meltdown/spectre patch for linux peppermint and mint help!

Discussion in 'all things UNIX' started by taleblou, Jan 11, 2018.

  1. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,221
    Hi:

    with the this nasty intel mess and the patches for meltdown/spectre bug effecting all OP systems incl. linux going around, I need the patch and the steps to do it in peppermint-8 and mint 18.3 please.

    I already ran the check to see if my system is vulnerable to per linux meltdown/spectre vulnerability checker for linux and my system is vulnerable to spectre only and not meltdown and needs to be updated.

    can anyone help me to update or patch this vulnerability? thanks in advance.
     
  2. Scott W

    Scott W Registered Member

    Joined:
    Sep 21, 2008
    Posts:
    590
    Location:
    USA
    @taleblou, unfortunately I don't believe those linux kernel patches have been released yet.

    Btw, as a Peppermint OS 8 user, would you please let me know how well it's working out for you as well as the PC platform configuration on which it's installed (since that would be OT, you can reply via PM),
     
  3. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,221
    thx. I see articles that updates and patches are available but are not working on mine? my peppermint does not update with those commands. (patches steps: https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability/ ).

    Now to answer your question on peppermint-8 is that it is working great and very stable and no issues. The graphics looks sharper and much better compare to mint 18. I have it on a ASUS intel i3 desktop pc with 12GB ram and 1TB HDD and running it as the only OP. I have turned the intel virtualization on and have turned UEFI secure boot off (because virtual box does not work in UEFI enabled linux). I have used it as both with secure boot on and wothout it and all been working smooth and great. Only when you use secure boot, certain updates require you to turn secure boot off and on via a password to be installed. So its better to use "other OP" option and install it.
     
  4. Scott W

    Scott W Registered Member

    Joined:
    Sep 21, 2008
    Posts:
    590
    Location:
    USA
    Thanks for that info. ;)
     
  5. boombastik

    boombastik Registered Member

    Joined:
    Oct 7, 2010
    Posts:
    229
    Location:
    Greece
    -https://support.lenovo.com/gr/el/solutions/len-18282

    1 – (Kaby Lake U/Y, U23e, H/S/X) Symptom: Intermittent system hang during system sleep (S3) cycling. If you have already applied the firmware update and experience hangs during sleep/wake, please flash back to the previous BIOS/UEFI level, or disable sleep (S3) mode on your system; and then apply the improved update when it becomes available. If you have not already applied the update, please wait until the improved firmware level is available.

    2 – (Broadwell E) Symptom: Intermittent blue screen during system restart. If you have already applied the update, Intel suggests continuing to use the firmware level until an improved one is available. If you have not applied the update, please wait until the improved firmware level is available.

    3 – (Broadwell E, H, U/Y; Haswell standard, Core Extreme, ULT) Symptom: Intel has received reports of unexpected page faults, which they are currently investigating. Out of an abundance of caution, Intel requested Lenovo to stop distributing this firmware.


    Also for perfomance is this:
    Variant 1: Bounds check bypass (CVE-2017-5753)--------> Zero perfomance impact
    Requires operating system updates

    Variant 2: Branch target injection (CVE-2017-5715)-------->Huge perfomance impact <skylake because with skylake and after they have optimized the microcodes for the inspection.
    Requires processor microcode updates

    Variant 3: Rogue data cache load (CVE-2017-5754)-------->Huge perfomance impact<haswell
    Requires operating system updates
     
Loading...