Intel has had a recent run of bad news, the current architectural generation has been hit with fundamental design flaws long ago part of the original microcode…
Summary:
Affects up to 10 yrs(?) of processors. Interesting since the current major Intel re-architecture was in 2013.
AMD says it’s not affected by this issue.
Reported approx May 2017 and many have studied it closely for the past half year.
Supposedly cannot be addressed by a firmware upgrade but can and is being addressed at the OS level.
Linux supposedly has been reviewing its patches since November 2017, and is now ready to roll out.
MSWindows is supposedly going to roll out this coming Patch Tuesday (January 2018)
Probably another good reason to ditch unsupported OS of all kinds.
Impact will be a major and possibly noticeable slowdown, up to approx 20% of max system performance(We may see complaints!).
Discovery was through research. No known current exploits in the wild, and even in a Lab. Supposedly proof of concepts have failed but been enough to spur concern to fix regardless.
The patch that was merged into 4.15rc makes it downgrade all processors performance. Including AMD.
There is another patch that prevents this from happening on amd, but it hasn’t been merged yet.
So… any news on how OpenSuse plans to handle this? Does anyone know if 4.15 will be released like this? Maybe it’ll be patched by each distribution?
(unless someone finds a similar bug, or proves that there is a way to cause the same bug on their processors. But it looks like AMD is pretty sure they are not affected.)
If any of you were really interested, you would not ask in Chit-Chat but go to openSUSE security pages and found out that both for Leap and Tumbleweed kernels with Meltdown (and partial Spectre) protection are already available. Updated microcode for Intel and AMD is also available for Leap.
Perhaps if you got off your high-horse long enough to stop flinging condescending insults, you might realize that 1) Even though I’ve been using Linux since the mid-90’s, I’m brand new to openSUSE, so perhaps I don’t know where these security pages are? And 2) I was speaking more kernel-side, all of Linux, not just a distro.
Chalk one up to another reason to stay away from this distro… Poor community right off the bat…
Note, someone in IRC commented that the latest ucode caused issues with some Intel CPU’s causing a fail in early boot - luckily btrfs+multiple kernels will save the day here.
One person isn’t a community - if you judge everything based on a single comment, you wouldn’t be using computers, driving cars or eat any food. Or do anything else for that matter.
I do not know if it is mentioned already above, but when I were a new member on these forums, I probably would think that
Other Forums > News & Announcements > Security Announcements
would be an obvious place to start looking for information on this Meltdown and Spectre.
What @Henk says + if I search the forums for “meltdown” or “spectre”, the security announcements show up nicely.
Another nice starting point is news.opensuse.org , since security announcements go there too.
And, please stay calm and be patient. The devs and packagers are on it.
A road map is not present, since these updates will be pushed through the update repos, seperately from other updates in the case of TW.
There were three openSUSE Leap 42.3 patches published yesterday (Friday the 5th of January 2018) morning Central European time:
openSUSE-2018-1: Security update for kernel-firmware (AMD microcode);
openSUSE-2018-2: Security update for the Linux Kernel;
openSUSE-2018-4: Security update for ucode-intel.
[HR][/HR]May I suggest that, as members of the openSUSE community we give a round of applause for the SUSE employees who, through their contacts within the industry, worked to make these repairs available in a timely fashion.
This repository contains several applications, demonstrating the Meltdown bug. For technical information about the bug, refer to the paper:
Meltdown by Lipp, Schwarz, Gruss, Prescher, Haas, Mangard, Kocher, Genkin, Yarom, and Hamburg
The applications in this repository are built with libkdump, a library we developed for the paper. This library simplifies exploitation of the bug by automatically adapting to certain properties of the environment.