On Thu, Jan 11, 2018 at 5:32 PM, Derek Atkins <derek@ihtfp.com> wrote:
Hi,
On Thu, January 11, 2018 9:53 am, Yaniv Kaul wrote:
No one likes downtime but I suspect this is one of those serious vulnerabilities that you really really must be protected against. That being said, before planning downtime, check your HW vendor for firmware or Intel for microcode for the host first. Without it, there's not a lot of protection anyway. Note that there are 4 steps you need to take to be fully protected: CPU, hypervisor, guests and guest CPU type - plan ahead! Y.
Is there a HOW-To written up somewhere on this? ;)
Not for oVirt specifically right now. We'll blog about it once we release additional improvements to detect if you are protected - right from oVirt UI (in 4.2.1).
I built the hardware from scratch myself, so I can't go off to Dell or someone for this. So which do I need, motherboard firmware or Intel microcode? I suppose I need to go to the motherboard manufacturer (Supermicro) to look for updated firmware? Do I also need to look at Intel? Is this either-or or a "both" situation? Of course I have no idea how to reflash new firmware onto this motherboard -- I don't have DOS.
You could get it from Intel, via their microcode_ctl package. When they release for your CPU is a different manner. See[1] for some good pointers. Y. [1] https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_S...
As you can see, planning I can do. Execution is more challenging ;)
Thanks!
Y.
-derek
-- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant