# I,0x000806A1,0x0000002D,20210902
|
||||
# I,0x000806C0,0x00000068,20200402
|
||||
# I,0x000806C1,0x0000009C,20211026
|
||||
# I,0x000806C1,0x0000009A,20210806
|
||||
# I,0x000806C2,0x00000022,20210716
|
||||
# I,0x000806D0,0x00000050,20201217
|
||||
# I,0x000806D1,0x0000003C,20210716
|
||||
@ -6141,7 +6148,7 @@ exit 0 # ok
|
||||
# I,0x000906A3,0x0000041B,20220308
|
||||
# I,0x000906A4,0x0000041B,20220308
|
||||
# I,0x000906C0,0x2400001F,20210809
|
||||
# I,0x000906E9,0x000000F0,20211112
|
||||
# I,0x000906E9,0x000000EC,20210429
|
||||
# I,0x000906EA,0x000000EC,20210428
|
||||
# I,0x000906EB,0x000000EC,20210428
|
||||
# I,0x000906EC,0x000000EC,20210428
|
||||
|
||||
Reference in New Issue
Block a user