recent BIOS updates dont appear to patch spectre vulnerabilities

NCmplx90 · ‎03-17-2021

I have an HP Pavilion Desktop 570-p056a (ROM Family 82F2) and recent BIOS update versions F.44, F.45 and F.46 suppose to have included patches for spectre vulnerabilities but running the spectre meltdown checker on my Linux system shows up with disappointing hardware checks I included a screenshot of the test results. I'm no expert in microprocessor architectures and I understand that Linux comes with appropriate patching by the kernel and Intel microcode but I did assume that the BIOS updates would have provided mitigations for several of the known spectre vulnerabilities.

please someone from HP or anyone can get back to me on this, now correct me if I'm wrong on this or misunderstood what the BIOS updates are supposed to do in terms of security. otherwise I would like to know why BIOS updates aren't doing what its supposed to do. my PC isn't really old. I purchased it not long ago so I expect a descent support from HP. If you need further technical info i would be happy to provide

DGroves · ‎03-17-2021

you do have it. use this tool to check

https://www.grc.com/inspectre.htm

also, perhaps you are unaware that Microsoft decided that since many PC venders were not releasing spectre patches for older systems that they (Microsoft) would incorporate this patch into windows 10 as part of the normal security updates.

as such if your system is current in MS updates then you will have this patch running within the win 10 OS even if HP for some reason did not release a BIOS type spectre patch

the HP Pavilion Desktop 570-xxxxx Family has/did receive spectre patches

note that older MS OS's (pre win 10) will still require a bios type update (if available)

https://support.microsoft.com/en-us/topic/summary-of-intel-microcode-updates-08c99af2-075a-4e16-1ef1...

https://support.hp.com/us-en/document/c05869091

NCmplx90 · ‎03-17-2021

Im familiar with that tool as I have ran this in the past. and I also ran the specu check tool on win 10

but have you had a look at the image I attached to my original post which is the result of running spectre checker tool on linux ?

Correct me if im wrong but that doesn't indicate that a patch was applied by the BIOS .

DGroves · ‎03-17-2021

your linux output image is to small to read, but i suspect it mentions things like VM's and virtualization neither of which would apply to your current windows configuration or later spectre variants that have not been deemed a severe bug that requires a fix

since you don't run linux, as your primary OS and have most likely not bothered to read the linux spectre checkers documentation i suspect you are simply misinterpreting it's output

any spectre check program run under windows 10 with current updates applied will show the spectre patch active as how it's applied (either bios or windows patch) is irrelevant,....... the only thing that matters is that it is applied

and any system that is newer than 2017 will most likely have a bios based patch which works under any OS, or the MS win 10 patch that covers any hardware that is able to run win 10

your system is rather new, as such spectre patches are either cpu based by intel using microcode updates or by HP bios updates

NCmplx90 · ‎03-17-2021

I want to thank you for your follow up of my concerns I appreciate your help

you gotta right click and select view image from the context menu to view the image to see the details

right now im running linux on bare metal not on VM and I dont have a Win 10 drive or partition at the moment.

but if you see anything in the results that im misinterpreting, then please let me know