Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider adding intel-microcode to the list of dependencies #3663

Closed
emkll opened this issue Jul 27, 2018 · 4 comments
Closed

Consider adding intel-microcode to the list of dependencies #3663

emkll opened this issue Jul 27, 2018 · 4 comments
Projects
SecureDrop Team Board

Comments

@emkll
Copy link
Contributor

emkll commented Jul 27, 2018

Description

Several vulnerabilities have been discovered in x86 processors. The initial round of vulnerabilities (Meldown, Spectre v1, v2) could be fully mitigated in the kernel.

At this time, the second round of vulnerabilities (Spectre v3a and v4) require kernel level mitigation and microcode updates (via the intel-microcode package [0] are also required, and are not yet available in Trusty [1].

The risk should be quite low, however, as these vulnerabilities require code execution on the hosts in order to exploit these vulnerabilities.

We should also note that the intel-firmware package contains non-free binary blobs that update the cpu's microcode at boot-time.

User Stories

As a SecureDrop administrator, I would like my SecureDrop instance to have the most complete mitigations against CPU-based attacks.

[0] : https://downloadcenter.intel.com/search?keyword=linux+microcode
[1] : https://launchpad.net/ubuntu/+source/intel-microcode
@emkll emkll changed the title Consider adding intel-microcode to the list dependencies Consider adding intel-microcode to the list of dependencies Jul 27, 2018
@emkll emkll mentioned this issue Jul 27, 2018
Closed
@emkll
Copy link
Contributor Author

emkll commented Nov 28, 2018

Closed via #3494

@emkll emkll closed this as completed Nov 28, 2018
This was referenced Dec 3, 2018
Closed
Merged
@emkll
Copy link
Contributor Author

emkll commented Dec 3, 2018

reopened via #3955

@emkll emkll reopened this Dec 3, 2018
@rmol
Copy link
Contributor

rmol commented Apr 19, 2019

I think we can look at this again, as both intel-microcode and iucode-tool are available in xenial-security.

@eloquence eloquence added this to Nominated for next sprint (6/12-6/26) in SecureDrop Team Board Jun 12, 2019
@eloquence eloquence moved this from Current sprint nominations (in progress) to Current Sprint - 6/12-6/26 in SecureDrop Team Board Jun 12, 2019
@emkll emkll moved this from Current Sprint - 6/12-6/26 to In Development in SecureDrop Team Board Jun 19, 2019
@emkll emkll mentioned this issue Jun 19, 2019
Merged
6 tasks
@emkll
Copy link
Contributor Author

emkll commented Jun 21, 2019

Closed via #4543

@emkll emkll closed this as completed Jun 21, 2019
SecureDrop Team Board automation moved this from In Development to Done Jun 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emkll @rmol