dsanchez/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2024-11-07 06:33:38 +01:00
Code Issues Releases Wiki Activity
555 Commits 1 Branch 46 Tags 16 MiB
4e29fb5a21
Commit Graph

500 Commits

Author SHA1 Message Date
Stéphane Lesimple
0af4830224 fix: is_ucode_blacklisted: fix some model names 2022-03-21 22:22:33 +01:00
Stéphane Lesimple
81a4329d71 feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208 2022-03-21 22:22:33 +01:00
Stéphane Lesimple
3679776f3c chore: only attempt to load msr and cpuid module once 2022-03-21 22:22:33 +01:00
Stéphane Lesimple
ba131fcd2f chore: read_cpuid: use named constants 2022-03-21 22:22:33 +01:00
Stéphane Lesimple
ae6bc31c2c feat: hw check: add IPRED, RRSBA, BHI features check 2022-03-21 22:22:33 +01:00
Stéphane Lesimple
6d7a6b3666 feat: add subleaf != 0 support for read_cpuid 2022-03-21 22:22:33 +01:00
Stéphane Lesimple
16f2160be5 chore: fwdb: update to v220+i20220208 2022-03-17 19:39:39 +01:00
Stéphane Lesimple
580549812a fix: retpoline: detection on 5.15.28+ (#420) 2022-03-17 19:25:24 +01:00
Stéphane Lesimple
05d862709d fix: has_vmm false positive with pcp 
Fix by matching the full procname with pgrep (-x),
so that the 'pmdakvm' process doesn't match.

Closes #394
 2021-05-25 12:31:07 +02:00
Stéphane Lesimple
3846913899 fix: refuse to run under MacOS and ESXi 2021-05-24 22:42:23 +02:00
Stéphane Lesimple
0ba71a443e fix: mcedb: v191 changed the MCE table format 
Also update the builtin db to v191+i20210217

Closes #400
 2021-05-24 12:55:44 +02:00
Stéphane Lesimple
3a486e9985 arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig 2021-04-02 15:38:31 +02:00
Stéphane Lesimple
23564cda5d fix: variant4: added case where prctl ssbd status is tagged as 'unknown' 2021-04-02 15:38:31 +02:00
Stéphane Lesimple
0ea21d09bd fix: extract_kernel: don't overwrite kernel_err if already set 
Fixes #395
 2021-04-02 15:33:02 +02:00
Zhiyuan Dai
6d35e780f4 arm64: phytium: Add CPU Implementer Phytium 
This patch adds 0x70 check for phytium implementer id in function
parse_cpu_details. Also adds that Phytium Soc is not vulnerable to variant 3/3a
 2021-01-13 19:14:09 +01:00
Stéphane Lesimple
4ec3154be0 chore: replace 'Vulnerable to' by 'Affected by' in the hw section 
This seems to be less confusing, suggested by #356
 2020-11-10 18:56:25 +01:00
Stéphane Lesimple
843f26630d feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371) 2020-11-10 18:36:42 +01:00
Stéphane Lesimple
7fc2ec65b9 bump to v0.44 2020-11-09 18:41:43 +01:00
Stéphane Lesimple
c8cdfd54da chore: fwdb: update to v165.20201021+i20200616 2020-11-08 21:25:18 +01:00
Stéphane Lesimple
f0c33c7a32 fix: fwdb: use the commit date as the intel fwdb version 
fixes #379
 2020-11-08 21:25:18 +01:00
Stéphane Lesimple
9e874397da chore: fwdb: update to v163.20200930+i20200904 2020-10-05 20:06:49 +02:00
Stéphane Lesimple
76cb73f3cb fix: fwdb: update Intel's repository URL 2020-10-05 20:06:49 +02:00
Stéphane Lesimple
90f23d286e chore: update fwdb to v160.20200912+i20200722 2020-09-14 21:45:09 +02:00
Stéphane Lesimple
e41e311a7f feat: add zstd kernel decompression (#370) 2020-09-14 21:42:55 +02:00
Stéphane Lesimple
1f75f01630 fwdb: update MCEdb to v148 & Intel firmwares to 2020-04-27 2020-06-13 18:11:12 +02:00
Stéphane Lesimple
d8f0ddd7a5 chore: fix indentation 2020-06-10 00:07:14 +02:00
Agata Gruza
62d3448a54 Added support for SRBDS related vulnerabilities 2020-06-10 00:07:14 +02:00
Stéphane Lesimple
33cf1cde79 enh: arm: add experimental support for binary arm images 2020-06-06 17:29:32 +02:00
Stéphane Lesimple
4a3006e196 fix: arm64: cve-2017-5753: kernels 4.19+ use a different nospec macro 2020-06-06 17:29:32 +02:00
Stéphane Lesimple
36f98eff95 fwdb: update MCEdb to v147 & Intel firmwares to 2020-04-27 2020-05-31 13:03:58 +02:00
xaitax
fa7b8f9567 Typo 2020-05-08 16:17:09 +02:00
Stéphane Lesimple
3beefc2587 enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode 2020-03-10 22:29:54 +01:00
Stéphane Lesimple
27c36fdb80 fwdb: update to v135.20200303+i20200205 2020-03-10 22:29:39 +01:00
Matt Christian
3d21dae168 Fixes for FreeBSD to parse CPU info. 2020-02-06 19:56:35 +01:00
Stéphane Lesimple
7d2a510146 chore: update fwdb to v132.20200108+i20191124 2020-02-01 18:58:25 +01:00
Stéphane Lesimple
eec77e1ab9 fix: fwdb update: remove Intel extract tempdir on exit 2019-12-10 20:21:52 +01:00
Stéphane Lesimple
5633d374de fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) 2019-12-10 19:10:45 +01:00
Stéphane Lesimple
a343bccb49 bump to v0.43 2019-12-08 15:37:17 +01:00
Stéphane Lesimple
1f604c119b fix var typo 2019-12-08 15:25:54 +01:00
Stéphane Lesimple
bfed3187a6 fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a 2019-12-08 14:39:31 +01:00
Stéphane Lesimple
0cd7e1164f feat: detect vanilla 5.4+ locked down mode 2019-12-06 23:03:36 +01:00
Stéphane Lesimple
71129d6b48 fix: tsx: rtm feature bit is in EBX(11) 2019-12-02 19:07:10 +01:00
Stéphane Lesimple
6e799e8b01 fix: mcepsc: fix logic error on non-speculative CPUs that prevented detection of MCEPSC immunity 2019-11-25 23:03:04 +01:00
Stéphane Lesimple
4993b04922 fix: taa: CPUs having TAA_NO bit set are not vulnerable 2019-11-25 21:14:54 +01:00
Stéphane Lesimple
4fc2afe1bc feat: add TSX_CTRL MSR detection in hardware info 2019-11-25 20:58:49 +01:00
Stéphane Lesimple
bd47275501 feat: add detection of iTLB Multihit vuln/mitigation (CVE-2018-12207) 2019-11-25 19:13:09 +01:00
Stéphane Lesimple
8ddf6b2d6d enh: replace shell wildcard by a find to avoid potiental error (list of args too long) 2019-11-24 17:26:13 +01:00
Stéphane Lesimple
16b6490ffc chore: avoid ${var:-]} syntax, badly confusing vim's syntax highlighter 2019-11-24 17:26:13 +01:00
Stéphane Lesimple
18df38fae6 fix: sgx: on locked down kernels, fallback to CPUID bit for detection 
on locked down kernels (Fedora / Red Hat feature that prevents writing
to MSRs from userspace, even if root), we can't write to FLUSH_CMD MSR
to verify that it's present. So fallback to checking the existence of
the L1D flush CPUID feature bit to infer that the microcode has been
updated in a recent enough version that also mitigates SGX (fixes for
both issues have been included in the same microcode updates for all
Intel CPUs)
 2019-11-24 17:26:01 +01:00
Stéphane Lesimple
a306757c22 fix: detect Red Hat locked down kernels (impacts MSR writes) 2019-11-24 17:26:01 +01:00
Stéphane Lesimple
e01f97ee75 fix: fwdb: don't use local db if it's older than our builtin version 2019-11-24 17:25:41 +01:00
Stéphane Lesimple
fa7f814f4f chore: rename mcedb cmdline parameters to fwdb 2019-11-24 17:25:41 +01:00
Stéphane Lesimple
bb32a16a86 update fwdb to v130.20191104+i20191027 2019-11-24 17:25:41 +01:00
Stéphane Lesimple
8c84c0ba17 enh: fwdb: use both Intel GitHub repo and MCEdb to build our database 2019-11-24 17:25:41 +01:00
Stéphane Lesimple
6abe1bc62b enh: kernel decompression: better tolerance over missing tools 
fixes #297
 2019-11-23 16:43:00 +01:00
Stéphane Lesimple
5ca7fe91ff fix: pteinv: don't check kernel image if not available 2019-11-23 14:01:56 +01:00
Stéphane Lesimple
4ba68fba74 fix: silence useless error from grep (fixes #322) 2019-11-23 13:51:00 +01:00
Stéphane Lesimple
59ad312773 fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316) 2019-11-19 22:35:08 +01:00
Stéphane Lesimple
3e757b6177 chore: add github check workflow 2019-11-18 11:28:20 -08:00
Stéphane Lesimple
f724f94085 enh: kernel: autodetect customized arch kernels from cmdline 2019-11-17 13:36:52 -08:00
Stéphane Lesimple
dcf540888d enh: mock: implement reading from /proc/cmdline 2019-11-17 13:36:52 -08:00
Stéphane Lesimple
9911c243b2 feat: use --live with --kernel/--config/--map to override file detection in live mode 2019-11-17 13:36:52 -08:00
Stéphane Lesimple
cb279a49ec enh(taa): more complete version 2019-11-13 01:07:10 +01:00
Stéphane Lesimple
c100ce4c0d mcedb: update from v112 to v130 2019-11-12 21:19:03 +01:00
Stéphane Lesimple
4741b06160 fix: batch mode for TAA 2019-11-12 21:16:21 +01:00
Stéphane Lesimple
e0a1c2ec77 fix shellcheck warnings 2019-11-12 20:06:12 +01:00
Agata Gruza
c18b88d745 Fixing typo 2019-11-12 19:40:47 +01:00
Agata Gruza
d623524342 Added support for TAA related vulnerabilities 2019-11-12 19:40:47 +01:00
Stéphane Lesimple
f5ec320fe5 enh: rework the vuln logic of MDS with --paranoid (fixes #307) 2019-09-22 04:02:33 +02:00
Stéphane Lesimple
cc224c0522 fix: mocking value for read_msr 
we were returning the mocking value before actually setting it.
also remove spaces around the returned value (no behavior change)
 2019-09-22 01:38:18 +02:00
Corey Wright
0518604fe6 Use kernel_err to avoid misreporting missing Linux kernel image 
When checking for CVE-2017-5715 (i.e. `check_CVE_2017_5715_linux()`),
if we can't inspect (with `readelf`) or decompress the Linux kernel
image, then we report there is no kernel image (i.e. `we need the
kernel image` or `kernel image missing`, respectively), which confuses
users when the associated file exists.

Instead use `kernel_err` to provide a correct and detailed description
of the problem (e.g. `missing '...' tool, please install it, usually
it's in the '...' package`), so the user can take the prescribed
action.
 2019-09-22 01:09:58 +02:00
Erik Zettel
d57fecec91 spectre-meltdown-checker.sh: fix typos 2019-09-20 23:50:52 +02:00
Stéphane Lesimple
f835f4d07d Explain that Enhanced IBRS is better for performance than classic IBRS 2019-08-16 12:53:39 +02:00
Agata Gruza
482d6c200a Enhanced IBRS capabilities 
There are two flavors of IBRS: plain and enhanced. This patch tells which flavor of IBRS is in use.
 2019-08-16 12:53:39 +02:00
David Guglielmi
91d0699029 update MCEdb from v111 to v112 2019-06-03 22:49:03 +02:00
Stéphane Lesimple
fcc4ff4de2 update MCEdb from v110 to v111, bump to v0.42 2019-05-24 22:49:45 +02:00
Stéphane Lesimple
0bd38ddda0 enh: -v -v now implies --dump-mock-data 2019-05-24 11:36:39 +02:00
Stéphane Lesimple
e83dc818cd feat(mds): implement FreeBSD mitigation detection 2019-05-24 11:17:04 +02:00
Stéphane Lesimple
d69ea67101 feat(mock): add --dump-mock-data 2019-05-24 10:49:40 +02:00
Stéphane Lesimple
dfe0d10f2a fix(mds): remove useless display of MD_CLEAR info in non-hw section 2019-05-24 10:20:48 +02:00
Stéphane Lesimple
58a5acfdbb fix(bsd): read_msr returned data in an incorrect format 2019-05-24 09:33:56 +02:00
Stéphane Lesimple
ccb4dbef7c enh(mock): avoid reading the sysfs interface outside sys_interface_check() for higher mocking coverage 2019-05-24 09:28:18 +02:00
Stéphane Lesimple
afbb26277f feat(mock): add mocking functionality to help reproducing issues under specific CPUs 2019-05-24 09:28:18 +02:00
Stéphane Lesimple
77b34d48c6 fix(mds): check MDS_NO bit in is_cpu_mds_free() 2019-05-24 09:28:18 +02:00
Stéphane Lesimple
497efe6a82 fix(l1tf): RDCL_NO bit didn't take precedence for vulnerability check on some Intel CPUs 2019-05-24 09:28:18 +02:00
Stéphane Lesimple
62b46df4e7 fix(l1tf): remove libvirtd from hypervisor detection (#278) 2019-05-18 14:22:42 +02:00
Stéphane Lesimple
7d1f269bed fix(mds): AMD confirms they're not vulnerable 2019-05-16 11:31:28 +02:00
Erich Ritz
4f9ca803c8 Fix help text (#285) 
* fix --help message

Commit 7b72c20f89 added help text for the
--cve switch, and the "can be specified multiple times" note got
associated with the --cve switch instead of staying with the --variant
switch.  Restore the line to belong to the --variant switch help
message.

* Add new variants to error message

Commit 8e870db4f5 added new variants but
did not add them to the error message that listed the allowable
variants.  Add them now.
 2019-05-15 19:34:51 +02:00
Stéphane Lesimple
5788cec18b fix(mds): ARM and CAVIUM are not thought to be vulnerable 2019-05-15 10:56:49 +02:00
Stéphane Lesimple
ae56ec0bc5 bump to v0.41 2019-05-15 09:57:28 +02:00
Stéphane Lesimple
8fd4e3ab01 fix(xen): remove xenbus and xenwatch as they also exist in domU 2019-05-15 00:23:05 +02:00
Stéphane Lesimple
de793a7204 feat(mds): more verbose info about kernel support and microcode support for mitigation 2019-05-15 00:21:08 +02:00
Stéphane Lesimple
5939c38c5c update mcedb from v109 to v110 to better detect MDS microcodes 2019-05-14 20:31:27 +02:00
Stéphane Lesimple
db7d3206fd feat(mds): add detection of availability of MD_CLEAR instruction 2019-05-14 20:30:47 +02:00
Stéphane Lesimple
1d13a423b8 adjust README 2019-05-14 20:16:01 +02:00
Agata Gruza
8e870db4f5 Added support for MDS related vulnerabilities (#282) 2019-05-14 19:21:20 +02:00
Stéphane Lesimple
d547ce4ab4 fix(ssb): fix error when no process uses prctl to set ssb mitigation 
fixes #281
 2019-05-13 15:35:58 +02:00
Stéphane Lesimple
d187827841 enh(vmm): add Xen daemons detection 2019-05-08 20:44:54 +02:00
Hans-Joachim Kliemeck
2e304ec617 enh(xen): improvements for xen systems (#270) 
* add mitigation detection for l1tf for xen based systems
* add information for hardware mitigation
* add xen support for meltdown
 2019-05-07 20:35:52 +02:00
Stéphane Lesimple
fcc04437e8 update builtin MCEdb from v96 to v109 2019-05-07 20:29:59 +02:00