• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Are you having HotKey issues? Click here for tips and tricks.
Locked

‎04-17-2018 10:38 AM

HP Recommended
Product: Pavilion - 15-cc109na
Operating System: Linux

The page detailing how to sort the "Spectre" and "Meltdown" security bulletin (https://support.hp.com/us-en/document/c05869091) provides advice for users using Windows or Chrome.

 

Does the lack of a Linux solution indicate that Linux machines are not vulnerable to "Spectre" and "Meltdown" (which given it is a BIOS issue would seem unlikely) or does HP (which I have always thought long-term as a Unix supporter) not support Linux?

 

Can I run the Windows solution -

SP85653

under Wine?

 

I am using Lubuntu 16.04LTS at the moment (and probably 18.04LTS shortly)

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

‎04-18-2018 06:17 AM - edited ‎04-18-2018 06:20 AM

HP Recommended

Hi @D-F

 

It's great to see GNU/Linux user here in the forum. I am also Ubuntu/Mint/Debian user.

 

As you probably know, in the Linux world everything comes from a single trusted source - in our case the Ubuntu/Canonical repositories. To address the issue in *buntu, updates to the kernel, processor microcode, hypervisor, and various other userspace packages have been released. These updates are being announced in Ubuntu Security Notices as they are available. 

 

From a guest and non-hypervisor bare-metal perspective, as of the Feb 21 kernel updates, as far as Canonical are aware, the mitigations for Spectre and Meltdown on most common systems are feature-complete as long as all microcode, firmware and hypervisor updates underneath the system are done. For the most common systems this is now an old story in the Linux world.

 

Lubuntu/Ubuntu have automatic updates built-in (it prompts for an update automatically) so, I suppose you are protected.

 

Kernel updates have been released long time ago and if you got a pop-up for updating the kernel, you should be protected.

 

With regards to the BIOS update, this part is not needed under *buntu and the mitigation comes from the Intel-microcode update.

 

If you have this installed, the automatic update in *buntu has already updated you.

 

As an advice - you do *not* need to download anything from external source. You should not attempt to run any code in Wine, especially external one.

 

 

In order to verify you are updated/protected (I believe you should be):

 

1. Start the Terminal, type   uname -r

 

The result will be the Linux kernel which runs on your PC

 

The following versions were patched:

  • 3.13 series : patched in 3.13.0-139
  • 3.16 series : patched in 3.16.51-3+deb8u1
  • 4.4 series : patched in 4.4.0-108
  • 4.13 series : patched in 4.13.0-25

So, your version should be newer than these and you are protected

If in doubt, please post the result and ask again

 

2. I suppose you already know the Synaptics Packet Manager >> https://www.youtube.com/watch?v=xVMrL4-tgOA

Open it and check which Firefox version you have installed . Firefox is patched against these in 57.0.4

 

3. With Synaptics Packet Manager, check the intel-microcode version you have (if you have it)

 

The patch came in version, 3.20180108.0

Yours needs to be this one or newer

 

Latest as of today should be 3.20180312.0

 

 

 

Readings and references:

>> https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

>> https://usn.ubuntu.com/3531-3/

>> https://blog.linuxmint.com/?p=3496

 

 

Hope this helps. Let me know if this answers your query.

 

 

 

 

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013

View solution in original post

Was this reply helpful? Yes No
4 REPLIES 4

‎04-18-2018 06:17 AM - edited ‎04-18-2018 06:20 AM

HP Recommended

Hi @D-F

 

It's great to see GNU/Linux user here in the forum. I am also Ubuntu/Mint/Debian user.

 

As you probably know, in the Linux world everything comes from a single trusted source - in our case the Ubuntu/Canonical repositories. To address the issue in *buntu, updates to the kernel, processor microcode, hypervisor, and various other userspace packages have been released. These updates are being announced in Ubuntu Security Notices as they are available. 

 

From a guest and non-hypervisor bare-metal perspective, as of the Feb 21 kernel updates, as far as Canonical are aware, the mitigations for Spectre and Meltdown on most common systems are feature-complete as long as all microcode, firmware and hypervisor updates underneath the system are done. For the most common systems this is now an old story in the Linux world.

 

Lubuntu/Ubuntu have automatic updates built-in (it prompts for an update automatically) so, I suppose you are protected.

 

Kernel updates have been released long time ago and if you got a pop-up for updating the kernel, you should be protected.

 

With regards to the BIOS update, this part is not needed under *buntu and the mitigation comes from the Intel-microcode update.

 

If you have this installed, the automatic update in *buntu has already updated you.

 

As an advice - you do *not* need to download anything from external source. You should not attempt to run any code in Wine, especially external one.

 

 

In order to verify you are updated/protected (I believe you should be):

 

1. Start the Terminal, type   uname -r

 

The result will be the Linux kernel which runs on your PC

 

The following versions were patched:

  • 3.13 series : patched in 3.13.0-139
  • 3.16 series : patched in 3.16.51-3+deb8u1
  • 4.4 series : patched in 4.4.0-108
  • 4.13 series : patched in 4.13.0-25

So, your version should be newer than these and you are protected

If in doubt, please post the result and ask again

 

2. I suppose you already know the Synaptics Packet Manager >> https://www.youtube.com/watch?v=xVMrL4-tgOA

Open it and check which Firefox version you have installed . Firefox is patched against these in 57.0.4

 

3. With Synaptics Packet Manager, check the intel-microcode version you have (if you have it)

 

The patch came in version, 3.20180108.0

Yours needs to be this one or newer

 

Latest as of today should be 3.20180312.0

 

 

 

Readings and references:

>> https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

>> https://usn.ubuntu.com/3531-3/

>> https://blog.linuxmint.com/?p=3496

 

 

Hope this helps. Let me know if this answers your query.

 

 

 

 

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013
Was this reply helpful? Yes No

‎04-19-2018 03:49 AM

HP Recommended

Thanks, It looks as if I am OK

 

Linux Kernel is 4.13.0-38 and Firefox is at 59.0.2 and intel-microcode is at 3.20180312.0

- all done for me by auto-update (which does not seem to have the temper tantrums of Windows7 update)

 

Having migrated from Windows (7) I had not twigged that auto-updating of Linux also updated BIOS. Different mindset required.

 

Presumably if I later create a Windows partition, I do not have to do Windows mitigation?

 

Thanks

(Delay in replying because yesterday the login process had me playing wack-a-mole with the capatcha for more than 10 minutes and would still not let me in!)

Was this reply helpful? Yes No

‎04-19-2018 05:20 AM

HP Recommended
@D-Fwrote:

Thanks, It looks as if I am OK

 

Linux Kernel is 4.13.0-38 and Firefox is at 59.0.2 and intel-microcode is at 3.20180312.0

Yes, you are OK. These versions confirm you are patched against these.

 

@D-Fwrote:
 

Presumably if I later create a Windows partition, I do not have to do Windows mitigation?


The Windows mitigation is different from what you have in Linux *buntu - it also requries Windows to be updated, the browsers to be updated, antivirus updated and this covers most. BIOS should also be updated eventually because by performing the BIOS update you are patching the firmware.

 

@D-Fwrote:

Having migrated from Windows (7) I had not twigged that auto-updating of Linux also updated BIOS. Different mindset required.

 

Yes, it takes a while to switch the mindset.

 

No, it doesn't auto update the BIOS.

 

Just the Linux OS mitigations do not require the BIOS to be updated to be protected against this.

Under *buntu, all that is needed is :

- kernel

- processor firmware (intel-microcode)

- user mode (software...)

 

> https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

 

Your GNU/Linux will not be vulnerable against Spectre/Meltdown

 

With Windows, you will also need to update the BIOS >> https://support.hp.com/us-en/document/c05869091

in addition OS updates and software updates.

 

I recommend you do not install a Windows partition. If you need Windows for any reason while on Linux, you can use VirtualBox (download from Synaptics Packet Manager).  Use Windows virtually and isolated while on Linux. Information:

>> https://www.howtogeek.com/196060/beginner-geek-how-to-create-and-use-virtual-machines/

 

Hope this helps.

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013
Was this reply helpful? Yes No

‎04-19-2018 06:24 AM

HP Recommended

Thanks again

 

I will probably end up using Virtual Box for my Legacy Windows work (one program that does not have a good Linux equivalent - and which is a bit tempermental under Wine where windows management and file navigation is a bit all over the place).

 

I used Virtual Box on my Windows7 machine (now with a deceased graphics card) to experiment and learn about Linux in it various flavours (which is easy to do because of Linux licencing and the availability of ISO downloads). I guess I can try and transfer that Windows licence to a VB machine on my current Laptop (although I have heard rumour that Windows is "clever" and detects when it beig installed on different hardware and decides that you are making an illegal copy - and MS does not like users moving pre-installed licences!). It looks as if VB on Linux will accept a 64bit Windows Licence.

 

Problem is my most recent ISO of Windows 7 SP1 is on a WD Passport drive - and accessing them from anything other than Windows is proving problematic. So I will have to sort through my pile of backup CDs! (Or try and resurrect my old laptop using the HDMI interface and prepare a new ISO). Buying another licence may be less hassle!

Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.