Commit Graph

  • c40b2b3195
    Update spectre-meltdown-checker.sh #199 Rob Gill 2018-05-22 21:11:19 +1000
  • 7451022f05
    Update spectre-meltdown-checker.sh Rob Gill 2018-05-22 20:46:49 +1000
  • e04c6b9850
    Check for obsolete dd Rob Gill 2018-05-22 20:40:57 +1000
  • ca391cbfc9 fix(variant2): correctly detect IBRS/IBPB in SLES kernels Stéphane Lesimple 2018-05-22 12:06:46 +0200
  • 68af5c5f92 feat(variant4): detect SSBD-aware kernel Stéphane Lesimple 2018-05-22 12:05:46 +0200
  • 65c123f309
    Merge pull request #3 from speed47/master Rob Gill 2018-05-22 18:14:24 +1000
  • 19be8f79eb doc: update README with some info about variant3 and variant4 Stéphane Lesimple 2018-05-22 09:43:29 +0200
  • f75cc0bb6f feat(variant4): add sysfs mitigation hint and some explanation about the vuln Stéphane Lesimple 2018-05-22 09:39:11 +0200
  • f33d65ff71 feat(variant3a): add information about microcode-sufficient mitigation Stéphane Lesimple 2018-05-22 09:38:29 +0200
  • 725eaa8bf5 feat(arm): adjust vulnerable ARM CPUs for variant3a and variant4 Stéphane Lesimple 2018-05-22 09:19:29 +0200
  • c6ee0358d1 feat(variant4): report SSB_NO CPUs as not vulnerable Stéphane Lesimple 2018-05-22 09:18:30 +0200
  • 0230ce23b1
    Merge pull request #2 from speed47/master Rob Gill 2018-05-22 14:57:29 +1000
  • 22d0b203da fix(ssb_no): rename ssbd_no to ssb_no and fix shift Stéphane Lesimple 2018-05-22 00:38:31 +0200
  • 3062a8416a fix(msg): add missing words Stéphane Lesimple 2018-05-22 00:10:08 +0200
  • 6a4318addf feat(variant3a/4): initial support for 2 new CVEs Stéphane Lesimple 2018-05-21 22:01:27 +0200
  • c19986188f fix(variant2): adjust detection for SLES kernels Stéphane Lesimple 2018-05-19 09:52:51 +0200
  • 7e4899bcb8 ibrs can't be enabled on no ibrs cpu (#195) Rob Gill 2018-05-17 23:39:48 +1000
  • 7ae2dfe35a
    Update spectre-meltdown-checker.sh #195 rrobgill 2018-05-07 10:08:21 +1000
  • 9063a7fd20
    ibrs can't be enabled on no ibrs cpu rrobgill 2018-05-06 15:47:45 +1000
  • 3568293570
    Merge pull request #1 from speed47/master rrobgill 2018-05-06 14:44:12 +1000
  • 5cc77741af Update spectre-meltdown-checker.sh rrobgill 2018-05-04 07:30:54 +1000
  • 1c0f6d9580 cpuid and msr module check rrobgill 2018-05-04 07:21:48 +1000
  • 5b20f6f163
    Update spectre-meltdown-checker.sh #192 rrobgill 2018-05-04 07:30:54 +1000
  • d26637e3a4
    cpuid and msr module check rrobgill 2018-05-04 07:21:48 +1000
  • 172c04a78a
    32 bit kernel suggestions #187 rrobgill 2018-04-30 20:31:24 +1000
  • 4acd0f647a Suggestion to change VM to a CPU with IBRS capability Onno Zweers 2018-04-20 11:37:34 +0200
  • fb52dbe7bf set master branch to v0.37+ Stéphane Lesimple 2018-04-20 20:34:42 +0200
  • 52dd853138
    Suggestion to change VM to a CPU with IBRS capability #184 Onno Zweers 2018-04-20 11:37:34 +0200
  • edebe4dcd4 bump to v0.37 v0.37 Stéphane Lesimple 2018-04-18 23:51:45 +0200
  • 83ea78f523 fix: arm: also detect variant 1 mitigation when using native objdump Stéphane Lesimple 2018-04-17 18:50:32 +0200
  • 602b68d493 fix(spectrev2): explain that retpoline is possible for Skylake+ if there is RSB filling, even if IBRS is still better Stéphane Lesimple 2018-04-16 09:27:28 +0200
  • 97bccaa0d7 feat: rephrase IBPB warning when only retpoline is enabled in non-paranoid mode Stéphane Lesimple 2018-04-16 09:13:04 +0200
  • 68e619b0d3 feat: show RSB filling capability for non-Skylake in verbose mode Stéphane Lesimple 2018-04-16 09:08:25 +0200
  • a6f4475cee feat: make IBRS_FW blue instead of green Stéphane Lesimple 2018-04-16 09:07:54 +0200
  • 223f5028df feat: add --paranoid to choose whether we require IBPB Stéphane Lesimple 2018-04-15 23:05:30 +0200
  • c0108b9690 fix(spectre2): don't explain how to fix when NOT VULNERABLE Stéphane Lesimple 2018-04-15 20:55:55 +0200
  • a3016134bd feat: make RSB filling support mandatory for Skylake+ CPUs Stéphane Lesimple 2018-04-15 20:55:31 +0200
  • 59d85b39c9 feat: detect RSB filling capability in the kernel Stéphane Lesimple 2018-04-15 20:55:01 +0200
  • baaefb0c31 fix: remove shellcheck warnings Stéphane Lesimple 2018-04-11 22:24:03 +0200
  • d452aca03a fix: invalid bash syntax when ibpb_enabled or ibrs_enabled are empty Igor Lubashev 2018-04-10 18:32:00 -0400
  • c2d174a3c1 fix: invalid bash syntax when ibpb_enabled or ibrs_enabled are empty #177 Igor Lubashev 2018-04-10 18:32:00 -0400
  • 10b8d94724 feat: detect latest Red Hat kernels' RO ibpb_enabled knob Stéphane Lesimple 2018-04-10 22:09:38 +0200
  • 8606e60ef7 refactor: no longer display the retoline-aware compiler test when we can't tell for sure Stéphane Lesimple 2018-04-09 20:56:20 +0200
  • 6a48251647 fix: regression in 51aeae25, when retpoline & ibpb are enabled Stéphane Lesimple 2018-04-09 20:15:45 +0200
  • f4bf5e95ec fix: typos Stéphane Lesimple 2018-04-08 20:07:43 +0200
  • 60eac1ad43 feat: also do PTI performance check with (inv)pcid for BSD Stéphane Lesimple 2018-04-08 17:59:02 +0200
  • b3cc06a6ad fix regression introduced by 82c25dc Stéphane Lesimple 2018-04-08 16:27:57 +0200
  • 5553576e31 feat(amd/zen): re-introduce IBRS for AMD except ZEN family Stéphane Lesimple 2018-04-08 16:26:06 +0200
  • e16ad802da feat(ibpb=2): add detection of SMT before concluding the system is not vulnerable Stéphane Lesimple 2018-04-08 16:24:43 +0200
  • 29c294edff feat(bsd): explain how to mitigate variant2 Stéphane Lesimple 2018-04-08 15:38:58 +0200
  • 59714011db refactor: IBRS_ALL & RDCL_NO are Intel-only Stéphane Lesimple 2018-04-08 15:08:21 +0200
  • 51e8261a32 refactor: separate hw checks for Intel & AMD Stéphane Lesimple 2018-04-08 14:41:08 +0200
  • 2a4bfad835 refactor: add is_amd and is_intel funcs Stéphane Lesimple 2018-04-08 13:02:43 +0200
  • 7e52cea66e feat(spectre2): refined how status of this vuln is decided and more precise explanations on how to fix Stéphane Lesimple 2018-04-07 18:04:06 +0200
  • 417d7aab91 Fix trailing whitespace and mixed indent styles; Benjamin Bouvier 2018-04-08 21:14:18 +0200
  • d48fc196f3
    Merge a6f446b15f into 67bf761029 #176 Benjamin Bouvier 2018-04-08 19:18:26 +0000
  • a6f446b15f Fix trailing whitespace and mixed indent styles; #176 Benjamin Bouvier 2018-04-08 21:14:18 +0200
  • 31146550a3 Fixes #175: Make it overly obvious that this tool only checks the kernel; Benjamin Bouvier 2018-04-08 21:13:59 +0200
  • 67bf761029 Fix some user facing typos with codespell -w -q3 . Sylvestre Ledru 2018-04-08 17:56:55 +0200
  • 789734f395 Fix some user facing typos with codespell -w -q3 . #174 Sylvestre Ledru 2018-04-08 17:56:55 +0200
  • 0eabd266ad refactor: decrease default verbosity for some tests Stéphane Lesimple 2018-04-05 22:20:16 +0200
  • b77fb0f226 fix: don't override ibrs/ibpb results with later tests Stéphane Lesimple 2018-04-05 22:04:20 +0200
  • 89c2e0fb21 fix(amd): show cpuinfo and ucode details Stéphane Lesimple 2018-04-05 21:39:27 +0200
  • b88f32ed95 feat: print raw cpuid, and fetch ucode version under BSD Stéphane Lesimple 2018-04-05 00:07:12 +0200
  • 7a4ebe8009 refactor: rewrite read_cpuid to get more common code parts between BSD and Linux Stéphane Lesimple 2018-04-05 00:06:24 +0200
  • 0919f5c236 feat: add explanations of what to do when a vulnerability is not mitigated Stéphane Lesimple 2018-04-05 00:03:04 +0200
  • de02dad909 feat: rework Spectre V2 mitigations detection w/ latest vanilla & Red Hat 7 kernels Stéphane Lesimple 2018-04-05 00:00:07 +0200
  • 07484d0ea7 add dump of variables at end of script in debug mode Stéphane Lesimple 2018-04-04 23:58:15 +0200
  • a8b557b9e2 fix(cpu): skip CPU checks if asked to (--no-hw) or if inspecting a kernel of another architecture Stéphane Lesimple 2018-04-03 19:34:24 +0200
  • 619b2749d8 fix(sysfs): only check for sysfs for spectre2 when in live mode Stéphane Lesimple 2018-04-03 19:32:36 +0200
  • 94857c983d update readme Stéphane Lesimple 2018-04-03 14:48:47 +0200
  • 056ed00baa feat(arm): detect spectre variant 1 mitigation Stéphane Lesimple 2018-04-03 15:52:25 +0200
  • aef99d20f3 fix(pti): when PTI activation is unknown, don't say we're vulnerable Stéphane Lesimple 2018-04-03 12:45:17 +0200
  • e2d7ed2243 feat(arm): support for variant2 and meltdown mitigation detection Stéphane Lesimple 2018-03-27 20:55:13 +0200
  • eeaeff8ec3 set version to v0.36+ for master branch between releases Stéphane Lesimple 2018-04-01 17:45:01 +0200
  • f5269a362a feat(bsd): add retpoline detection for BSD Stéphane Lesimple 2018-04-01 17:29:12 +0200
  • f3883a37a0 fix(xen): adjust message for DomUs w/ sysfs Stéphane Lesimple 2018-03-31 13:44:04 +0200
  • b6fd69a022 release: v0.36 v0.36 Stéphane Lesimple 2018-03-27 23:08:38 +0200
  • 7adb7661f3 enh: change colors and use red only to report vulnerability Stéphane Lesimple 2018-03-25 18:13:02 +0200
  • c7892e3399 update README.md Stéphane Lesimple 2018-03-25 14:17:21 +0200
  • aa74315df4 feat: speed up kernel version detection Stéphane Lesimple 2018-03-25 13:42:06 +0200
  • 0b8a09ec70 fix: mis adjustments for BSD compat Stéphane Lesimple 2018-03-25 13:26:00 +0200
  • b42d8f2f27 fix(write_msr): use /dev/zero instead of manually echoing zeroes Stéphane Lesimple 2018-03-25 12:53:50 +0200
  • f191ec7884 feat: add --hw-only to only show CPU microcode/cpuid/msr details Stéphane Lesimple 2018-03-25 12:48:37 +0200
  • 28da7a0103 misc: message clarifications Stéphane Lesimple 2018-03-25 12:27:40 +0200
  • ece25b98a1 feat: implement support for NetBSD/FreeBSD/DragonFlyBSD Stéphane Lesimple 2018-03-25 12:23:46 +0200
  • 889172dbb1 feat: add special extract_vmlinux mode for old RHEL kernels Stéphane Lesimple 2018-03-24 23:58:13 +0100
  • 37ce032888 fix: bypass MSR/CPUID checks for non-x86 CPUs Stéphane Lesimple 2018-03-17 16:13:37 +0100
  • 701cf882ad feat: more robust validation of extracted kernel image Stéphane Lesimple 2018-03-17 16:02:11 +0100
  • 6a94c3f158 feat(extract_vmlinux): look for ELF magic in decompressed blob and cut at found offset Stéphane Lesimple 2018-03-17 13:34:53 +0100
  • 2d993812ab feat: add --prefix-arch for cross-arch kernel inspection Stéphane Lesimple 2018-03-17 13:17:10 +0100
  • 4961f8327f fix(ucode): fix blacklist detection for some ucode versions Stéphane Lesimple 2018-03-16 14:33:52 +0100
  • ecdc448531 Check MSR in each CPU/Thread (#136) Alex 2018-03-17 09:17:15 -0700
  • 12ea49fe0c fix(kvm): properly detect PVHVM mode (fixes #163) Stéphane Lesimple 2018-03-16 18:29:58 +0100
  • 053f1613de fix(doc): use https:// URLs in the script comment header Stéphane Lesimple 2018-03-16 18:24:59 +0100
  • adcb0ae14f fix(ucode): fix blacklist detection for some ucode versions #167 Stéphane Lesimple 2018-03-16 14:33:52 +0100
  • 42f3f66d5c cleanup. fixing warnings from shellcheck #136 Oleksandr Bazhaniuk 2018-03-12 18:39:01 -0700
  • 2282910d06 Merge remote-tracking branch 'origin/master' into check_msr_on_each_cpu Oleksandr Bazhaniuk 2018-03-12 18:14:13 -0700
  • bda18d04a0 fix: pine64: re-add vmlinuz location and some error checks Stéphane Lesimple 2018-03-10 16:02:44 +0100
  • 2551295541 doc: use https URLs Stéphane Lesimple 2018-03-10 15:20:07 +0100