With the latest update of “spectre-meltdown-checker” as its been a while I don t check, now I see this:
CVE-2020-0543 aka ‘Special Register Buffer Data Sampling (SRBDS)’
Mitigated according to the /sys interface: NO (Vulnerable: No microcode)
SRBDS mitigation control is supported by the kernel: YES (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
SRBDS mitigation control is enabled and active: NO
STATUS: VULNERABLE (Your CPU microcode may need to be updated to mitigate the vulnerability
but in the begining of the check I have this:
CPU supports Special Register Buffer Data Sampling (SRBDS): NO
so, no vulnerability at all?
Can’t be vulnerable if your CPU doesn’t have that feature.
Maybe you could file a
its depending on microcode version , if microcode is ok it should be not vulnerable ,
but if there no version found , is tagged vulnerable…
be careful microcode linux is not microcode microsoft , and not microcode intel ( as motherboard reseller )
see this on last information
I have installed the latest microcode from Manjaro:
As my CPU is an old Intel Core i7 and this vulnerability maybe is not so important now for Intel lets say that is nothing to do, I can live with this.
“A processor is affected by SRBDS if its Family_Model and stepping is in the following list, with the exception of the listed processors exporting MDS_NO while Intel TSX is available yet not enabled. The latter class of processors are only affected when Intel TSX is enabled by software using TSX_CTRL_MSR otherwise they are not affected.”
Intel® Transactional Synchronization Extensions No
Intel® Core™ i7-3770K Processor (8M Cache, up to 3.90 GHz) quick reference with specifications, features, and technologies.
In my personal opinion
on a personal computer
which is not a server to anyone or anything apart from occasional ssh connections from inside my (very small) local network
I do not care about this or any other of these kind of vulnerabilities.
I do not want to incur the performance impact these (may) have for no gain.
And so I decided
(just for myself)
to disable any and all of these mitigations
to the Grub command line
to disable them all in one go.
But maybe someone can and wants to correct me on this my decision?
I am on a personal desktop computer too, I was just curious about, maybe this mitigations will have impact over a server with many ssh connections as you say. I was just investigating what was this.
i repeat what i was seeing before with i7 6700K- 6 gen Intel Series ( Skylake gen 2015 and more )
all was in RED ( except SGX that only concerns Xeon ) ,
i get Green , or Yellow/Red if database date microcode do not match with last from the script
it was also first stepping models
I genuinely have no idea what you wanted to tell me with that. Sorry!
Warning: Do not apply this setting without considering the vulnerabilities it opens up. See this and this for more information.
Improving performance - ArchWiki
I decided to keep all mitigations on.
SGX works not only on Xeons.