diff options
| author | Jesús <heckyel@hyperbola.info> | 2018-02-21 11:38:05 -0500 |
|---|---|---|
| committer | Jesús <heckyel@hyperbola.info> | 2018-02-21 11:38:05 -0500 |
| commit | 22908433567dbdf4f04674b58bc5e5a211a6846b (patch) | |
| tree | 7a88af2b675436384d7a1dc42d61ec5edcf820f5 | |
| parent | 46f2e717244755b5937674325c36ce431de73d50 (diff) | |
| download | spectre-meltdown-checker-22908433567dbdf4f04674b58bc5e5a211a6846b.tar.lz spectre-meltdown-checker-22908433567dbdf4f04674b58bc5e5a211a6846b.tar.xz spectre-meltdown-checker-22908433567dbdf4f04674b58bc5e5a211a6846b.zip | |
feat(variant2): better explanation when kernel supports IBRS but CPU does not
| -rwxr-xr-x | spectre-meltdown-checker.sh | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 241ab87..ccdc95d 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -530,7 +530,6 @@ pvulnstatus() esac } - # The 3 below functions are taken from the extract-linux script, available here: # https://github.com/torvalds/linux/blob/master/scripts/extract-vmlinux # The functions have been modified for better integration to this script @@ -1225,7 +1224,7 @@ check_cpu() _warn "the mitigations for Spectre), or upgrade to a newer one if available." _warn else - pstatus green NO "$ucode_found" + pstatus blue NO "$ucode_found" fi _info "* CPU vulnerability to the three speculative execution attacks variants" @@ -1651,6 +1650,8 @@ check_variant2() pvulnstatus $cve OK "IBRS is mitigating the vulnerability" elif [ "$ibpb_enabled" = 2 ]; then pvulnstatus $cve OK "Full IBPB is mitigating the vulnerability" + elif [ "$ibrs_supported" = 1 ] && [ "$cpuid_spec_ctrl" != 1 ]; then + pvulnstatus $cve VULN "Your kernel is compiled with IBRS but your CPU microcode is lacking support to successfully mitigate the vulnerability" else pvulnstatus $cve VULN "IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability" fi |