I am not going to talk about the specter/meltdown bugs as i thing is well explained across the internet.
This how to shows how i installed the iucode_tool and intel-microcode packages on my machine.
First thing first: you can download the specter-meltdown-checker script to see if your processor is affected from:
After unpacking the script you run:
# ./specter-meltdown-checker.sh --explain
If your processor is vulnerable you should see some red warnings that say VULNERABLE.
Now to the procedure:
1- You need the packages iucode_tool and intel-microcode. You can install from spi, slapt-src or even compile from the site slackbuilds.org
2 - After compiling and installing there should be an archive named intel-ucode.cpio in the /boot directory. This archive will be concatenated with an initrd that you will create.
3 - Create the initrd:
# usr/share/mkinitrd/mkinitrd_command_generator.sh -i (-i interactive)
4 - Run the sugested command, but change the "-o /boot/initrd.gz" to "-o /boot/initrd-version-of-your-kernel.gz"
ex: -o /boot/initrd-4.4.240.gz"
5 - Having created the initrd-version-of-your-kernel, we are going to rename it so that we can concatenate the intel-ucode.cpio:
# cd /boot
# mv -v initrd-4.4.240.gz initrd-4.4.240.old.gz
# cat /boot/intel-ucode.cpio /boot/initrd-4.4.240.old.gz > /boot/initrd-4.4.240.gz
6 - After that you can remove the old initrd and create a new one:
# rm -fv initrd-4.4.240.old.gz initrd.gz
# ln -sv initrd-4.4.240.gz initrd.gz
7 - update the bootloader (lilo/elilo/grub)
# lilo -v
# grub-mkconfig -o /boot/grub/grub.cfg
8 - Reboot the machine. You can run again the specter-meltdow-checker to confirm:
# ./specter-meltdow-checker.sh --explain | grep 'NOT VULNERABLE'
If you upgrade the kernel, you have to recreate the initrd and concatenate the archive again!
Hope someone find this helpful and useful.
1 post • Page 1 of 1