데스크탑 PC 의 microcode update
kernel-5.4.13 빌드를 한뒤 부팅하고 dmesg 와 sysfs 를 확인해보니 역시나 새로운 intel cpu 취약점을 알려주고 있었다. # dmesg | grep -i micro [ 0.172428] TAA: Vulnerable: Clear CPU buffers attempted, no microcode [ 0.172429] MDS: Vulnerable: Clear CPU buffers attempted, no microcode [ 6.553483] microcode: sig=0x506e3, pf=0x2, revision=0xc6 [ 6.553702] microcode: Microcode Update Driver: v2.2. # grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/itlb_multihit:KVM: Mitigation: Split huge pages /sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable /sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling /sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable microcode 를 업데이트 하면 일부는 완화될것으로 생각이 되어 업데이트를 시도!...