1 files changed, 18 insertions, 16 deletions

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 4c9625a..2a9a874 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -8,7 +8,7 @@
 #
 # Stephane Lesimple
 #
-VERSION=0.19
+VERSION=0.20
 
 # Script configuration
 show_usage()
@@ -101,14 +101,16 @@ _verbose()
 is_cpu_vulnerable()
 {
 	# param: 1, 2 or 3 (variant)
-	# returns 0 if vulnerable, 1 if vulnerable, 2 if not vulnerable, 255 on error
-	variant1=1
-	variant2=1
-	variant3=1
+	# returns 1 if vulnerable, 0 if not vulnerable, 255 on error
+	# by default, everything is vulnerable, we work in a "whitelist" logic here.
+	# usage: is_cpu_vulnerable 2 && do something if vulnerable
+	variant1=0
+	variant2=0
+	variant3=0
 	if grep -q AMD /proc/cpuinfo; then
-		variant1=1
-		variant2=0
-		variant3=0
+		variant1=0
+		variant2=1
+		variant3=1
 	elif grep -qi 'CPU implementer : 0x41' /proc/cpuinfo; then
 		# ARM
 		# reference: https://developer.arm.com/support/security-update
@@ -122,21 +124,21 @@ is_cpu_vulnerable()
 			# arch  7? 7? 7     7     7     8     8      8      8
 			if [ "$cpuarch" = 7 ] && echo "$cpupart" | grep -Eq '^0x(c09|c0f|c0e)$'; then
 				# armv7 vulnerable chips
-				variant1=1
-				variant2=1
+				variant1=0
+				variant2=0
 			elif [ "$cpuarch" = 8 ] && echo "$cpupart" | grep -Eq '^0x(d07|d08|d09|d0a)$'; then
 				# armv8 vulnerable chips
-				variant1=1
-				variant2=1
-			else
 				variant1=0
 				variant2=0
+			else
+				variant1=1
+				variant2=1
 			fi
 			# for variant3, only A75 is vulnerable
 			if [ "$cpuarch" = 8 -a "$cpupart" = 0xd0a ]; then
-				variant3=1
-			else
 				variant3=0
+			else
+				variant3=1
 			fi
 		fi
 	fi
@@ -605,7 +607,7 @@ kpti_support=0
 kpti_can_tell=0
 if [ -n "$opt_config" ]; then
 	kpti_can_tell=1
-	if grep -Eq '^\(CONFIG_PAGE_TABLE_ISOLATION\|CONFIG_KAISER\)=y' "$opt_config"; then
+	if grep -Eq '^(CONFIG_PAGE_TABLE_ISOLATION|CONFIG_KAISER)=y' "$opt_config"; then
 		kpti_support=1
 	fi
 fi