• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required. There are many reviews of audio hardware and expert members to help answer your questions. Click here to have your audio equipment measured for free!

Intel Kernel Bug

Sal1950

Grand Contributor
The Chicago Crusher
Forum Donor
Joined
Mar 1, 2016
Messages
14,073
Likes
16,609
Location
Central Fl

amirm

Founder/Admin
Staff Member
CFO (Chief Fun Officer)
Joined
Feb 13, 2016
Messages
44,376
Likes
234,502
Location
Seattle Area
or their saviour to be

Intel Appoints New CTO


"... Dr. Mayberry will be the third CTO in Intel’s history after Pat Gelsinger and Justin Rattner. After the former resigned from the position in mid-2013, it remained vacant for nearly half of a decade."
CTOs in these companies don't do much. They handle miscellaneous things like going to Davos to rub shoulders with other execs/politicians, meeting with other company CTOs to build relationships, etc. The development groups are too large to listen to any one individual.
 

svart-hvitt

Major Contributor
Joined
Aug 31, 2017
Messages
2,375
Likes
1,253
CTOs in these companies don't do much. They handle miscellaneous things like going to Davos to rub shoulders with other execs/politicians, meeting with other company CTOs to build relationships, etc. The development groups are too large to listen to any one individual.

Even Jobs?

Strange how that Apple rottened after his departure (RIP).
 

amirm

Founder/Admin
Staff Member
CFO (Chief Fun Officer)
Joined
Feb 13, 2016
Messages
44,376
Likes
234,502
Location
Seattle Area
Even Jobs?
Jobs was not a CTO. He was the CEO.

In some companies CTOs hae more important roles and sometimes manage engineering. It is just not the case at Microsoft and Intel. And a number of other companies I have run into.
 
D

Deleted member 65

Guest
Don’t install any firmware updates.

"I don’t care if they have security certificates from the Vatican.
If your Dell Update or SupportAssist or HP Update Tools or Lenovo System Update or Fujitsu DeskUpdate tool tells you that you absolutely have to have this juicy new version of your machine’s microcode or firmware (BIOS or UEFI update), laugh demonically as you click No Way.

Neither Intel nor AMD have reliable Meltdown/Spectre patches just yet. And we’ve seen the mess created by Intel’s garbage patches, even though they had six months to build and test them."

https://www.computerworld.com/artic...id-the-snake-oil-and-get-windows-updated.html
 
D

Deleted member 65

Guest
Security Issue Update: Progress Continues on Firmware Updates

"Intel continues to work closely with industry partners to protect customers against the security exploits disclosed by Google Project Zero....
Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days. ...
Finally, while we continue to make progress, I recognize there is still more work to do."

https://newsroom.intel.com/news/security-issue-update-progress-continues-firmware-updates/

What Intel actually saying is something like:
“Hey, we spent six months coming up with new firmware to fix Spectre, released it, and bricked a bunch of machines. We went back to the drawing board and, two weeks later, came up with new firmware that won’t brick your machines. Have at it.”

https://www.askwoody.com/2018/intel-says-its-new-spectre-busting-skylake-firmware-patch-is-ready/
 
D

Deleted member 65

Guest
Meltdown-Spectre flaws: We've found new attack variants, say researchers

https://www.zdnet.com/article/meltdown-spectre-flaws-weve-found-new-attack-variants-say-researchers/

"Researchers have developed a tool to uncover new ways of attacking the Meltdown and Spectre CPU side-channel flaws, which may force chipmakers like Intel to re-examine already difficult hardware mitigations.
...
The result is MeltdownPrime and SpectrePrime, which can leak the same type of information with the same level of precision as Meltdown and Spectre. The Prime variants rely on "invalid-based coherence protocols". "
 
D

Deleted member 65

Guest
Standalone Win10 Meltdown and Spectre Patch Available

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: March 1, 2018
********************************************************************


Security Advisories Released or Updated on March 1
===================================================================


* Microsoft Security Advisory ADV180002


– Title: Guidance to mitigate speculative execution side-channel
vulnerabilities
– https:https://portal.msrc.microsoft.com/en-US/security-guidance/
advisory/ADV180002
– Reason for Revision: Added FAQ#14 to announce that a stand-alone
update for Windows 10 Version 1709 is available via the Microsoft
Update Catalog. This update includes microcode updates from Intel.
See Microsoft Knowledge Base Article 4090007 (https://support.
microsoft.com/en-us/help/4090007/intel-microcode-updates) for
more information.
– Originally posted: January 3, 2018
– Updated: March 1, 2018
– Version: 13.0


My recommendation would (still) be to refrain from updating ...

Edit: Note that this is Microsoft assisting Intel. This is an Intel microcode update Not a Windows patch.
 
Last edited by a moderator:
D

Deleted member 65

Guest
Latest update from Intel:

https://newsroom.intel.com/editorials/advancing-security-silicon-level/

"First, we have now released microcode updates for 100 percent of Intel products launched in the past five years that require protection against the side-channel method vulnerabilities discovered by Google.
...
While Variant 1 will continue to be addressed via software mitigations, we are making changes to our hardware design to further address the other two. We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3."

I for one am not updating my Intel CPU's.
 

amirm

Founder/Admin
Staff Member
CFO (Chief Fun Officer)
Joined
Feb 13, 2016
Messages
44,376
Likes
234,502
Location
Seattle Area
Another one: smashport, don’t forget to update OpenSSL. If you do not use automatic security update, my advise is to do so.
Thanks. I think the floodgates have been opened and we will see vulnerability after vulnerability because no security audits were performed on these general purpose CPUs. Fortunately this one requires allowing someone to run native code on the target machine to expose the problem:

1541359158494.png


So the exposure is very limited.

For sure the OpenSSL patch needs to be there. Shame people did not notice the behavioral leakage out of it prior to this.
 

Grave

Senior Member
Joined
Jun 30, 2018
Messages
382
Likes
204
I do not know much about computer software. The latest BIOS for my motherboard does not work and it includes an Intel microcode update. My BIOS settings will not save and my PC restarts several times whenever I start it up. The 3.1 version in the link below works perfectly. Is there anything I can do to get the latest version to work? My BIOS is still mostly up to date, so I am guessing it does not matter.

https://www.asrock.com/MB/Intel/Z370 Killer SLIac/index.asp#BIOS
 
Last edited:
Top Bottom