PDA

View Full Version : SLES 12 SP3 Cannot verify if SLES 12 SP3 is protected from MD & Spectre



jayvi
16-Jan-2018, 03:11
According to https://www.suse.com/support/kb/doc/?id=7022512


Verifying if a system is protected :
Following updating the latest kernels, it is possible to check /proc/cpuinfo for 'kaiser' or 'pti' or 'spec_ctrl' information.

When the output includes :
'kaiser' or 'pti' flags, then v3 (Meltdown) protection is active.
'spec_ctrl' flag, then v2/v1 (Spectre) protection is active.

- The 'spec_ctrl' flag implies both v2 and v1 protection, but if it is not present, it means v2 is not active, but v1 still may, as it currently cannot be disabled in SLES - if the installed kernel has it, it's on.


On my SLES 12 SP3 system with the following required fixes


kernel-default-4.4.103-6.38.1
kernel-firmware-20170530-21.16.1
ucode-intel-20180108-13.11.1


I do not find 'spec_ctrl in /proc/cpuinfo. It appears that my system does not have the Spectre v2 protection.

The same issue also applies to my SLES 11 SP4 system with the required fixes for it.

How do I verify that I have the Spectre v2 and v1 protection enabled?

malcolmlewis
16-Jan-2018, 04:30
Hi
They way I understand it is Spectre V1 is implied since it's part of the kernel. According to the TID the nospec option will appear in later updates.

What cpu models are in use and can ask my SUSE Contacts for more info...

malcolmlewis
17-Jan-2018, 23:32
Hi
Keep an eye on the TID, it's been updated again...
https://www.suse.com/support/kb/doc/?id=7022512

It would appear that hardware vendors need to provide their microcade updates, so if they don't for your CPU's then would suggest contacting direct.

jayvi
18-Jan-2018, 02:21
Thanks for the update.