# spectre-meltdown-checker and microcode (intel i7-6700)

## pietinger

Because we had an update of the spectre-meltdown-checker I did a test with:

```
# spectre-meltdown-checker --kernel /boot/EFI/Boot/bzImage.efi --config /usr/src/linux/.config --map /usr/src/linux/System.map  --live
```

and got this information:

```
* CPU microcode is the latest known available version:  YES  (latest version is 0xe2 dated 2020/07/14 according to builtin firmwares DB v165.20201021+i20200616)
```

(0xe2 is correct) and (later) this:

```
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'

* CPU microcode mitigates the vulnerability:  NO 

> STATUS:  VULNERABLE  (your CPU supports SGX and the microcode is not up to date)
```

Now I am confused. Does anybody knows something about this ?

Here is my complete output:

```
Spectre and Meltdown mitigation detection tool v0.44

Checking for vulnerabilities on current system

Kernel is Linux 5.10.46-gentoo #2 SMP Wed Jun 30 15:32:12 CEST 2021 x86_64

CPU is Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz

Hardware check

* Hardware support (CPU microcode) for mitigation techniques

  * Indirect Branch Restricted Speculation (IBRS)

    * SPEC_CTRL MSR is available:  UNKNOWN  (is msr kernel module available?)

    * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)

  * Indirect Branch Prediction Barrier (IBPB)

    * PRED_CMD MSR is available:  UNKNOWN  (is msr kernel module available?)

    * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)

  * Single Thread Indirect Branch Predictors (STIBP)

    * SPEC_CTRL MSR is available:  UNKNOWN  (is msr kernel module available?)

    * CPU indicates STIBP capability:  YES  (Intel STIBP feature bit)

  * Speculative Store Bypass Disable (SSBD)

    * CPU indicates SSBD capability:  YES  (Intel SSBD)

  * L1 data cache invalidation

    * FLUSH_CMD MSR is available:  UNKNOWN  (is msr kernel module available?)

    * CPU indicates L1D flush capability:  YES  (L1D flush feature bit)

  * Microarchitectural Data Sampling

    * VERW instruction is available:  YES  (MD_CLEAR feature bit)

  * Enhanced IBRS (IBRS_ALL)

    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 

    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 

  * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO):  NO 

  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO 

  * CPU/Hypervisor indicates L1D flushing is not necessary on this system:  NO 

  * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):  NO 

  * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO):  NO 

  * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO):  NO 

  * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO):  NO 

  * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR):  NO 

  * CPU supports Transactional Synchronization Extensions (TSX):  YES  (RTM feature bit)

  * CPU supports Software Guard Extensions (SGX):  YES 

  * CPU supports Special Register Buffer Data Sampling (SRBDS):  YES 

  * CPU microcode is known to cause stability problems:  NO  (family 0x6 model 0x5e stepping 0x3 ucode 0xea cpuid 0x506e3)

  * CPU microcode is the latest known available version:  YES  (latest version is 0xe2 dated 2020/07/14 according to builtin firmwares DB v165.20201021+i20200616)

* CPU vulnerability to the speculative execution attack variants

  * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 

  * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 

  * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  YES 

  * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  YES 

  * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES 

  * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  YES 

  * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  YES 

  * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  YES 

  * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  YES 

  * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  YES 

  * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  YES 

  * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  YES 

  * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)):  YES 

  * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)):  YES 

  * Vulnerable to CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)):  YES 

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'

* Mitigated according to the /sys interface:  YES  (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

* Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())

* Kernel has the Red Hat/Ubuntu patch:  NO 

* Kernel has mask_nospec64 (arm64):  NO 

* Kernel has array_index_nospec (arm64):  NO 

> STATUS:  NOT VULNERABLE  (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'

* Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)

* Mitigation 1

  * Kernel is compiled with IBRS support:  YES 

    * IBRS enabled and active:  YES  (for firmware code only)

  * Kernel is compiled with IBPB support:  YES 

    * IBPB enabled and active:  YES 

* Mitigation 2

  * Kernel has branch predictor hardening (arm):  NO 

  * Kernel compiled with retpoline option:  YES 

    * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)

  * Kernel supports RSB filling:  YES 

> STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'

* Mitigated according to the /sys interface:  YES  (Mitigation: PTI)

* Kernel supports Page Table Isolation (PTI):  YES 

  * PTI enabled and active:  YES 

  * Reduced performance impact of PTI:  YES  (CPU supports INVPCID, performance impact of PTI will be greatly reduced)

* Running as a Xen PV DomU:  NO 

> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

CVE-2018-3640 aka 'Variant 3a, rogue system register read'

* CPU microcode mitigates the vulnerability:  YES 

> STATUS:  NOT VULNERABLE  (your CPU microcode mitigates the vulnerability)

CVE-2018-3639 aka 'Variant 4, speculative store bypass'

* Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

* Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)

* SSB mitigation is enabled and active:  YES  (per-thread through prctl)

* SSB mitigation currently active for selected processes:  NO  (no process found using SSB mitigation through prctl)

> STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'

* CPU microcode mitigates the vulnerability:  NO 

> STATUS:  VULNERABLE  (your CPU supports SGX and the microcode is not up to date)

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'

* Mitigated according to the /sys interface:  YES  (Mitigation: PTE Inversion)

* Kernel supports PTE inversion:  YES  (found in kernel image)

* PTE inversion enabled and active:  YES 

> STATUS:  NOT VULNERABLE  (Mitigation: PTE Inversion)

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'

* Information from the /sys interface: Mitigation: PTE Inversion

* This system is a host running a hypervisor:  NO 

* Mitigation 1 (KVM)

  * EPT is disabled:  N/A  (the kvm_intel module is not loaded)

* Mitigation 2

  * L1D flush is supported by kernel:  YES  (found flush_l1d in /proc/cpuinfo)

  * L1D flush enabled:  UNKNOWN  (unrecognized mode)

  * Hardware-backed L1D flush supported:  YES  (performance impact of the mitigation will be greatly reduced)

  * Hyper-Threading (SMT) is enabled:  YES 

> STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'

* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)

* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)

* Kernel mitigation is enabled and active:  YES 

* SMT is either mitigated or disabled:  NO 

> STATUS:  NOT VULNERABLE  (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'

* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)

* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)

* Kernel mitigation is enabled and active:  YES 

* SMT is either mitigated or disabled:  NO 

> STATUS:  NOT VULNERABLE  (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'

* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)

* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)

* Kernel mitigation is enabled and active:  YES 

* SMT is either mitigated or disabled:  NO 

> STATUS:  NOT VULNERABLE  (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'

* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)

* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)

* Kernel mitigation is enabled and active:  YES 

* SMT is either mitigated or disabled:  NO 

> STATUS:  NOT VULNERABLE  (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)

CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'

* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)

* TAA mitigation is supported by kernel:  YES  (found tsx_async_abort in kernel image)

* TAA mitigation enabled and active:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)

> STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT vulnerable)

CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'

* Mitigated according to the /sys interface:  UNKNOWN  (Processor vulnerable)

* This system is a host running a hypervisor:  NO 

* iTLB Multihit mitigation is supported by kernel:  YES  (found itlb_multihit in kernel image)

* iTLB Multihit mitigation enabled and active:  NO 

> STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)

CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'

* Mitigated according to the /sys interface:  YES  (Mitigation: Microcode)

* SRBDS mitigation control is supported by the kernel:  YES  (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)

* SRBDS mitigation control is enabled and active:  YES  (Mitigation: Microcode)

> STATUS:  UNKNOWN  (Not able to enumerate MSR for SRBDS mitigation control)

> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:KO CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:??

Need more detailed information about mitigation options? Use --explain

A false sense of security is worse than no security at all, see --disclaimer
```

----------

## Zucca

I've always looked at 

```
lscpu | grep ^Vuln
```

Apparently this isn't enough?

----------

## disquz

I have the same problem now.

Hardened everything and installed the newest ("~amd64") intel-microcode but that output still turns red for CVE-2018-3615.

Does anyone have any update on this? 

Thanks in advance!

m

----------

## figueroa

Run as root or with sudo. If I run as my user, CVE-2018-3640:KO and CVE-2018-3615:KO are both red. Run with sudo and they are green.

----------

## disquz

 *figueroa wrote:*   

> Run as root or with sudo. If I run as my user, CVE-2018-3640:KO and CVE-2018-3615:KO are both red. Run with sudo and they are green.

 

I have run it as root exclusively. No change, CVE-2018-3615 remains red.

It states: 

```
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'

* CPU microcode mitigates the vulnerability:  NO 

> STATUS:  VULNERABLE  (your CPU supports SGX and the microcode is not up to date)

```

----------

## figueroa

disquz

Are you USING intel-microcode? It's not activated automatically.

----------

## disquz

 *figueroa wrote:*   

> disquz
> 
> Are you USING intel-microcode? It's not activated automatically.

 

Sure I am using intel-microcode.

```

mars ~ # dmesg | grep micro

[    3.217091] microcode: sig=0x806ea, pf=0x80, revision=0xec

[    3.218411] microcode: Microcode Update Driver: v2.2.

```

```

mars ~ # grep EXTRA /usr/src/linux/.config 

CONFIG_EXTRA_FIRMWARE="intel-ucode/06-8e-0a intel/ibt-12-16.sfi intel/ibt-12-16.ddc i915/kbl_dmc_ver1_04.bin iwlwifi-8265-36.ucode regulatory.db regulatory.db.p7s"

CONFIG_EXTRA_FIRMWARE_DIR="/lib/firmware"

# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set

```

----------

## figueroa

I see what you are doing, using the Kernel method of loading the microcode. I've been manually building /boot/early_ucode.cpio and loading it as a GRUB initrd. In fact, I'm just now experimenting with building the intel-microcode automatically with the initramfs USE flag. Further, I can't comment on your CPU, as I only experience my older one. But, I haven't experienced a recent change.

----------

## disquz

Yeah exactly.

I'm following pietingers hardened gentoo setup (Installation Guide for Pranoid Dummies) , where I boot the stub-kernel directly from UEFI without any boot loader (grub). It's a monolithic kernel with everything builtin, no modules, no initramfs nothing like that.

In case you're interested, here's the guide: https://forums.gentoo.org/viewtopic-t-1112798.html (It's in German but Google Translate can help)

----------

