How to mitigate Meltdown and Spectre with firmware update

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












How does a firmware update help in mitigating Meltdown and Spectre vulnerabilities?



Is it true that vendors are only releasing a firmware update for the windows platform? What about Linux?



I believed that firmware updates provided a new version of the BIOS. But, how BIOS is related to features like speculative execution of processors?



Thanks







share|improve this question


























    up vote
    3
    down vote

    favorite












    How does a firmware update help in mitigating Meltdown and Spectre vulnerabilities?



    Is it true that vendors are only releasing a firmware update for the windows platform? What about Linux?



    I believed that firmware updates provided a new version of the BIOS. But, how BIOS is related to features like speculative execution of processors?



    Thanks







    share|improve this question
























      up vote
      3
      down vote

      favorite









      up vote
      3
      down vote

      favorite











      How does a firmware update help in mitigating Meltdown and Spectre vulnerabilities?



      Is it true that vendors are only releasing a firmware update for the windows platform? What about Linux?



      I believed that firmware updates provided a new version of the BIOS. But, how BIOS is related to features like speculative execution of processors?



      Thanks







      share|improve this question














      How does a firmware update help in mitigating Meltdown and Spectre vulnerabilities?



      Is it true that vendors are only releasing a firmware update for the windows platform? What about Linux?



      I believed that firmware updates provided a new version of the BIOS. But, how BIOS is related to features like speculative execution of processors?



      Thanks









      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 31 at 6:30









      user1780242

      143116




      143116










      asked Jan 13 at 2:09









      nuggets

      384




      384




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          2
          down vote













          It isn't.



          The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).



          Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.



          But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.



          Further reading



          • Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.

          • "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.


          • Microcode. Debian wiki.


          • Microcode. Arch wiki.

          • Intel (2018). Intel Analysis of Speculative Execution Side Channels .





          share|improve this answer




















          • So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
            – nuggets
            Jan 13 at 8:40







          • 1




            Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
            – telcoM
            Jan 30 at 9:37










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f416726%2fhow-to-mitigate-meltdown-and-spectre-with-firmware-update%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          2
          down vote













          It isn't.



          The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).



          Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.



          But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.



          Further reading



          • Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.

          • "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.


          • Microcode. Debian wiki.


          • Microcode. Arch wiki.

          • Intel (2018). Intel Analysis of Speculative Execution Side Channels .





          share|improve this answer




















          • So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
            – nuggets
            Jan 13 at 8:40







          • 1




            Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
            – telcoM
            Jan 30 at 9:37














          up vote
          2
          down vote













          It isn't.



          The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).



          Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.



          But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.



          Further reading



          • Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.

          • "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.


          • Microcode. Debian wiki.


          • Microcode. Arch wiki.

          • Intel (2018). Intel Analysis of Speculative Execution Side Channels .





          share|improve this answer




















          • So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
            – nuggets
            Jan 13 at 8:40







          • 1




            Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
            – telcoM
            Jan 30 at 9:37












          up vote
          2
          down vote










          up vote
          2
          down vote









          It isn't.



          The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).



          Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.



          But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.



          Further reading



          • Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.

          • "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.


          • Microcode. Debian wiki.


          • Microcode. Arch wiki.

          • Intel (2018). Intel Analysis of Speculative Execution Side Channels .





          share|improve this answer












          It isn't.



          The updates that need to happen are microcode updates. Microcode is code that runs inside your central processor itself, that does the work of understanding and enacting processor instructions (in all programs, from the programs in your firmware to the programs that you download and run from the WWW).



          Firmware updates are in fact largely irrelevant to this issue, only being involved in the sense that one way to perform microcode updates is for your machine's firmware to upload the new microcode, from a binary image that is embedded into the firmware image.



          But that is just one way for that to be done; your operating system can do it, too. There is nothing special about the machine instruction that triggers a microcode update that restricts its execution to just your machine firmware.



          Further reading



          • Ben Hawkes (2012). Notes on Intel Microcode Updates. Inertiawar.com.

          • "What is microcode? How do I install Intel CPU microcode updates?". FreeBSD Frequently Asked Questions.


          • Microcode. Debian wiki.


          • Microcode. Arch wiki.

          • Intel (2018). Intel Analysis of Speculative Execution Side Channels .






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jan 13 at 5:55









          JdeBP

          28.6k459134




          28.6k459134











          • So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
            – nuggets
            Jan 13 at 8:40







          • 1




            Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
            – telcoM
            Jan 30 at 9:37
















          • So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
            – nuggets
            Jan 13 at 8:40







          • 1




            Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
            – telcoM
            Jan 30 at 9:37















          So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
          – nuggets
          Jan 13 at 8:40





          So, can we say that the firmware updates by vendors like hp, dell, etc. to mitigate meltdown contains the microcodes updates done by intel ?
          – nuggets
          Jan 13 at 8:40





          1




          1




          Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
          – telcoM
          Jan 30 at 9:37




          Yes. Note that the microcode update adds a feature to the processor that is (supposedly) helpful in mitigating the Spectre Variant 2; however it looks like the first microcode version with that feature caused problems to some systems. Also, the suggested Linux patches from Intel that actually use the new feature caused a "spirited discussion" among the Linux kernel devs. Looks like the devs are finding a solution that can achieve Spectre mitigation with better performance than the firmware feature, at least for non-Skylake CPUs.
          – telcoM
          Jan 30 at 9:37












           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f416726%2fhow-to-mitigate-meltdown-and-spectre-with-firmware-update%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?