--- wikisrc/security/intel_mds.mdwn 2019/05/14 17:27:04 1.3 +++ wikisrc/security/intel_mds.mdwn 2019/05/14 17:35:13 1.4 @@ -1,5 +1,6 @@ -#NetBSD Security Update for amd64 Port (X86_64) Architecture - 20190514 +[[!meta title="Intel MDS"]] +#NetBSD Security Update for amd64 Port (X86_64) Architecture - 20190514 ###Description Details and mitigation information about a sub-class of speculative execution @@ -8,7 +9,7 @@ hardware starting with select 8th and 9t well as the 2nd Generation Intel® Xeon® Scalable Processor Family. Please refer to the Intel Security Advisory 00233 is located at: -https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html +[Intel website](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html). This update is mitigation for the following CVEs: @@ -30,11 +31,10 @@ This update is mitigation for the follow **NetBSD-7, and all the anterior releases, have no planned fixes.** [[!table data=""" -Port |Vendor/Model |MDS |NetBSD-8 |NetBSD-current -amd64 |Intel |Vulnerable |Fixed [VERW][smtoff] |Fixed [VERW][smtoff] +Port |Vendor/Model |MDS |NetBSD-8 |NetBSD-current +amd64 |Intel |Vulnerable |Fixed [VERW][smtoff] |Fixed [VERW][smtoff] """]] - ###Mitigation The mitigation for MDS depends on the Intel CPU model and available microcode or motherboard BIOS revision. @@ -50,12 +50,15 @@ can put **smtoff=YES** in your */etc/rc. ###Enabling the mitigation The two following sysctls are now available: - machdep.mds.mitigated = {0/1} user-settable - machdep.mds.method = {string} constructed by the kernel + +[[!template id=programlisting text=""" +machdep.mds.mitigated = {0/1} user-settable +machdep.mds.method = {string} constructed by the kernel +"""]] If the BIOS has the MDS update, then NetBSD will have set machdep.mds.mitigated=1 automatically. -To manually enable the check, use sysctl -w machdep.mds.mitigated=1. NetBSD +To manually enable the check, use "sysctl -w machdep.mds.mitigated=1". NetBSD will then determine if it can apply the available mitigation. When set to 0, then NetBSD will disable the mitigation.