I have installed Linux Mint 18.3 Cinnamon x64 on NUC7i7BNH.
Today i installed the newest upgrades by typing
apt update && apt -y upgrade
After it i cloned the spectre-meltdown-checker of Github
The result is shattering: vulnerable!
Is there a tutorial how to protect Intel NUC7i7BNH with Ubuntu against Spectre/Meltdown attack?
As you probably know, Linux is not supported Operating System for your NUC: https://www.intel.com/content/www/us/en/support/articles/000005628/mini-pcs.html Supported Operating Systems for Intel® NUC Products . However, did you updated your NUC with the latest Bios ver. 0062? https://downloadcenter.intel.com/download/27571/BIOS-Update-BNKBL357-86A-?product=95065 Download BIOS Update [BNKBL357.86A] . In this version was updated CPU Microcode (Security Advisory-00088) .
If you will flash your Bios do this using recovery method:
lw1948, yes i have already updated the bios.
Machine: System: Intel product: NUC7i7BNH v: J31153-308
Mobo: Intel model: NUC7i7BNB v: J31145-307
Bios: Intel v: BNKBL357.86A.0062.2018.0222.1644 date: 02/22/2018
But this does not take any effect against Spectre and Meltdown.
You should address your question to the Linux forum. I'm not an expert in Linux and neither in Spectre and Meltdown vulnerability, however when I read the report you have attached in your first post, I understand that the problem is in your old kernel. The CPU is protected. You shall update to new kernel. You may present this problem to ukuu too.
Thank you for your question,
http://lmgtfy.com/?q=protect+Intel+NUC7i7BNH+with+Ubuntu+against+Spectre/Meltdown LMGTFY points to https://insights.ubuntu.com/2018/01/24/meltdown-spectre-and-ubuntu-what-you-need-to-know Meltdown, Spectre and Ubuntu: What you need to know | Ubuntu Insights
that defines the issue and mentions ways of mitigation
On the other hand , Justin Ellingwood from https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and... https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and...
underlines that "Full protection against this class of vulnerability will likely require changes in CPU design." However, the issue seems to require further investigation.
1. https://unix.stackexchange.com/questions/414786/how-to-mitigate-the-spectre-and-meltdown-vulnerabili... x86 - How to mitigate the Spectre and Meltdown vulnerabilities on Linux systems? - Unix & Linux Stack Exchange
3. https://github.com/hannob/meltdownspectre-patches GitHub - hannob/meltdownspectre-patches: Summary of the patch status for Meltdown / Spectre