#642 CPU vulnerabilites

Open
opened 1 month ago by eskere · 2 comments
eskere commented 1 month ago

Hello there. I think that would be useful to add to the website a page or a guide to determine if a CPU is vulnerable to the new discovered attacks. I have seen that many CPUs, even old ones are not secure anymore (but there are few ones that still are, like the Opteron 2352!), and I think that this is a very important aspect to highlight. What do you think?

Also if you find this ticket is useless, just close it. Thanks

Hello there. I think that would be useful to add to the website a page or a guide to determine if a CPU is vulnerable to the new discovered attacks. I have seen that many CPUs, even old ones are not secure anymore (but there are few ones that still are, like the Opteron 2352!), and I think that this is a very important aspect to highlight. What do you think? Also if you find this ticket is useless, just close it. Thanks
Swift Geek commented 1 month ago
Collaborator

Mitigations belong to kernel, not libreboot, though please elaborate how Opteron 2352 is not affected by any of vulnerabilities of past year(s)

Did you use actual PoC code for each vulnerability or did you use simple checkers that are not actually testing the CPU?

Mitigations belong to kernel, not libreboot, though please elaborate how Opteron 2352 is not affected by any of vulnerabilities of past year(s) Did you use actual PoC code for each vulnerability or did you use simple checkers that are not actually testing the CPU?
eskere commented 1 month ago
Poster

Oh I see the point now. I have used a checker (https://github.com/speed47/spectre-meltdown-checker), so it may be not using actual code for verifying the vulnerabilities. But I also found online that AMD haven't marked this CPU as vulnerable / has reported it as not affected. I don't know how trustworthy this can be, I'll try to run some PoCs. I thought that it would be nice to have a list or a guide to inform the users about this vulnerabilities and which processors can be considered safe (If there are ANY).

Oh I see the point now. I have used a checker (https://github.com/speed47/spectre-meltdown-checker), so it may be not using actual code for verifying the vulnerabilities. But I also found online that AMD haven't marked this CPU as vulnerable / has reported it as not affected. I don't know how trustworthy this can be, I'll try to run some PoCs. I thought that it would be nice to have a list or a guide to inform the users about this vulnerabilities and which processors can be considered safe (If there are ANY).
Sign in to join this conversation.
Loading...
Cancel
Save
There is no content yet.