[OpenPower-Firmware] security fixes for meltdown/spectre on P8

Fri Mar 2 08:08:52 AEDT 2018

The P9 and P8 changes are not the same, so do not presume a 1-to-1 mapping 
between them.  The P8 changes are all complete in github as far as I'm 
aware.  The P9 changes are not 100% complete yet.

--
Dan Crowell
Senior Software Engineer - Power Systems Enablement Firmware
IBM Rochester: t/l 553-2987
dcrowell at us.ibm.com

From:   Sergey Kachkin <s.kachkin at gmail.com>
To:     Daniel M Crowell <dcrowell at us.ibm.com>
Cc:     obmc at yadro.com, openpower-firmware at lists.ozlabs.org, 
OpenPower-Firmware 
<openpower-firmware-bounces+dcrowell=us.ibm.com at lists.ozlabs.org>
Date:   03/01/2018 12:46 PM
Subject:        Re: [OpenPower-Firmware] security fixes for 
meltdown/spectre on P8

Hi Daniel, 

thanks, so we have at least part of the fix since Dec'17.  Wondering if 
there a big picture  of all necessary changes somewhere. 

I went through release note but noted only some P9 changes, like below: 
https://github.com/open-power/hostboot/commit/fcf7d0e3f5fe

Not sure if it ever related though. 

regards,
Sergey 

On Thu, Mar 1, 2018 at 8:13 PM, Daniel M Crowell <dcrowell at us.ibm.com> 
wrote:
The processor inits that are required for these fixes are out in github 
already.  The changes are part of the hostboot-binaries repo.

This commit should have everything - 
https://github.com/open-power/hostboot-binaries/commit/fc2f7b939f340ba2e33382f6fcb9f908ad554186

Note - I'm not commented on any skiboot-level changes that may be needed.  
I'm totally out of that conversation.

--
Dan Crowell
Senior Software Engineer - Power Systems Enablement Firmware
IBM Rochester: t/l 553-2987
dcrowell at us.ibm.com

From:        Sergey Kachkin <s.kachkin at gmail.com>
To:        openpower-firmware at lists.ozlabs.org
Cc:        obmc at yadro.com
Date:        03/01/2018 09:46 AM
Subject:        Re: [OpenPower-Firmware] security fixes for 
meltdown/spectre on P8
Sent by:        "OpenPower-Firmware" <openpower-firmware-bounces+dcrowell=
us.ibm.com at lists.ozlabs.org>

Hi Stewart, 

We are building PNOR for our own P8 system and I'm cc'ing  the BMC-PNOR 
team. 
I've read that firmware to mitigate Spectre/Meltdown vulnerabilities have 
been released on S8*LC systems but situation with OpenPOWER is not clear 
yet. 

To be honest I'm not sure what code exactly IBM implemented on their 
machines but wondering if there any plans to contribute this code to 
OpenPOWER (if not already done)?

thanks, 

regards,
Sergey
YADRO
Engineer

On Wed, Jan 31, 2018 at 4:36 PM, Sergey Kachkin <s.kachkin at gmail.com> 
wrote:
Hi Team, 

from the published info i realised that both OS and FW patches are needed 
for CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 issues mitigation. 

Are there any plans/timeline for including related fixes into P8 PNOR? 

thanks,

regards,
Sergey 
_______________________________________________
OpenPower-Firmware mailing list
OpenPower-Firmware at lists.ozlabs.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ozlabs.org_listinfo_openpower-2Dfirmware&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=X2enJEdH-l8_f_JYvU4H0-QcEVhVzx-E5VA81OM45wk&s=DK8ZNbg9TKKStlMMEnUkC6gr0sv9QE939UeBxBlHf5M&e=

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openpower-firmware/attachments/20180301/98fc3602/attachment.html>