[packages/microcode-data-intel/notes/commits] Notes added by 'git notes edit'

[Arkadiusz Miśkiewicz]

On Friday 12 of January 2018, glen wrote:
> commit 41aaa0905d3c07a59862eeb06b905fe47a008759
> Author: Elan Ruusamäe <glen at pld-linux.org>
> Date:   Fri Jan 12 10:07:43 2018 +0200
> 
>     Notes added by 'git notes edit'
> 
>  e7ade0a9a21df2fedff39166212ff64f60877f58 | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> ---
> diff --git a/e7ade0a9a21df2fedff39166212ff64f60877f58
> b/e7ade0a9a21df2fedff39166212ff64f60877f58 index 6adaecd..d86d5d6 100644
> --- a/e7ade0a9a21df2fedff39166212ff64f60877f58
> +++ b/e7ade0a9a21df2fedff39166212ff64f60877f58
> @@ -1,3 +1,3 @@
> -microcode update to fix spectre and meltdown bugs
> +20180108: microcode update to fix spectre and meltdown bugs
> 
>  https://www.bleepingcomputer.com/news/security/intel-releases-linux-cpu-mi
> crocodes-to-fix-meltdown-and-spectre-bugs/

It's very unlikely that this microcode FIXES anything.

AFAIK:
- meltdown cannot be fixed on microcode level

- updated microcodes only provide support for IBRS ("indirect branch 
restricted speculation") which requires OS support to be activated and it is 
used to mitigate Spectre Variant 2. IBRS is also very slow in many cases.

At this moment upstream and PLD linux kernels don't have capability to use 
IBRS.

The other mitigation for Spectre v2 is software only "retpoline" (return 
trampoline) feature that doesn't use IBRS, is faster, and is going to be 
default for most of CPUs (when merged at upstream kernel).

-- 
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )