nanook@friendica.eskimo.com
on 12 Nov 06:31
nextcollapse
Microcode would not be a concern with that particular CPU.
ryannathans@aussie.zone
on 12 Nov 06:39
nextcollapse
How does it know if the microcode is outdated?
nanook@friendica.eskimo.com
on 12 Nov 06:42
collapse
@ryannathans@captainkangaroo I'm going to make the wild assumption that the kernel will have a table of the current microcode versions at the time of it's release, but I doubt that will get updated except by kernel upgrades.
Strit@lemmy.linuxuserspace.show
on 12 Nov 11:23
nextcollapse
There’s probably an efivar that reads the current microcode version.
Debian-based distros (and probably most othera as well) actually have a package called “intel-microcode” which gets updated fairly regularly.
nanook@friendica.eskimo.com
on 12 Nov 23:42
collapse
@DaPorkchop_ Oddly, if you build your own kernel and remove the system provided one, the package gets automatically removed as well which is weird, because it is really still needed regardless.
If that’s the case, why wouldn’t they put the microcode in the kernel?
nanook@friendica.eskimo.com
on 12 Nov 23:45
collapse
@ryannathans Why bloat the kernel with the microcode for every intel processor that might need it (and there is a similar thing for AMD) when you don't have that specific processor? It does make more sense for it to be a separate, especially on memory constrained systems. I mean if you've got 256GB of RAM probably not a big deal but if you've got 256MB a big deal.
IrritableOcelot@beehaw.org
on 12 Nov 16:47
nextcollapse
The article does specify that it would report if the newest version of the firmware for the CPU family is not installed, so it doesn’t seem like this is that particular kind of BS.
The Linux kernel would maintain a list of the latest Intel microcode versions for each CPU family, which is based on the data from the Intel microcode GitHub repository. In turn this list would need to be kept updated with new Linux kernel releases and as Intel pushes out new CPU microcode files.
Sounds like that would be outdated for everyone without a rolling distro.
Sounds like a user space application, there’s no place for this in the kernel. So would you need to upgrade kennel and reboot to update the list? Nonsense.
electricprism@lemmy.ml
on 13 Nov 00:45
nextcollapse
How about a Linux Patch that reports binary blobs wirh no source AS __ Security Vulnerabilities __
Or are we not allowed to criticize the back doors that hackers gain access to.
mypasswordis1234@lemmy.world
on 16 Nov 03:59
collapse
Your brain isn’t open source. You’re a security vulnerability
threaded - newest
Microcode would not be a concern with that particular CPU.
How does it know if the microcode is outdated?
@ryannathans @captainkangaroo I'm going to make the wild assumption that the kernel will have a table of the current microcode versions at the time of it's release, but I doubt that
will get updated except by kernel upgrades.
There’s probably an efivar that reads the current microcode version.
Debian-based distros (and probably most othera as well) actually have a package called “intel-microcode” which gets updated fairly regularly.
@DaPorkchop_ Oddly, if you build your own kernel and remove the system provided one, the package gets automatically removed as well which is weird, because it is really still needed regardless.
If that’s the case, why wouldn’t they put the microcode in the kernel?
@ryannathans Why bloat the kernel with the microcode for every intel processor that might need it (and there is a similar thing for AMD) when you don't have that specific processor? It does make more sense for it to be a separate, especially on memory constrained systems. I mean if you've got 256GB of RAM probably not a big deal but if you've got 256MB a big deal.
The kernel compilation is already configurable between megabytes and gigabyte+
Distros pick their featureset
The real thing is: can you update the microcode of older CPUs? If not then it’s a marketing strategy.
I mean, it’s still good to know if you’re vulnerable right (for sake of discussion)?
@GolfNovemberUniform @captainkangaroo Yes and Linux includes software to do this.
The article does specify that it would report if the newest version of the firmware for the CPU family is not installed, so it doesn’t seem like this is that particular kind of BS.
It sounds like the criterion is “is newer microcode available”. So it doesn’t look like a marketing strategy to sell new CPUs.
Sounds like that would be outdated for everyone without a rolling distro.
Stable distros can and will backport security fixes. Good ones that is.
Yeah, methinks this will be one of those alerts pretty much everyone will be like “yeah, yeah, I know” and click to silence those notifications.
Sounds like a user space application, there’s no place for this in the kernel. So would you need to upgrade kennel and reboot to update the list? Nonsense.
How about a Linux Patch that reports binary blobs wirh no source AS __ Security Vulnerabilities __
Or are we not allowed to criticize the back doors that hackers gain access to.
Your brain isn’t open source. You’re a security vulnerability
Don’t let your dreams be dreams.
So the patch is just copying the existing warning to a standard location?