<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 11, 2018 at 5:32 PM, Derek Atkins <span dir="ltr"><<a href="mailto:derek@ihtfp.com" target="_blank">derek@ihtfp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<span class="gmail-"><br>
On Thu, January 11, 2018 9:53 am, Yaniv Kaul wrote:<br>
<br>
> No one likes downtime but I suspect this is one of those serious<br>
> vulnerabilities that you really really must be protected against.<br>
> That being said, before planning downtime, check your HW vendor for<br>
> firmware or Intel for microcode for the host first.<br>
> Without it, there's not a lot of protection anyway.<br>
> Note that there are 4 steps you need to take to be fully protected: CPU,<br>
> hypervisor, guests and guest CPU type - plan ahead!<br>
> Y.<br>
<br>
</span>Is there a HOW-To written up somewhere on this? ;)<br></blockquote><div><br></div><div>Not for oVirt specifically right now. We'll blog about it once we release additional improvements to detect if you are protected - right from oVirt UI (in 4.2.1).</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I built the hardware from scratch myself, so I can't go off to Dell or<br>
someone for this. So which do I need, motherboard firmware or Intel<br>
microcode? I suppose I need to go to the motherboard manufacturer<br>
(Supermicro) to look for updated firmware? Do I also need to look at<br>
Intel? Is this either-or or a "both" situation? Of course I have no idea<br>
how to reflash new firmware onto this motherboard -- I don't have DOS.<br></blockquote><div><br></div><div>You could get it from Intel, via their microcode_ctl package. When they release for your CPU is a different manner.</div><div>See[1] for some good pointers.</div><div>Y.</div><div><br></div><div>[1] <a href="https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre">https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre</a></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
As you can see, planning I can do. Execution is more challenging ;)<br>
<br>
Thanks!<br>
<div class="gmail-HOEnZb"><div class="gmail-h5"><br>
>> > Y.<br>
<br>
-derek<br>
<br>
--<br>
Derek Atkins <a href="tel:617-623-3745" value="+16176233745">617-623-3745</a><br>
<a href="mailto:derek@ihtfp.com">derek@ihtfp.com</a> <a href="http://www.ihtfp.com" rel="noreferrer" target="_blank">www.ihtfp.com</a><br>
Computer and Internet Security Consultant<br>
<br>
</div></div></blockquote></div><br></div></div>