[Stable Update x32] 2018-01-13 - Kernels, Intel microcode

update
stable
manjaro32

#1

Hello i686ers!

This is a much smaller set than the last one and updates kernels 3.16, 4.4, 4.9, and 4.14 and the Intel microcode. There’s also an update to LightDM which should enable autologin.


Main changes

  • Updated kernels, extramodules rebuilt as necessary
  • Updated Intel microcode package

Available kernels

Series Version
linux316 3.16.53
linux41 4.1.48
linux44 4.4.111
linux49 4.9.76
linux414 4.14.13

archlinux32

If you find manjaro32 useful please consider donating to, or helping out with, archlinux32. It’s a small team taking on a huge project and any help will no doubt be very much appreciated.

How do I get it?

These steps should no longer be necessary

If you’re already running a 32-bit installation, and haven’t already migrated, you should shortly get a manjaro-system update which will transition you to the new setup (it should automate the following steps).

Otherwise, edit your /etc/pacman-mirrors.conf and change (or set):

Branch = x32-stable

making sure there is no comment marker (#) at the start of the line. Then, update your mirror list, install the keyring package, and update:

pacman-mirrors -c all
pacman -Sy archlinux32-keyring-transition
pacman -S archlinux32-keyring
pacman -Syu

archlinux32-keyring-transition is signed by the Arch devs and allows you to install archlinux32-keyring which contains the keys that sign all archlinux32 packages.

archlinux32-keyring replaces archlinux32-keyring-transition.

What about package updates?

Manjaro-specific packages may lag behind x86_64 because there aren’t as many packagers. I may also trim the supported package list to save effort, depending on frequency of updates to packages and packagers who volunteer to help out. If you notice an important package is lagging please report it; at the moment it’s only me packaging for i686:

I’m only packaging current LTS kernels. Any marked as EOL are dropped. I’ll not be building the mainline kernel.

What about security updates?

I cannot guarantee timely security updates on x32-stable. If this is critical for you I recommend you switch to x32-testing or cherry-pick those packages from x32-testing or x32-unstable as they become available.

Something broke. Isn’t this meant to be stable?

“Stable” means “infrequently changing”, not “everything will work perfectly all the time”. If you want it to mean everything works, you need to help test the things you’re interested in.

What about installer images?

Phil very kindly spun some preview installer images:

There will be a new release as soon as I refresh myself on how to do it. :slight_smile:

What about x32-testing and x32-unstable?

These are already available, and I recommend you use x32-testing if you can to make sure testing is done.

x32-unstable should be used by anyone who wants to try and find any issues before they impact other people. If you have multiple/many machines you really should run one of those on x32-unstable.

The update announcement process will look something like:

Unstable Testing Stable Announcement threads
Sync New unstable
Sync Snap New testing, update unstable
Sync Update unstable
Sync Snap New testing, update unstable
Snap New stable, close testing and unstable
Sync New unstable
Sync Snap New testing, update unstable
etc. etc. etc. etc.

Full list of changes

:: Different overlay package(s) in repository core i686

-------------------------------------------------------------------------------
                             PACKAGE           2018-01-09           2018-01-13
-------------------------------------------------------------------------------
                            linux414          4.14.12-3.2            4.14.13-1
                    linux414-headers          4.14.12-3.2            4.14.13-1
                             linux44            4.4.110-1            4.4.111-1
                     linux44-headers            4.4.110-1            4.4.111-1
                             linux49           4.9.75-1.0             4.9.76-1
                     linux49-headers           4.9.75-1.0             4.9.76-1


:: Different overlay package(s) in repository extra i686

-------------------------------------------------------------------------------
                             PACKAGE           2018-01-09           2018-01-13
-------------------------------------------------------------------------------
                   linux44-acpi_call             1.1.0-77             1.1.0-78
                 linux44-broadcom-wl      6.30.223.271-47      6.30.223.271-48
                    linux44-catalyst     1:15.201.1151-77     1:15.201.1151-78
                      linux44-nvidia          1:384.111-1          1:384.111-2
                linux44-nvidia-304xx         1:304.137-12         1:304.137-13
                linux44-nvidia-340xx           340.104-18           340.104-19
       linux44-open-vm-tools-modules      2:2013.09.16-77      2:2013.09.16-78
                       linux44-r8168          8.044.02-31          8.044.02-32
                   linux44-rt3562sta        2.4.1.1_r4-45        2.4.1.1_r4-46
                         linux44-spl          0.7.5-1.110              0.7.5-2
                 linux44-vhba-module          20161009-45          20161009-46
    linux44-virtualbox-guest-modules              5.2.4-4              5.2.4-5
     linux44-virtualbox-host-modules              5.2.4-4              5.2.4-5
                         linux44-zfs          0.7.5-1.110              0.7.5-2
                   linux49-acpi_call             1.1.0-59             1.1.0-60
                    linux49-bbswitch               0.8-59               0.8-60
                 linux49-broadcom-wl      6.30.223.271-59      6.30.223.271-60
                    linux49-catalyst     1:15.201.1151-59     1:15.201.1151-60
                      linux49-nvidia          1:384.111-1          1:384.111-2
                linux49-nvidia-304xx         1:304.137-18         1:304.137-19
                linux49-nvidia-340xx           340.104-18           340.104-19
                       linux49-r8168          8.044.02-39          8.044.02-40
                   linux49-rt3562sta        2.4.1.1_r4-57        2.4.1.1_r4-58
                         linux49-spl           0.7.5-1.75              0.7.5-2
                    linux49-tp_smapi              0.41-59              0.41-60
                 linux49-vhba-module          20161009-57          20161009-58
    linux49-virtualbox-guest-modules              5.2.4-4              5.2.4-5
     linux49-virtualbox-host-modules              5.2.4-4              5.2.4-5
                         linux49-zfs           0.7.5-1.75              0.7.5-2
                    rt3562sta-common        2.4.1.1_r4-57        2.4.1.1_r4-58


:: Different sync package(s) in repository extra i686

-------------------------------------------------------------------------------
                             PACKAGE           2018-01-09           2018-01-13
-------------------------------------------------------------------------------
                              geeqie                1.3-3              1.4-1.0
                            ghostpcl             9.22-6.0             9.22-7.0
                         ghostscript             9.22-6.0             9.22-7.0
                            ghostxps             9.22-6.0             9.22-7.0
                         intel-ucode           20171117-1         20180108-1.1
                                lcms               1.19-5             1.19-6.0
                    noto-fonts-emoji         20171030-1.0         20180102-1.0
                               xterm              331-1.0              330-1.1


:: Different overlay package(s) in repository community i686

-------------------------------------------------------------------------------
                             PACKAGE           2018-01-09           2018-01-13
-------------------------------------------------------------------------------
                    lightdm-settings              1.1.4-1              1.1.4-2
              manjaro-bspwm-settings           20180107-1           20180110-1
             manjaro-budgie-settings           20180107-1           20180110-1
         manjaro-webdad-settings-git         r4.e04efa2-1                    -
                manjaro-jwm-settings           20180107-1           20180110-1
               manjaro-lxde-settings           20180107-1           20180110-1
               manjaro-mate-settings           20180107-1           20180110-1
            spectre-meltdown-checker               0.28-1                    -
                   webdad-speech-git         r2.5a18352-1                    -
                  webdad-theming-git         r2.10c7f12-1                    -
                  webdad-webapps-git         r1.8bd9748-1                    -
               webdad-workspaces-git         r1.6ff36cd-1                    -


:: Different sync package(s) in repository community i686

-------------------------------------------------------------------------------
                             PACKAGE           2018-01-09           2018-01-13
-------------------------------------------------------------------------------
                          clusterssh             4.13-1.0            4.10_02-1
                               fd-rs            6.1.0-1.0            6.2.0-1.0
                              fossil              2.4-2.0                2.4-1
                             fractal            0.1.6-1.0                    -
                              hwinfo            21.50-1.0              21.38-1
                                josm            13265-1.0            13170-1.0
                               jruby           9.1.14.0-1         9.1.15.0-1.0
                     python-cairosvg            2.1.2-1.0            2.1.3-1.0
                    python-jsonpatch             1.20-1.0             1.21-1.0
                   python2-jsonpatch             1.20-1.0             1.21-1.0
                        riot-desktop           0.13.3-1.0           0.13.4-1.0
                            riot-web           0.13.3-1.0           0.13.4-1.0

Any problems?

  • No issues, everything went smoothly
  • Yes there was an issue. I was able to resolve it myself. (Please post your solution)
  • Yes I am currently experiencing an issue due to the update. (Please post about it)

0 voters



[Testing Update x32] 2018-01-11 - Kernels, Intel microcode
#2

Known issues and solutions

This is a wiki post; please edit as necessary


What about Meltdown?

Meltdown is “fixed” by the KPTI patches for x86_64. The patches do not currently work for i686. If you’re running a 32-bit Intel system you are vulnerable to Meltdown.

What about Spectre?

Spectre is “fixed” by microcode updates. Specific/individual updates from the CPU manufacturers are needed for specific/individual CPU families/models. Not all CPUs have updates yet. Some CPUs will never get an update.

When will this all be fixed?

Possibly never.

Where can I read more?



#3

seems everything good :wink:

but…

dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x7, date = 2004-11-09
[    1.041848] microcode: sig=0x695, pf=0x20, revision=0x7
[    1.041919] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
sudo spectre-meltdown-checker
Spectre and Meltdown mitigation detection tool v0.28

Checking for vulnerabilities against running kernel Linux 4.9.76-1-MANJARO #1 SMP PREEMPT Thu Jan 11 00:32:47 UTC 2018 i686
CPU is Intel(R) Pentium(R) M processor 1300MHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO 
> STATUS:  VULNERABLE  (only 20 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  NO 
* PTI enabled and active:  NO 
> STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

#4

KPTI must be enabled…
dmesg | grep -i isolation


#5

no output to command

and @jonathon summarized very well the situation for 32 bit

so I wonder if I have to leave it in the shelf… :smiley:


#6

So kpti isn’t supported on x86?


#7

More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013).
https://meltdownattack.com/#faq-systems-meltdown

However, I don’t login to any money related website on my netbook, nor my Intel i3 laptop anymore.


#8

This topic was automatically closed after 3 days. New replies are no longer allowed.