Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Agustav
Beginner
1,254 Views

NUC7i7BNH + Linux Mint 18.3 = vulnernable for Spectre & Meltdown attack

I have installed Linux Mint 18.3 Cinnamon x64 on NUC7i7BNH.

Today i installed the newest upgrades by typing

apt update && apt -y upgrade

After it i cloned the spectre-meltdown-checker of Github

git clone https://github.com/speed47/spectre-meltdown-checker

The result is shattering: vulnerable!

Is there a tutorial how to protect Intel NUC7i7BNH with Ubuntu against Spectre/Meltdown attack?

Thank you!

0 Kudos
4 Replies
LeonWaksman
Super User
131 Views

Hello,

As you probably know, Linux is not supported Operating System for your NUC: https://www.intel.com/content/www/us/en/support/articles/000005628/mini-pcs.html Supported Operating Systems for Intel® NUC Products . However, did you updated your NUC with the latest Bios ver. 0062? https://downloadcenter.intel.com/download/27571/BIOS-Update-BNKBL357-86A-?product=95065 Download BIOS Update [BNKBL357.86A] . In this version was updated CPU Microcode (Security Advisory-00088) .

If you will flash your Bios do this using recovery method:

  1. Prepare USB stick fully formatted to FAT32 (disable quick format option during format). Save the Bios file BN0062.bio https://downloadcenter.intel.com/download/27571/BIOS-Update-BNKBL357-86A-?product=95065 Download BIOS Update [BNKBL357.86A] on this stick and insert it into USB slot (NUC shall be OFF). Format this USB in Windows machine (not in MAC or Linux). Do not use Linux formatted USB.
  2. Press Power Button for about 3 seconds. You should release the Power Button soon as the power led changes color from blue to amber. NUC will reboot into Power Button Menu.
  3. Press F4 and the recovery shall start.
  4. When the recovery finishes, pull out the power cord.
  5. Replace the power cord and press Power Button to switch the computer to ON.
  6. Enter Bios setting by pressing F2 during boot process.
  7. Press F9(followed by "Y"), to set Bios to default settings. Press F10 (followed by "Y"), to save the settings and exit to O.S. Let the NUC fully reboot.
  8. You can enter again to Bios setting to change the necessary settings.
  9. If you are not be able to reach the Power Button Menu, you can recover your Bios using Security Jumper Removed method: https://www.intel.com/content/www/us/en/support/articles/000005532/mini-pcs.html BIOS Recovery Update Instructions for Intel® NUC

Leon

Agustav
Beginner
131 Views

lw1948, yes i have already updated the bios.

inxi -Fxz

Machine: System: Intel product: NUC7i7BNH v: J31153-308

Mobo: Intel model: NUC7i7BNB v: J31145-307

Bios: Intel v: BNKBL357.86A.0062.2018.0222.1644 date: 02/22/2018

But this does not take any effect against Spectre and Meltdown.

Still vulnerable.

LeonWaksman
Super User
131 Views

You should address your question to the Linux forum. I'm not an expert in Linux and neither in Spectre and Meltdown vulnerability, however when I read the report you have attached in your first post, I understand that the problem is in your old kernel. The CPU is protected. You shall update to new kernel. You may present this problem to ukuu too.

Regards

Leon

AVolo2
Novice
131 Views

Thank you for your question,

http://lmgtfy.com/?q=protect+Intel+NUC7i7BNH+with+Ubuntu+against+Spectre/Meltdown LMGTFY points to https://insights.ubuntu.com/2018/01/24/meltdown-spectre-and-ubuntu-what-you-need-to-know Meltdown, Spectre and Ubuntu: What you need to know | Ubuntu Insights

that defines the issue and mentions ways of mitigation

On the other hand , Justin Ellingwood from https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and... https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and...

underlines that "Full protection against this class of vulnerability will likely require changes in CPU design." However, the issue seems to require further investigation.

References:

1. https://unix.stackexchange.com/questions/414786/how-to-mitigate-the-spectre-and-meltdown-vulnerabili... x86 - How to mitigate the Spectre and Meltdown vulnerabilities on Linux systems? - Unix & Linux Stack Exchange

2. https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

3. https://github.com/hannob/meltdownspectre-patches GitHub - hannob/meltdownspectre-patches: Summary of the patch status for Meltdown / Spectre

Regards,

Reply