Spectre Variant 2 mitigation - Intel Microcode

Support for security such as Firewalls and securing linux
Post Reply
mattko
Posts: 2
Joined: 2018/01/12 15:34:33

Spectre Variant 2 mitigation - Intel Microcode

Post by mattko » 2018/01/12 15:43:11

Hi,

First post here 8-)

I have a couple of servers running CENTOS 6.9 and am looking for help in mitigating the effects of Spectre variant 2.

I see Intel has microcode updates available for CENTOS 7> @ https://downloadcenter.intel.com/downlo ... -Data-File

Normally i'd just take a deep breath and apply the code, but both are production servers so I can't really risk it.

Has anyone here successfully applied this code to CENTOS 6 and their system has lived?

Cheers,

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Spectre Variant 2 mitigation - Intel Microcode

Post by TrevorH » 2018/01/12 16:55:27

The microcode-201801xx.tgz file that I downloaded from Intel's site a couple of days ago had a microcode.dat file in it that looked to be in the correct format for CentOS 6. It also had an intel-ucode directory in it that was in the format used for CentOS 7.

However, are you sure you really need to mitigate spectre on a server? It's hard to exploit and requires local access to the box so it's not something that can be exploited remotely (unless you're giving out ssh logins).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mattko
Posts: 2
Joined: 2018/01/12 15:34:33

Re: Spectre Variant 2 mitigation - Intel Microcode

Post by mattko » 2018/01/12 22:09:14

Hey Trevor

Cool! Thanks for responding. I'll leave them as they are for the time being.

Cheers,

Post Reply