How to mitigate Spectre and Meltdown kernel memory leaking CPU bug on OpenBSD

cpukernelmemory leaksopenbsdSecurity

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

and

Reading privileged memory with a side-channel

In recent news people could read about a kernel memory leaking CPU bug.

If using OpenBSD, how can we defend ourselves? Or OpenBSD isn't affected?

Best Answer

CPU microcode update code for amd64

https://undeadly.org/cgi?action=article;sid=20180115073406

https://marc.info/?l=openbsd-tech&m=151588857304763&w=2

When you fw_update, you'll get the firmware files.

Upon a reboot, it will attempt to update the microcode on your cpus. Maybe there isn't a new microcode. Maybe your BIOS has a copy of the microcode and installs it before booting OpenBSD.

This firmware installation is done a little late. Doing it better will require some work in the bootblocks to find the firmware files, but time is a bit short to do that right now.

The branch-target-cache flushing features added in new microcode are not being used yet. There is more code which has to be written, but again other work is happening first.

Also, Intel is saying their new microcodes sucks and people should wait a little.

"Hi, my name is Intel and I'm an cheating speculator".

So the current status: do a "fw_update" command as root and reboot.

Best Answer

Related Solutions

Related Question