spectre meltdown can you tell level of danger a libreboot t400 is exposed to?

2 replies [Last post]
tonlee
Offline
Joined: 09/08/2014

https://github.com/speed47/spectre-meltdown-checker

I ran the script on a libreboot t400.
SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO CVE-2019-11135:OK CVE-2018-12207:OK

Saying 6 vulnerabilities are present. Several times it says new
cpu microcode is required. Can you explain, how insecure
the computer is because of these vulnerabilities?
Thank you.

zigote
Offline
Joined: 03/04/2019

You can also check for vulnerabilities using:

grep . /sys/devices/system/cpu/vulnerabilities/*

> Several times it says new cpu microcode is required.

Some of the vulnerabilities can be mitigated only through microcode.

> Can you explain, how insecure the computer is because of these vulnerabilities?

The CPU vulnerabilites generally relate to the possibility of something getting access to something else which it is not supposed to be possible, e.g. accessing kernel data from userspace, reading privileged memory or one VM reading the memory of another VM, javascript from a website reading your RAM contents etc. You can find detailed info on the web about each of the CVEs.

In short: it is a big issue. Everyone recommends updating the microcode and/or getting a newer CPU with hardware mitigations. Of course - new hardware means "freedom" issues.

tonlee
Offline
Joined: 09/08/2014

> big issue

But it is not possible to say if it is likely that
the computer will encounter one of the
exploits? Or which exploits are more likely
to encounter than others?

The likelihood of encountering an
exploit could affect whether it is more opportune to
utilize a new computer which is protected against
the exploits.