Bug #15173

Upgrade Intel processor microcodes to mitigate the Spectre attack

Added by intrigeri 2018-01-16 13:40:39 . Updated 2018-03-30 16:59:59 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2018-01-16
Due date:
% Done:

100%

Feature Branch:
feature/15173-upgrade-intel-microcode
Type of work:
Wait
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

This is a follow-up on Bug #15148 because we could not upgrade the Intel microcode in Tails 3.5.

Once https://bugs.debian.org/886998 is fixed we can revert commit:eab2135464682cac54ed5cfc8ef2f9e0529a9913.


Subtasks


Related issues

Blocked by Tails - Bug #15148: Upgrade AMD processor microcodes to mitigate the Spectre attack Resolved 2018-01-06
Blocked by Tails - Bug #15270: devel branch FTBFS since torbrowser-launcher 0.2.9 entered sid Resolved 2018-01-30
Blocks Tails - Feature #13245: Core work 2018Q1: Foundations Team Resolved 2017-06-29

History

#1 Updated by intrigeri 2018-01-16 13:40:48

#2 Updated by intrigeri 2018-01-16 13:40:58

  • blocked by Bug #15148: Upgrade AMD processor microcodes to mitigate the Spectre attack added

#3 Updated by intrigeri 2018-01-16 13:42:51

  • Priority changed from Normal to Elevated

#4 Updated by intrigeri 2018-02-14 07:39:24

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10
  • Feature Branch set to feature/15173-upgrade-intel-microcode

There’s no good enough firmware currently available with CPU support for Spectre variant 2 mitigation so in the meantime let’s upgrade to the version in stretch-backports so we:

  • push the other bugfixes to our users
  • are better prepared for the Spectre variant 2 mitigation once it’s ready
  • minimize the change we’ll have to make when we upgrade microcode to a version that supports Spectre variant 2 mitigation (which can be useful e.g. if we do that in a Tails bugfix release)

Note to the reviewer/merger

Do not close this ticket when merging the proposed branch.

#5 Updated by intrigeri 2018-02-14 08:12:58

  • blocked by Bug #15270: devel branch FTBFS since torbrowser-launcher 0.2.9 entered sid added

#6 Updated by intrigeri 2018-02-14 09:28:10

  • Assignee changed from intrigeri to bertagaz
  • QA Check set to Ready for QA

Note to the reviewer/merger

When merging the proposed branch, do not close this ticket. Instead, reassign it to me for 3.7. Thanks!

#7 Updated by bertagaz 2018-02-20 09:51:09

  • Assignee changed from bertagaz to intrigeri
  • Target version changed from Tails_3.6 to Tails_3.7
  • % Done changed from 10 to 20
  • QA Check changed from Ready for QA to Dev Needed

Ok, this first part is merged congrats, reassigning as asked.

#8 Updated by intrigeri 2018-03-06 14:13:10

  • QA Check deleted (Dev Needed)

#9 Updated by intrigeri 2018-03-22 15:20:45

The fix is now in stretch-backports: 3.20180312.1~bpo9+1. But given the cautious timeline the maintainer wants wrt. upgrading in stable, let’s not rush this. I’ll check closer to 3.7 if we want to make a freeze exception for that upgrade.

#10 Updated by intrigeri 2018-03-23 10:25:25

  • Priority changed from Elevated to Normal

#11 Updated by intrigeri 2018-03-28 13:33:57

#12 Updated by intrigeri 2018-03-28 13:33:58

  • blocked by deleted (Feature #13245: Core work 2018Q1: Foundations Team)

#13 Updated by intrigeri 2018-03-29 10:37:53

  • Status changed from In Progress to Fix committed
  • Target version changed from Tails_3.7 to Tails_3.6.2
  • % Done changed from 20 to 100

Done via Bug #15457.

#14 Updated by intrigeri 2018-03-29 10:38:05

  • blocked by deleted (Feature #15139: Core work 2018Q2: Foundations Team)

#15 Updated by intrigeri 2018-03-29 10:38:17

#16 Updated by anonym 2018-03-29 13:13:28

  • Assignee deleted (intrigeri)

#17 Updated by anonym 2018-03-30 16:59:59

  • Status changed from Fix committed to Resolved