And yet HP...
And yet HP are pointing us to BIOS versions that are a few months old for some models/generations as the "fixed" version.
Other generations/models are also feb patches.
How long was this embargo, exactly?
IBM’s started to release its own patches for the Meltdown mess and the Spectre SNAFU, which it’s half-confirmed impact its hardware and operating systems, but won’t have a complete fix until mid-February. We say half-confirmed because Big Blue has only said it has problems with the processor issues Google mentioned last week, …
They will need to as the Power architecture chips are in use in military and space hardware. Spirit, Opportunity, Curiosity, Dawn are all running rad hardened Power architecture chips.
But I guess most hackers don't have a 200ft dish laying around their back yard to upload code to it :-)
Lots of 805/x and 80386/486 up there but Power has become a weapon of choice for big probes it seems. There is also the 1750a used allot of flight control systems 16bit RISC from a 1980's time.
VMs, where there are multiple VMs running on a single physical system, and they have isolation requirements. Anything running in the cloud, for example. Anything running in a data center where different VMs have different regulatory requirements.
Javascript drive-by attacks.
All of this has been discussed at great length, and is in the original papers.
"Big Blue’s also said “Clients should review these patches in the context of their datacenter environment and standard evaluation practices to determine if they should be applied.”
The latter is a motherhood statement..."
Even assuming that's a typo, I can't figure out what it is supposed to mean.
POWER CPUs are vulnerable to Spectre. It's unlikely they're vulnerable to Meltdown.
Spectre is a very broad class of attacks that affects most modern CPUs.
Meltdown only applies to CPUs that are subject to Spectre-class attacks and do not enforce permissions on speculative loads. And even then, Meltdown only applies if you have higher-privilege pages mapped when running at low privilege, which is an OS architectural choice.
FYI. According to recent update from Fujitsu, https://sp.ts.fujitsu.com/dmsp/Publications/public/Intel-Side-Channel-Analysis-Method-Security-Review-CVE2017-5715-vulnerability-Fujitsu-products.pdf
All recent Fujitsu SPARC servers will not require a new BIOS update (firmware update) and only an OS update to address SPECTRE vulnerability. So looks like no reboot will be necessary unlike majority of Power Systems! Hah!