01-02-2018
11:05 PM
- last edited on
03-06-2024
09:57 PM
by
ROGBot
01-11-2018 12:38 AM
Powershell:
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]
Suggested actions
* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True
01-11-2018 12:43 AM
geneo wrote:
I got 9% drop.
01-11-2018 02:45 AM
01-11-2018 11:11 AM
AikonCWD wrote:
@mscaf Since ASUS will not update our z97 MB, I editet the BIOS adding the new Intel's CPU microcode v23.
@gneo That's true. After applying the patch, the system got a bit slower. I got some WHEA errors. This is just horrible and unacceptable. I will rollback and flash the previous BIOS again, waiting for the next (and better) microcode update.
01-12-2018 04:27 AM
AikonCWD wrote:
@mscaf Since ASUS will not update our z97 MB, I editet the BIOS adding the new Intel's CPU microcode v23.
01-12-2018 04:41 AM
trafsta wrote:
I have a Z97-A mobo. Any chance you could share how I can update the microcode for it mitigate Spectre? Currently on Z97-A-ASUS-2801 BIOS.
01-12-2018 05:26 AM
sizeof(void) wrote:
Are you asking how to update a BIOS? Which should be obvious. So ,either the question is too basic or to complex for me to understand... 😄
01-12-2018 11:18 AM
trafsta wrote:
lol 🙂 The Z97-A is not on Asus' "officially-to-be-updated" list of mobo's. But this user has manually injected the new microcode update from Intel into his Z97 Gaming Edition BIOS file using the previously released BIOS firmware. I have done this sort of thing in the past (like a decade ago lol), so I'm hoping it's not too complicated and that this user could share how he did it for other Z97-A users such as myself.
Eventually Asus might decide to officially release a Z97-A BIOS upgrade to mitigate Spectre... but I am not holding my breath
01-12-2018 11:44 AM
AikonCWD wrote:
That is, there is no official way to update our Z97 mobo's. Also ASUS said that they will only update BIOS for mobo's using CPU of 6th, 7th and 8th gen. Our mobo is for 4th gen CPU's, so we won't get any official update from ASUS.
Knowing this, I can use the last official BIOS and inyect the new CPU microcode. It's a bit hard to explain because I'm not an english user and I think it will be a bit hard to me explaining this on english. Anyway... wait. The current Intel's CPU microcode v23 (Haswell, for my i7-4790k) is currently buggy. We need to wait for another update from Intel.
If you wanna need more info on how to edit the official BIOS, I used this:
Repository of Intel's CPU microcode updates: https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File (curent file 1-8-18 is buggy)
Tool to extract latest Intel microcode for bios modding: https://www.wimsbios.com/forum/bios-utilities-flash-programs-f36/tool-extract-latest-intel-microcode...
Python tool to convert BIN microcode into DAT microcodes: https://gist.github.com/aikoncwd/4e6596fdc244b1cdbfd19e3f4558ee68 (to perfom integrity checks)
Database to know the CPUID of your current CPU: http://www.cpu-world.com/cgi-bin/CPUID.pl
A tool to edit BIOS and inyect microcodes: https://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html
A tool called AFUDOS to writte the modded BIOS, bypassing ASUS integrity check: https://ami.com/en/resources/resource-library/?product=Aptio%20V&productid=15&type=related
01-14-2018 06:08 AM
SumTingWong wrote:
Computer cannot get infected without user interactions, am I right? So as Intel said, attacker need to access your OS locally, so this is not an airborne attack. It require you to access a malicious site or an email attachment or whatever able to deliver the payload, and run the malicious application in order to exploits Meltdown and Spectre vulnerability. But that doesn't mean we shouldn't patch it before it too late. Microsoft already done their part on Meltdown, and Intel vows that at the end of January all CPU been produced the last 5 years will be patch. However, Intel doesn't tell us how this will be distribute, but Intel did mentioned that they are working with motherboard vendor to push out the firmware to consumers. To put it simply understanding, we have to wait for the motherboard vendors to push them out because Intel have no control on it.