On Thu, Jan 11, 2018 at 5:32 PM, Derek Atkins <derek@ihtfp.com> wrote:
Hi,

On Thu, January 11, 2018 9:53 am, Yaniv Kaul wrote:

> No one likes downtime but I suspect this is one of those serious
> vulnerabilities that you really really must be protected against.
> That being said, before planning downtime, check your HW vendor for
> firmware or Intel for microcode for the host first.
> Without it, there's not a lot of protection anyway.
> Note that there are 4 steps you need to take to be fully protected: CPU,
> hypervisor, guests and guest CPU type - plan ahead!
> Y.

Is there a HOW-To written up somewhere on this?  ;)

Not for oVirt specifically right now. We'll blog about it once we release additional improvements to detect if you are protected - right from oVirt UI (in 4.2.1).
 

I built the hardware from scratch myself, so I can't go off to Dell or
someone for this.  So which do I need, motherboard firmware or Intel
microcode?  I suppose I need to go to the motherboard manufacturer
(Supermicro) to look for updated firmware?  Do I also need to look at
Intel?  Is this either-or or a "both" situation?  Of course I have no idea
how to reflash new firmware onto this motherboard -- I don't have DOS.

You could get it from Intel, via their microcode_ctl package. When they release for your CPU is a different manner.
See[1] for some good pointers.
Y.

[1] https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre
 

As you can see, planning I can do.  Execution is more challenging ;)

Thanks!

>> > Y.

-derek

--
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant