Web lists-archives.com

Re: Kernel for Spectre and Meltdown






On 29 January 2018 at 07:52, Dextin Jerafmel <jerafmel@xxxxxxxxx> wrote:
Hello

I've installed Debian 9.3 about one and a half month ago . I'm newbie to Linux world
My Kernel was 4.9.0.3 at the first of installation . After upgrading ( sudo apt upgrade ) it becomes 4.9.0.4
But in Your site You've mentioned Kernel for Debian Stretch is 4.9.65 and You updated it for Spectre and Meltdown bugs
I tried to search for available Kernel images but there isn't any newer Kernel than 4.9.0.5

Please guide me

​Your need to upgrade to unstable (Debian Sid).  Then you need to get the latest kernel from the kernel.org website.
You also need to install GCC7 in sid which will give you version 7.3.0 at present.  That is a new enough compiler to be able to properly install the spectre and meltdown fixes.
Then you need to run the spectre/meltdown checker which you can get from a github site and run locally on your box to know it's really installed properly.
AFAICT at present running a kernel with spectre and meltdown protection means running debian in the opposite way it is usually billed as to the outside world ie unstable for quite some time.

Eventually gcc 7.3 could become available in buster/testing but I don't know when.

I think gentoo is  a good distribution to try in the current security vulnerability situation.  It is good for kernel compilations and modifications etc.

Running gcc 7.3 is as easy in gentoo stable is it is gentoo testing.  The ebuild is there now and the latest version binunits (2.30) is getting readied.  I have installed
gcc 7.3 on it and soon I will uprade the kernel shortly.  New kernels are in the pipeline that will have more spectre fixes added.

I will fire them all in to my gentoo  install soon like a deck of cards.

Cheers

Regards

Michael Fothergill



 

Thanks a lot