Re: Meltdown / Spectre

guix-devel

I don't believe that making a microcode update available makes the situation

worse. An earlier version is a non-free component of the system anyway.

I believe, that it might well worth to provide the possibility to update it.

I think it would be beneficial, if we got a singned blob for that,

because you implicitly trust for example intel by buying their cpu,

so a blob signed by them could also be trusted.

The second thing that comes to my mind is to have a free tool to perform

the microcode update, so that we can inspect, that nothing else on the system gets modified.

I'm not very much into the microcode update stuff, but I think, that given the two assumptions

I mentioned, it would be safe to provide these updates without compromising freedom

and security more than what the current situation is.

Current Thread

[Next in Thread]

Re: Meltdown / Spectre, (continued)
- Re: What do Meltdown and Spectre mean for libreboot x200 user?, Leah Rowe, 2018/01/10
  - Re: What do Meltdown and Spectre mean for libreboot x200 user?, Alex Vong, 2018/01/14
    - Re: What do Meltdown and Spectre mean for libreboot x200 user?, Leah Rowe, 2018/01/15
    - Re: What do Meltdown and Spectre mean for libreboot x200 user?, Andy Wingo, 2018/01/15
    - Re: What do Meltdown and Spectre mean for libreboot x200 user?, Leah Rowe, 2018/01/19