[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Meltdown / Spectre
|
From: |
Chris Marusich |
|
Subject: |
Re: Meltdown / Spectre |
|
Date: |
Wed, 10 Jan 2018 01:36:18 -0800 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Alex Vong <address@hidden> writes:
> Hello,
>
> I hope this is on topic. Recently, 2 critical vulnerabilities (see
> https://meltdownattack.com/) affecting virtually all intel cpus are
> discovered. I am running libreboot x200 (see
> https://www.fsf.org/ryf). What should I do right now to patch my laptop?
>
> Cheers,
> Alex
According to the user named _4of7 in the #libreboot channel of the
Freenode IRC network, the email list address@hidden is down.
So the Libreboot maintainers have probably not seen this email thread.
According to _4of7, currently the best way to contact the Libreboot
maintainers is IRC. It would probably be best to ask there. If you get
a response, please don't forget to update us here on this thread!
When I asked in #freenode today, _4of7 responded as follows:
<_4of7> There's not much we can do from the Libreboot side, but there are
<_4of7> mitigations on kernel side... since it's exploitable from javascript
<_4of7> you could also e.g. not run JavaScript. specing on #libreboot IRC had
<_4of7> the idea to run Firefox without the JIT enabled - we both tried to
<_4of7> compile the latest ESR however, with --disable-ion, and it segfaulted.
<_4of7> I tried to build ff 45esr instead, but that build failed.
I'm not sure who _4of7 is, so I don't know if they speak for the
Libreboot project.
Mark H Weaver <address@hidden> writes:
> Marius Bakke <address@hidden> writes:
>
>> Katherine Cox-Buday <address@hidden> writes:
>>
>>> Chris Marusich <address@hidden> writes:
>>>
>>>> Leo Famulari <address@hidden> writes:
>>>
>>>> I wonder: how easy will it be to install those firmware/microcode
>>>> updates if you are using GuixSD? In particular, I'm curious about the
>>>> case of the Lenovo x200 with libreboot, since that's what I use
>>>> personally.
>>>
>>> I am also interested -- more from a philisophical perspective -- how
>>> GuixSD and GNU squares with these kinds of security updates.
>>
>> In my opinion, CPU microcode falls under "non-functional data", as
>> expressly permitted by the GNU FSDG.
>
> I strongly disagree. CPU microcode is absolutely functional data.
> It determines how the CPU functions.
Does the GNU Project have a policy regarding this sort of thing? I
wasn't able to find any articles on gnu.org that discuss it.
If no such policy exists, then should this topic be discussed somewhere
like address@hidden I don't know where discussions like
this normally take place within the GNU project. It's definitely a
discussion worth having, though.
--
Chris
signature.asc
Description: PGP signature
- Re: Meltdown / Spectre, (continued)
- Re: Meltdown / Spectre, Chris Marusich, 2018/01/15
- Re: Meltdown / Spectre, Gábor Boskovits, 2018/01/17
- Re: Meltdown / Spectre, Alex Vong, 2018/01/14
- Re: Meltdown / Spectre, Mark H Weaver, 2018/01/09
- Re: Meltdown / Spectre, Leo Famulari, 2018/01/10
- Re: Meltdown / Spectre, Ludovic Courtès, 2018/01/16
- Re: Meltdown / Spectre, Mike Gerwitz, 2018/01/16
- Re: Meltdown / Spectre, Ludovic Courtès, 2018/01/17
- Re: Meltdown / Spectre,
Chris Marusich <=
- Re: Meltdown / Spectre, Adonay Felipe Nogueira, 2018/01/10
- Re: Meltdown / Spectre, Tobias Platen, 2018/01/10
- Re: Meltdown / Spectre, Gábor Boskovits, 2018/01/10
- Re: Meltdown / Spectre, Marius Bakke, 2018/01/11
- Re: Meltdown / Spectre, Pjotr Prins, 2018/01/15
- Re: Meltdown / Spectre, Mike Gerwitz, 2018/01/15
- Re: Meltdown / Spectre, Pjotr Prins, 2018/01/16
- Re: Meltdown / Spectre, Chris Marusich, 2018/01/12
Re: What do Meltdown and Spectre mean for libreboot x200 user?, Leah Rowe, 2018/01/10