Re: Meltdown / Spectre

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Meltdown / Spectre

From:	Tobias Platen
Subject:	Re: Meltdown / Spectre
Date:	Wed, 10 Jan 2018 13:35:37 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Icedove/52.5.2



On 10.01.2018 12:49, Adonay Felipe Nogueira wrote:

I don't know if this serves as guidance as to if microcode is functional
or not, but from [1] I quote:

#+BEGIN_QUOTE

However, there is an exception for secondary embedded processors. The
exception applies to software delivered inside auxiliary and low-level
processors and FPGAs, within which software installation is not intended
after the user obtains the product. This can include, for instance,
microcode inside a processor, firmware built into an I/O device, or the
gate pattern of an FPGA. The software in such secondary processors does
not count as product software.

As an example there is still proprietary formware on the embeddedcontroller of the Thinkpads supported by libreboot.


#+END_QUOTE

My (perhaps uninformed) opinion is that it's functional data, but not
the sort of "functional" that every human would be allowed to modify
after it was first written.

[1] <https://www.fsf.org/resources/hw/endorsement/criteria>.

2018-01-10T01:36:18-0800 Chris Marusich wrote:

According to the user named _4of7 in the #libreboot channel of the
Freenode IRC network, the email list address@hidden is down.
So the Libreboot maintainers have probably not seen this email thread.

According to _4of7, currently the best way to contact the Libreboot
maintainers is IRC.  It would probably be best to ask there.  If you get
a response, please don't forget to update us here on this thread!

When I asked in #freenode today, _4of7 responded as follows:

   <_4of7> There's not much we can do from the Libreboot side, but there are
   <_4of7> mitigations on kernel side... since it's exploitable from javascript
   <_4of7> you could also e.g. not run JavaScript. specing on #libreboot IRC had
   <_4of7> the idea to run Firefox without the JIT enabled - we both tried to
   <_4of7> compile the latest ESR however, with --disable-ion, and it 
segfaulted.
   <_4of7> I tried to build ff 45esr instead, but that build failed.

I'm not sure who _4of7 is, so I don't know if they speak for the
Libreboot project.

Leah Rowe uses the nickname _4of7 on IRC, she is the founder of Libreboot



Does the GNU Project have a policy regarding this sort of thing?  I
wasn't able to find any articles on gnu.org that discuss it.

If no such policy exists, then should this topic be discussed somewhere
like address@hidden  I don't know where discussions like
this normally take place within the GNU project.  It's definitely a
discussion worth having, though.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Meltdown / Spectre, (continued)
- Re: What do Meltdown and Spectre mean for libreboot x200 user?, Leah Rowe, 2018/01/10
  - Re: What do Meltdown and Spectre mean for libreboot x200 user?, Alex Vong, 2018/01/14
    - Re: What do Meltdown and Spectre mean for libreboot x200 user?, Leah Rowe, 2018/01/15
    - Re: What do Meltdown and Spectre mean for libreboot x200 user?, Andy Wingo, 2018/01/15

Prev by Date: Re: Meltdown / Spectre
Next by Date: Re: Meltdown / Spectre
Previous by thread: Re: Meltdown / Spectre
Next by thread: Re: Meltdown / Spectre
Index(es):
- Date
- Thread