dsanchez/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2024-11-19 04:22:22 +01:00
Code Issues Releases Wiki Activity

feat: add --update-builtin-mcedb to update the DB inside the script

Browse Source
This commit is contained in:
Stéphane Lesimple 2018-09-30 16:56:58 +02:00
parent 3b2d529654
commit 68289dae1e
1 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
spectre-meltdown-checker.sh
View File

@ -82,6 +82,7 @@ show_usage()
--no-hw skip CPU information and checks, if you're inspecting a kernel not to be run on this host --no-hw skip CPU information and checks, if you're inspecting a kernel not to be run on this host
--vmm [auto,yes,no] override the detection of the presence of an hypervisor (for CVE-2018-3646), default: auto --vmm [auto,yes,no] override the detection of the presence of an hypervisor (for CVE-2018-3646), default: auto
--update-mcedb update our local copy of the CPU microcodes versions database (from the awesome MCExtractor project) --update-mcedb update our local copy of the CPU microcodes versions database (from the awesome MCExtractor project)
--update-builtin-mcedb same as --update-mcedb but update builtin DB inside the script itself
Return codes: Return codes:
0 (not vulnerable), 2 (vulnerable), 3 (unknown), 255 (error) 0 (not vulnerable), 2 (vulnerable), 3 (unknown), 255 (error)
@ -578,11 +579,8 @@ show_header()
_info _info
} }
if [ -n "$HOME" ]; then [ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
mcedb_cache="$HOME/.mcedb" mcedb_cache="$HOME/.mcedb"
else
mcedb_cache="$(getent passwd "$(whoami)" | cut -d: -f6)/.mcedb"
fi
update_mcedb() update_mcedb()
{ {
# We're using MCE.db from the excellent platomav's MCExtractor project # We're using MCE.db from the excellent platomav's MCExtractor project
@ -628,13 +626,21 @@ update_mcedb()
if [ -n "$previous_mcedb_revision" ]; then if [ -n "$previous_mcedb_revision" ]; then
if [ "$previous_mcedb_revision" = "v$mcedb_revision" ]; then if [ "$previous_mcedb_revision" = "v$mcedb_revision" ]; then
echo "We already have this version locally, no update needed" echo "We already have this version locally, no update needed"
return 0 [ "$1" != builtin ] && return 0
fi fi
fi fi
echo "# Spectre & Meltdown Checker" > "$mcedb_cache" echo "# Spectre & Meltdown Checker" > "$mcedb_cache"
echo "# %%% MCEDB v$mcedb_revision - $mcedb_date" >> "$mcedb_cache" echo "# %%% MCEDB v$mcedb_revision - $mcedb_date" >> "$mcedb_cache"
sqlite3 "$mcedb_tmp" "select '# I,0x'||cpuid||',0x'||version||','||max(yyyymmdd) from Intel group by cpuid order by cpuid asc; select '# A,0x'||cpuid||',0x'||version||','||max(yyyymmdd) from AMD group by cpuid order by cpuid asc" >> "$mcedb_cache" sqlite3 "$mcedb_tmp" "select '# I,0x'||cpuid||',0x'||version||','||max(yyyymmdd) from Intel group by cpuid order by cpuid asc; select '# A,0x'||cpuid||',0x'||version||','||max(yyyymmdd) from AMD group by cpuid order by cpuid asc" | grep -v '^# .,0x00000000,' >> "$mcedb_cache"
echo OK "local version updated" echo OK "local version updated"
if [ "$1" = builtin ]; then
newfile=$(mktemp /tmp/smc-XXXXXX)
awk '/^# %%% MCEDB / { exit }; { print }' "$0" > "$newfile"
awk '{ if (NR>1) { print } }' "$mcedb_cache" >> "$newfile"
cat "$newfile" > "$0"
rm -f "$newfile"
fi
} }
parse_opt_file() parse_opt_file()
@ -718,6 +724,9 @@ while [ -n "$1" ]; do
elif [ "$1" = "--update-mcedb" ]; then elif [ "$1" = "--update-mcedb" ]; then
update_mcedb update_mcedb
exit $? exit $?
elif [ "$1" = "--update-builtin-mcedb" ]; then
update_mcedb builtin
exit $?
elif [ "$1" = "--explain" ]; then elif [ "$1" = "--explain" ]; then
opt_explain=1 opt_explain=1
shift shift