# vim: set ts=4 sw=4 sts=4 et:
###############################
# CVE-2018-3615, Foreshadow (SGX), L1 Terminal Fault

check_CVE_2018_3615() {
    local cve
    cve='CVE-2018-3615'
    pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"

    pr_info_nol "* CPU microcode mitigates the vulnerability: "
    if [ "$cap_l1df" = 1 ] && [ "$cap_sgx" = 1 ]; then
        # the L1D flush CPUID bit indicates that the microcode supports L1D flushing,
        # and microcodes that have this also have the fixed SGX (for CPUs that support it),
        # because Intel delivered fixed microcodes for both issues at the same time
        pstatus green YES
    elif [ "$cap_sgx" = 1 ]; then
        pstatus red NO
    else
        pstatus blue N/A
    fi

    if ! is_cpu_affected "$cve"; then
        # override status & msg in case CPU is not vulnerable after all
        pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
    elif [ "$cap_l1df" = 1 ]; then
        pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability"
    else
        pvulnstatus "$cve" VULN "your CPU supports SGX and the microcode is not up to date"
    fi
}