Pine64 board with UNKNOWN status reported as not vulnerable

[jeanbruder-zz]

Dear Speed47,

Bellow if the output of the provided script executed on a Pine64 board running Linux. The CPU is not detected properly. The report show the board as NOT VULNERABLE, but some tests results are UNKNOWN : Can you please confirm if the board/CPU is vulnerable or not ?

jean@owncloud:~/scripts/spectre-meltdown-checker$``
sudo ./spectre-meltdown-checker.sh -v
[sudo] password for jean:
Spectre and Meltdown mitigation detection tool v0.31
Checking for vulnerabilities against running kernel Linux 3.10.105-0-pine64-longsleep #3 SMP PREEMPT Sat Mar 11 16:05:53 CET 2017 aarch64
CPU is
Will use no vmlinux image (accuracy might be reduced)
Will use kconfig /proc/config.gz
Will use System.map file /proc/kallsyms
We're missing some kernel info (see -v), accuracy might be reduced
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

• Checking count of LFENCE opcodes in kernel: UNKNOWN

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

• Mitigation 1
• Hardware (CPU microcode) support for mitigation

• The SPEC_CTRL MSR is available:  UNKNOWN  (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)
  

• The SPEC_CTRL CPUID feature bit is set:  UNKNOWN  (couldn't read /dev/cpu/0/cpuidr, is cpuid support enabled in your kernel?)
  

• The kernel has set the spec_ctrl flag in cpuinfo:  NO
  

• Kernel support for IBRS: NO
• IBRS enabled for Kernel space: NO
• IBRS enabled for User space: NO
• Mitigation 2
• Kernel compiled with retpoline option: NO
• Kernel compiled with a retpoline-aware compiler: NO

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

• Kernel supports Page Table Isolation (PTI): NO
• PTI enabled and active: NO
• Performance impact if PTI is enabled
• CPU supports PCID: NO (no security impact but performance will be degraded with PTI)
• CPU supports INVPCID: NO (no security impact but performance will be degraded with PTI)
• Checking if we're running under Xen PV (64 bits): NO

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
A false sense of security is worse than no security at all, see --disclaimer
jean@owncloud:~/scripts/spectre-meltdown-checker$

How can I maybe help regarding the board ?

Many thanks in advance,
Best regards.

[speed47]

It's an ARM board, so indeed you're not vulnerable except if it's running one of the few ARM Cortex that are vulnerable. ARM published a statement about it, and the script is able to correctly detect which ARM chips are vulnerable, and which aren't.

The

CPU is

line is strange, I'll need your help to fix that, but it's only for display purposes (the script doesn't rely on what's displayed in that case). I'll propose a fix on a branch that you'll be able to test soon.

Regarding the fact that the first test comes out as UNKNOWN, it's strange because if you're missing the readelf or objdump tool (the 2 most usual reasons to get UNKNOWN here), the tool should tell you. So it might be another reason, could you run the script again in very verbose mode ? (-v -v).

Regardless of the UNKNOWN status of the check for variant 1, the script correctly reports your system as non-vulnerable as you have a non-vulnerable CPU (so it doesn't need the result of the mitigation check for variant 1 to draw this conclusion)

[speed47]

Can you try the arm_display branch in -v -v ?

[jeanbruder-zz]

jean@owncloud:~/scripts/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh -v -v
Spectre and Meltdown mitigation detection tool v0.31
Checking for vulnerabilities against running kernel Linux 3.10.105-0-pine64-longsleep #3 SMP PREEMPT Sat Mar 11 16:05:53 CET 2017 aarch64
CPU isARM vAArch64 Part Number 0xd03
Will use no vmlinux image (accuracy might be reduced)
Will use kconfig /proc/config.gz
Will use System.map file /proc/kallsyms
We're missing some kernel info (see -v), accuracy might be reduced
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

• Checking count of LFENCE opcodes in kernel: UNKNOWN

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

• Mitigation 1
• Hardware (CPU microcode) support for mitigation

• The SPEC_CTRL MSR is available: (debug) attempted to load module msr, insmod_msr=
  

UNKNOWN (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)

• The SPEC_CTRL CPUID feature bit is set: (debug) attempted to load module cpuid, insmod_cpuid=
  

UNKNOWN (couldn't read /dev/cpu/0/cpuidr, is cpuid support enabled in your kernel?)

• The kernel has set the spec_ctrl flag in cpuinfo:  NO 
  

• Kernel support for IBRS: (debug) ibrs: file /sys/kernel/debug/ibrs_enabled doesn't exist
  (debug) ibrs: file /sys/kernel/debug/x86/ibrs_enabled doesn't exist
  (debug) ibrs: file /proc/sys/kernel/ibrs_enabled doesn't exist
  NO
• IBRS enabled for Kernel space: NO
• IBRS enabled for User space: NO
• Mitigation 2
• Kernel compiled with retpoline option: NO
• Kernel compiled with a retpoline-aware compiler: NO

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

• Kernel supports Page Table Isolation (PTI): NO
• PTI enabled and active: (debug) kpti_enabled: couldn't find any hint that PTI is enabled
  NO
• Performance impact if PTI is enabled
• CPU supports PCID: NO (no security impact but performance will be degraded with PTI)
• CPU supports INVPCID: NO (no security impact but performance will be degraded with PTI)
• Checking if we're running under Xen PV (64 bits): NO

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
A false sense of security is worse than no security at all, see --disclaimer
jean@owncloud:~/scripts/spectre-meltdown-checker$

[speed47]

Thanks! Now I see why you get 'unknown: the script doesn't find your kernel image. Could you provide the output of cat /proc/cmdline and ls /boot if possible ? Your system might use a naming pattern the script doesn't know yet.

I've also pushed a new version on the arm_display branch with a minor fix (some kernels as yours report AArch64 instead of ARMv8, this is now handled)

[jeanbruder-zz]

@speed47 :

jean@owncloud:~/scripts/spectre-meltdown-checker$ cat /proc/cmdline
console=tty0 console=ttyS0,115200n8 no_console_suspend earlycon=uart,mmio32,0x01c28000 mac_addr=72:cd:c4:23:00:11 root=/dev/mmcblk0p2 ro rootwait

jean@owncloud:~/scripts/spectre-meltdown-checker$ ls /boot
Image.version initrd.img pine64 uEnv.txt uEnv.txt.in

Hope this will help ... If not, please let me know !

Cheers,
Jean

[speed47]

Thanks, it does help.

Could you try the new version from the arm_display branch again? (in -v -v, just in case). It should work now.

[jeanbruder-zz]

@speed47 :

jean@owncloud:~/scripts/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh -v -v
Spectre and Meltdown mitigation detection tool v0.31
Checking for vulnerabilities against running kernel Linux 3.10.105-0-pine64-longsleep #3 SMP PREEMPT Sat Mar 11 16:05:53 CET 2017 aarch64
CPU is ARM v8 model 0xd03
Will use vmlinux image /boot/pine64
Will use kconfig /proc/config.gz
Will use System.map file /proc/kallsyms
tr: read error: Is a directory
tr: read error: Is a directory
tr: read error: Is a directory
tr: read error: Is a directory
tr: read error: Is a directory
tr: read error: Is a directory
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

• Checking count of LFENCE opcodes in kernel: UNKNOWN

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

• Mitigation 1
• Hardware (CPU microcode) support for mitigation

• The SPEC_CTRL MSR is available: (debug) attempted to load module msr, insmod_msr=
  

UNKNOWN (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)

• The SPEC_CTRL CPUID feature bit is set: (debug) attempted to load module cpuid, insmod_cpuid=
  

UNKNOWN (couldn't read /dev/cpu/0/cpuidr, is cpuid support enabled in your kernel?)

• The kernel has set the spec_ctrl flag in cpuinfo:  NO 
  

• Kernel support for IBRS: (debug) ibrs: file /sys/kernel/debug/ibrs_enabled doesn't exist
  (debug) ibrs: file /sys/kernel/debug/x86/ibrs_enabled doesn't exist
  (debug) ibrs: file /proc/sys/kernel/ibrs_enabled doesn't exist
  NO
• IBRS enabled for Kernel space: NO
• IBRS enabled for User space: NO
• Mitigation 2
• Kernel compiled with retpoline option: NO
• Kernel compiled with a retpoline-aware compiler: NO

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

• Kernel supports Page Table Isolation (PTI): NO
• PTI enabled and active: (debug) kpti_enabled: couldn't find any hint that PTI is enabled
  NO
• Performance impact if PTI is enabled
• CPU supports PCID: NO (no security impact but performance will be degraded with PTI)
• CPU supports INVPCID: NO (no security impact but performance will be degraded with PTI)
• Checking if we're running under Xen PV (64 bits): NO
  STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
  A false sense of security is worse than no security at all, see --disclaimer

Another kind of tests needed ?

Regards,
Jean

[speed47]

Uh oh, I thought that /boot/pine64 was the kernel image file, but apparently it's a directory!
Could you post the output of find /boot -ls please? There will be more details with this command than just the bare ls command, and hopefully the kernel image will be here (probably in the /boot/pine64 directory)

[jeanbruder-zz]

@speed47 :

jean@owncloud:~/scripts/spectre-meltdown-checker$ find /boot -ls
1 16 drwxr-xr-x 3 root root 16384 janv. 1 1970 /boot
8 2 drwxr-xr-x 2 root root 2048 mars 11 2017 /boot/pine64
13 11560 -rwxr-xr-x 1 root root 11835840 mars 11 2017 /boot/pine64/Image
14 68 -rwxr-xr-x 1 root root 69414 mars 11 2017 /boot/pine64/sun50i-a64-pine64-plus.dtb
15 68 -rwxr-xr-x 1 root root 69322 mars 11 2017 /boot/pine64/sun50i-a64-pine64.dtb
16 68 -rwxr-xr-x 1 root root 69434 mars 11 2017 /boot/pine64/sun50i-a64-pine64-so.dtb
17 1070 -rwxr-xr-x 1 root root 1094464 mars 11 2017 /boot/initrd.img
3 2 -rwxr-xr-x 1 root root 137 févr. 11 2016 /boot/uEnv.txt
18 2 -rwxr-xr-x 1 root root 111 mars 11 2017 /boot/uEnv.txt.in
19 2 -rwxr-xr-x 1 root root 28 mars 11 2017 /boot/Image.version

Regards,
Jean

[speed47]

Thanks, the correct kernel image seems to be /boot/pine64/Image .
I've done the modification on the arm_display branch, could you try it again ?

[jeanbruder-zz]

@speed47 :

Spectre and Meltdown mitigation detection tool v0.31

Checking for vulnerabilities against running kernel Linux 3.10.105-0-pine64-longsleep #3 SMP PREEMPT Sat Mar 11 16:05:53 CET 2017 aarch64
CPU is ARM v8 model 0xd03
Will use vmlinux image /boot/pine64/Image
Will use kconfig /proc/config.gz
Will use System.map file /proc/kallsyms
(debug) try_decompress: magic for gunzip found at offset 7028849:xy
(debug) try_decompress: decompression with gunzip did not work
(debug) try_decompress: magic for unxz found at offset 9245788:abcde
(debug) try_decompress: decompression with unxz did not work
(debug) try_decompress: magic for unlzma found at offset 6988988:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7001241:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7007889:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7332038:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7352192:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7356196:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7367478:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7368330:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7370874:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7371258:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7378242:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7381250:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7386460:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7387016:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7388202:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7412934:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7491133:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7492158:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7493183:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7494208:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7503201:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7504226:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7505251:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7506276:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7668183:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7695837:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 7773969:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9644172:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9645828:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9647516:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9650404:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9651676:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9652620:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9653668:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9655156:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9655852:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9657428:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9660156:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9660884:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9660892:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9661796:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9663620:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9664884:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9665444:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9666780:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9669828:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9674308:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9676412:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9678524:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9679588:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9684316:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9685828:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9686420:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9690700:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9691692:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9692588:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9694651:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9694756:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9695476:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9697756:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9697980:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 9698796:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 10370145:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 10552929:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 10734041:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 10743545:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11565981:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11650778:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11651154:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11652114:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11653434:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11654842:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11656210:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11657546:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11661098:xxx
(debug) try_decompress: decompression with unlzma did not work
(debug) try_decompress: magic for unlzma found at offset 11662234:xxx
(debug) try_decompress: decompression with unlzma did not work

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

• Checking count of LFENCE opcodes in kernel: UNKNOWN

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

• Mitigation 1
• Hardware (CPU microcode) support for mitigation

• The SPEC_CTRL MSR is available: (debug) attempted to load module msr, insmod_msr=
  

UNKNOWN (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)

• The SPEC_CTRL CPUID feature bit is set: (debug) attempted to load module cpuid, insmod_cpuid=
  

UNKNOWN (couldn't read /dev/cpu/0/cpuidr, is cpuid support enabled in your kernel?)

• The kernel has set the spec_ctrl flag in cpuinfo:  NO 
  

• Kernel support for IBRS: (debug) ibrs: file /sys/kernel/debug/ibrs_enabled doesn't exist
  (debug) ibrs: file /sys/kernel/debug/x86/ibrs_enabled doesn't exist
  (debug) ibrs: file /proc/sys/kernel/ibrs_enabled doesn't exist
  NO
• IBRS enabled for Kernel space: NO
• IBRS enabled for User space: NO
• Mitigation 2
• Kernel compiled with retpoline option: NO
• Kernel compiled with a retpoline-aware compiler: NO

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

• Kernel supports Page Table Isolation (PTI): NO
• PTI enabled and active: (debug) kpti_enabled: couldn't find any hint that PTI is enabled
  NO
• Performance impact if PTI is enabled
• CPU supports PCID: NO (no security impact but performance will be degraded with PTI)
• CPU supports INVPCID: NO (no security impact but performance will be degraded with PTI)
• Checking if we're running under Xen PV (64 bits): NO

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer

Oups ... :-)

Jean

[speed47]

Uh oh, it seems to be a strange kernel image! :)

Would you be able to upload this file somewhere for me to have a look at it?
Alternatively, is a distribution of your pine64 OS available from somewhere so I could download it ? I can see there are a lot of distros it seems ( http://wiki.pine64.org/index.php/Pine_A64_Software_Release ) so I'm not sure which one you're using

[jeanbruder-zz]

@speed47 :

Would you be able to upload this file somewhere for me to have a look at it?

Which files do you need ?

Alternatively, is a distribution of your pine64 OS available from somewhere so I could download it ? I can see there are a lot of distros it seems ( http://wiki.pine64.org/index.php/Pine_A64_Software_Release ) so I'm not sure which one you're using

Basically :

• I imaged the following Ubuntu version on my SD Card first : https://www.stdin.xyz/downloads/people/longsleep/pine64-images/ubuntu/
• Then I used the provided scripts to upgrade the kernel and u-boot : https://github.com/longsleep/build-pine64-image/tree/master/simpleimage/platform-scripts

Nothing else as this board hosts my cloud only (WEB Server).

Regards.

[speed47]

Thanks, I could download a copy of the OS image and get access to the famous /boot/pine64/Image file!
It is indeed the kernel image, but it seems to be uncompressed already. But for some reason the readelf utility doesn't detect that, which is why the script thinks it can't decompress it successfully.

Could you run the following commands on your ARM system ?
file /boot/pine64/Image
readelf -h /boot/pine64/Image
objdump -d /boot/pine64/Image <= if it works, it could generate a big amount of output, don't copy paste everything here, just tell me that it does output a bunch of lines ;)

If these commands don't exist on your system, you might need to install the binutils package.

Thanks!

[jeanbruder-zz]

@speed47 :

jean@owncloud:~$ file /boot/pine64/Image
/boot/pine64/Image: data

jean@owncloud:~$ readelf -h /boot/pine64/Image
readelf: Error: Not an ELF file - it has the wrong magic bytes at the start

jean@owncloud:~$ objdump -d /boot/pine64/Image
objdump: /boot/pine64/Image: File format not recognized

Not sure it helps so much ... What are You looking for ?

Cheers,
Jean

[speed47]

You can try with the latest master branch, I added an extract method that seems to be used by your system : the kernel image blob actually contains other stuff and the real kernel image can be found uncompressed in it !

[jeanbruder-zz]

Hi @speed47, please find below the output of the new release :
`Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 3.10.105-0-pine64-longsleep #3 SMP PREEMPT Sat Mar 11 16:05:53 CET 2017 aarch64
CPU is ARM v8 model 0xd03
We're missing some kernel info (see -v), accuracy might be reduced

Hardware check

• Hardware support (CPU microcode) for mitigation techniques
  • Indirect Branch Restricted Speculation (IBRS)
    • SPEC_CTRL MSR is available: UNKNOWN (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)
    • CPU indicates IBRS capability: UNKNOWN (couldn't read /dev/cpu/0/cpuid, is cpuid support enabled in your kernel?)
  • Indirect Branch Prediction Barrier (IBPB)
    • PRED_CMD MSR is available: UNKNOWN (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)
    • CPU indicates IBPB capability: UNKNOWN (couldn't read /dev/cpu/0/cpuid, is cpuid support enabled in your kernel?)
  • Single Thread Indirect Branch Predictors (STIBP)
    • SPEC_CTRL MSR is available: UNKNOWN (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)
    • CPU indicates STIBP capability: UNKNOWN (couldn't read /dev/cpu/0/cpuid, is cpuid support enabled in your kernel?)
  • Enhanced IBRS (IBRS_ALL)
    • CPU indicates ARCH_CAPABILITIES MSR availability: UNKNOWN (couldn't read /dev/cpu/0/cpuid, is cpuid support enabled in your kernel?)
    • ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: UNKNOWN
  • CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): UNKNOWN
  • CPU microcode is known to cause stability problems: NO
• CPU vulnerability to the three speculative execution attacks variants
  • Vulnerable to Variant 1: ./spectre-meltdown-checker.sh: 342: [: Illegal number:
    NO
  • Vulnerable to Variant 2: NO
  • Vulnerable to Variant 3: NO

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

• Kernel has array_index_mask_nospec: UNKNOWN (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
• Kernel has the Red Hat/Ubuntu patch: strings: '': No such file
  NO
• Checking count of LFENCE instructions following a jump in kernel... UNKNOWN (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

• Mitigation 1
  • Kernel is compiled with IBRS/IBPB support: NO
  • Currently enabled features
    • IBRS enabled for Kernel space: NO
    • IBRS enabled for User space: NO
    • IBPB enabled: NO
• Mitigation 2
  • Kernel compiled with retpoline option: NO
  • Kernel compiled with a retpoline-aware compiler: NO

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

• Kernel supports Page Table Isolation (PTI): NO
• PTI enabled and active: NO
• Running as a Xen PV DomU: NO

STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer
`

Regards

[speed47]

Thanks, as your system is not that common, you're finding me some bugs ;)

./spectre-meltdown-checker.sh: 342: [: Illegal number:

fixed

strings: '': No such file

fixed

I've also re-added the specific kernel image path pine64 is using, I think it was squeezed out by some previous merge.

Pushed those to the master branch. If you run it again, you shouldn't have those errors, and hopefully the script will now be able to dig into your kernel image for variant 1 mitigations (it probably won't find any, and your ARM is not vulnerable and don't need those anyway)

[speed47]

Assuming we can close this. Feel free to reopen if needed!