How to mitigate Meltdown and Spectre with firmware update
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
How does a firmware update help in mitigating Meltdown and Spectre vulnerabilities?
Is it true that vendors are only releasing a firmware update for the windows platform? What about Linux?
I believed that firmware updates provided a new version of the BIOS. But, how BIOS is related to features like speculative execution of processors?
Thanks
linux security bios firmware
edited Jan 31 at 6:30
user1780242
143116
asked Jan 13 at 2:09
nuggets
384
add a comment |Â
up vote
3
down vote
favorite
How does a firmware update help in mitigating Meltdown and Spectre vulnerabilities?
Is it true that vendors are only releasing a firmware update for the windows platform? What about Linux?
I believed that firmware updates provided a new version of the BIOS. But, how BIOS is related to features like speculative execution of processors?
Thanks
linux security bios firmware
edited Jan 31 at 6:30
user1780242
143116
asked Jan 13 at 2:09
nuggets
384
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
How does a firmware update help in mitigating Meltdown and Spectre vulnerabilities?
Is it true that vendors are only releasing a firmware update for the windows platform? What about Linux?
I believed that firmware updates provided a new version of the BIOS. But, how BIOS is related to features like speculative execution of processors?
Thanks
linux security bios firmware
edited Jan 31 at 6:30
user1780242
143116
asked Jan 13 at 2:09
nuggets
384
How does a firmware update help in mitigating Meltdown and Spectre vulnerabilities?
Is it true that vendors are only releasing a firmware update for the windows platform? What about Linux?
I believed that firmware updates provided a new version of the BIOS. But, how BIOS is related to features like speculative execution of processors?
Thanks
linux security bios firmware
edited Jan 31 at 6:30
user1780242
143116
asked Jan 13 at 2:09
nuggets
384
edited Jan 31 at 6:30
user1780242
143116
edited Jan 31 at 6:30
user1780242
143116
edited Jan 31 at 6:30
user1780242
143116
143116
asked Jan 13 at 2:09
nuggets
384
asked Jan 13 at 2:09
nuggets
384
asked Jan 13 at 2:09
nuggets
384
384
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
It isn't.
The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).
Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.
But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.
Further reading
- Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.
- "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.
Microcode. Debian wiki.
Microcode. Arch wiki.- Intel (2018). Intel Analysis of Speculative Execution Side Channels .
answered Jan 13 at 5:55
JdeBP
28.6k459134
So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
– nuggets
Jan 13 at 8:40
1
Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
– telcoM
Jan 30 at 9:37
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
It isn't.
The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).
Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.
But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.
Further reading
- Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.
- "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.
Microcode. Debian wiki.
Microcode. Arch wiki.- Intel (2018). Intel Analysis of Speculative Execution Side Channels .
answered Jan 13 at 5:55
JdeBP
28.6k459134
So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
– nuggets
Jan 13 at 8:40
1
Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
– telcoM
Jan 30 at 9:37
add a comment |Â
up vote
2
down vote
It isn't.
The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).
Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.
But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.
Further reading
- Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.
- "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.
Microcode. Debian wiki.
Microcode. Arch wiki.- Intel (2018). Intel Analysis of Speculative Execution Side Channels .
answered Jan 13 at 5:55
JdeBP
28.6k459134
So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
– nuggets
Jan 13 at 8:40
1
Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
– telcoM
Jan 30 at 9:37
add a comment |Â
up vote
2
down vote
up vote
2
down vote
It isn't.
The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).
Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.
But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.
Further reading
- Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.
- "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.
Microcode. Debian wiki.
Microcode. Arch wiki.- Intel (2018). Intel Analysis of Speculative Execution Side Channels .
answered Jan 13 at 5:55
JdeBP
28.6k459134
It isn't.
The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).
Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.
But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.
Further reading
- Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.
- "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.
Microcode. Debian wiki.
Microcode. Arch wiki.- Intel (2018). Intel Analysis of Speculative Execution Side Channels .
answered Jan 13 at 5:55
JdeBP
28.6k459134
answered Jan 13 at 5:55
JdeBP
28.6k459134
answered Jan 13 at 5:55
JdeBP
28.6k459134
answered Jan 13 at 5:55
JdeBP
28.6k459134
28.6k459134
So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
– nuggets
Jan 13 at 8:40
1
Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
– telcoM
Jan 30 at 9:37
add a comment |Â
So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
– nuggets
Jan 13 at 8:40
1
Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
– telcoM
Jan 30 at 9:37
So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
– nuggets
Jan 13 at 8:40
So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
– nuggets
Jan 13 at 8:40
1
1
Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
– telcoM
Jan 30 at 9:37
Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
– telcoM
Jan 30 at 9:37
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f416726%2fhow-to-mitigate-meltdown-and-spectre-with-firmware-update%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
