The microcode updates for Bug 643342 (CVE-2017-5715) adds/exposes/documents the SPEC_CTRL flag in the cpuid EAX=7 EDX output. There is currently no way to verify the SPEC_CTRL, aside from manually decoding the raw cpuid output, as the upstream kernel patches for /proc/cpuinfo haven't landed yet. I didn't file this under Gentoo Security, as this only aids in checking that an updated microcode is being used. Even then, I don't think it's particularly useful without the kernel IBRS patches. Reproducible: Always
Created attachment 515338 [details, diff] Add SPEC_CTRL to cpuid EAX=7 output Adds the following output to `cpuid -l 7` on supported CPUs: SPEC_CTRL: Speculation Control (IBRS and IBPB) = true
have you e-mailed this upstream ? their home page says to just e-mail cpuid@etallen.com, and they look like they do semi-regular updates.
Added patch in PR for bump to newest version. Also asked upstream, if they include the patch in future.
Upstream replied: Will add that patch in a future release.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f44e80622ecdde9ec3728e9701a071450cd68f6 commit 7f44e80622ecdde9ec3728e9701a071450cd68f6 Author: Conrad Kostecki <conrad@kostecki.com> AuthorDate: 2019-09-20 07:30:34 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-09-20 14:38:00 +0000 sys-apps/cpuid: bump to version 20180519 Also bumped to EAPI=7 and corrected license. Closes: https://bugs.gentoo.org/645080 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Conrad Kostecki <conrad@kostecki.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> sys-apps/cpuid/Manifest | 1 + sys-apps/cpuid/cpuid-20180519.ebuild | 36 +++++++++++++++++ .../cpuid-20180519-add-spec-ctrl-output.patch | 10 +++++ sys-apps/cpuid/files/cpuid-20180519-makefile.patch | 46 ++++++++++++++++++++++ sys-apps/cpuid/metadata.xml | 13 ++++++ 5 files changed, 106 insertions(+)