The officially official Devuan Forum!

You are not logged in.

#1 2018-01-13 23:17:33

chillfan
Member
Registered: 2016-12-01
Posts: 56  

How to fix the meltdown and spectre issue in Devuan

Some information about mitigating the recent issues for Devuan users. I don't own any AMD hardware, so these instructions are for intel only.

Upgrade the kernel

It's worth knowing that Devuan does nothing to change the kernel images, and provides the Debian packaged kernels. So you can check with the Debian security tracker for the current status of the kernel packages.

https://security-tracker.debian.org/tra … kage/linux

Meltdown is fixed in all the Devuan branches, so you can upgrade your kernel right now to protect against meltdown.

apt-get update
apt-get dist-upgrade

This should be enough to get the kernel updates if you have the linux-image-<insertyourarch> virtual package installed. Otherwise search for the latest image version.

apt-cache search ^linux-image-

And install it like this for example.

apt-get install linux-image-3.16.0-5-amd64
Update the microcode using GRUB

Intel recently released new microcode. It's not known for sure if it's related to meltdown/spectre yet, but if you want to update the microcode anyway here's how to go about it. You don't need to do this if your motherboard vendor has released a BIOS update with the microcode.

Find and download the latest microcode from downloadcenter.intel.com. The latest at time of writing is here.

Change to the /lib/firmware directory (as root).

cd /lib/firmware/

And unpack the tarball here.

tar xf /home/youruser/Downloads/microcode*tgz

The Gentoo wiki page here explains how to convert the ucode into an initrd image that grub can use.

On Devuan install the iucode-tool package.

apt-get install iucode-tool

And generate the image for grub to use (if you use a boot partition make sure it's mounted).

iucode_tool -S --write-earlyfw=/boot/early_ucode.cpio /lib/firmware/intel-ucode/*

And you will need to make the changes in /etc/grub.d/10_linux as pointed out in the grub section. When you're happy with the changes update grub like this.

dpkg-reconfigure grub-pc

And you'll need to reboot for the changes to take effect.

reboot

And see the verification section from the gentoo wiki as well.

If you're an NVIDIA driver user you should update those to 384.111 for the stable release and 390.25 for the latest version (not covered here). You'll need to use the nvidia.com driver search feature to find those versions.

Last edited by chillfan (2018-02-04 04:54:04)

Offline

#2 2018-01-14 16:20:32

fungus
Member
From: Any witch way
Registered: 2017-07-12
Posts: 497  
Website

Re: How to fix the meltdown and spectre issue in Devuan

Thank you for the information but your subject is slightly misleading.
Spectre has only partially been dealt with and the fix seems very far away.

Offline

#3 2018-01-25 19:53:20

siva
Member
Registered: 2018-01-25
Posts: 282  

Re: How to fix the meltdown and spectre issue in Devuan

fyi, x86 is still vulnerable to meltdown.

Offline

#4 2018-02-03 12:49:56

chillfan
Member
Registered: 2016-12-01
Posts: 56  

Re: How to fix the meltdown and spectre issue in Devuan

fungus wrote:

Thank you for the information but your subject is slightly misleading.
Spectre has only partially been dealt with and the fix seems very far away.

True, the title was poorly chosen. Really this should be titled "How to mitigate Meltdown and Spectre" as it's unclear if they will ever be fixed. This is basically just how to apply the mitigations if/when they are available.

From what I can tell about Spectre it needs mitigations in userland, and maybe even mitigations during compile time using a patched gcc.

Last edited by chillfan (2018-02-03 12:50:15)

Offline

#5 2018-02-04 00:14:18

greenjeans
Member
Registered: 2017-04-07
Posts: 543  
Website

Re: How to fix the meltdown and spectre issue in Devuan

Just need to maybe get with a packager and have them package the newest version, the microcode version in the repo is the next-to-latest version, it's from July 2017 and the newest one is November 2017, so it's not like the current jessie microcode package is way old or anything.

I kinda doubt it has any fixes for meltdown in it.


https://sourceforge.net/projects/vuu-do/
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.

Please donate to support Devuan and init freedom! https://devuan.org/os/donate

Offline

#6 2018-02-04 04:49:59

chillfan
Member
Registered: 2016-12-01
Posts: 56  

Re: How to fix the meltdown and spectre issue in Devuan

greenjeans wrote:

Just need to maybe get with a packager and have them package the newest version, the microcode version in the repo is the next-to-latest version, it's from July 2017 and the newest one is November 2017, so it's not like the current jessie microcode package is way old or anything.

I kinda doubt it has any fixes for meltdown in it.

Also Intel looks to have pulled the latest microcode for 2018, so most people have to wait for this to change.

Offline

#7 2018-02-05 20:53:01

greenjeans
Member
Registered: 2017-04-07
Posts: 543  
Website

Re: How to fix the meltdown and spectre issue in Devuan

chillfan wrote:

Also Intel looks to have pulled the latest microcode for 2018,

Ahh, well hopefully that means they may be working on some mitigation for this issue, will be watching for any new updates.


https://sourceforge.net/projects/vuu-do/
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.

Please donate to support Devuan and init freedom! https://devuan.org/os/donate

Offline

#8 2018-02-05 21:03:50

fungus
Member
From: Any witch way
Registered: 2017-07-12
Posts: 497  
Website

Re: How to fix the meltdown and spectre issue in Devuan

They haven't just pulled, they said whoever made the mistake of applying it is screwed, in nicer terms.  But some distributions still have the 01/18 microcode available.

Offline

#9 2018-02-08 20:21:23

greenjeans
Member
Registered: 2017-04-07
Posts: 543  
Website

Re: How to fix the meltdown and spectre issue in Devuan

chillfan wrote:
greenjeans wrote:

Just need to maybe get with a packager and have them package the newest version, the microcode version in the repo is the next-to-latest version, it's from July 2017 and the newest one is November 2017, so it's not like the current jessie microcode package is way old or anything.

I kinda doubt it has any fixes for meltdown in it.

Also Intel looks to have pulled the latest microcode for 2018, so most people have to wait for this to change.

Debian does have the November update, in stretch-backports, maybe it's in Devuan ascii backports or proposed?


https://sourceforge.net/projects/vuu-do/
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.

Please donate to support Devuan and init freedom! https://devuan.org/os/donate

Offline

#10 2018-07-27 14:47:33

boycottsystemd
Member
Registered: 2017-09-25
Posts: 101  

Re: How to fix the meltdown and spectre issue in Devuan

Hello, just in case someone is interested: Intel has issued new CPU microcode (20180703):

https://downloadcenter.intel.com/downlo … uct=122139

Last edited by boycottsystemd (2018-07-27 14:51:43)

Offline

#11 2018-07-31 22:06:34

ivanovnegro
Member
Registered: 2018-05-15
Posts: 57  

Re: How to fix the meltdown and spectre issue in Devuan

It is already available in ascii-backports.

Offline

Board footer