Web lists-archives.com

Re: Kernel for Spectre and Meltdown


On Mon, 29 Jan 2018 08:35:58 +0000
Michael Fothergill <michael.fothergill@xxxxxxxxx> wrote:

> ​Your need to upgrade to unstable (Debian Sid).  Then you need to get
> the latest kernel from the kernel.org website.
> You also need to install GCC7 in sid which will give you version 7.3.0
> at present.  That is a new enough compiler to be able to properly
> install the spectre and meltdown fixes.

The "meltdown fix" (a.k.a. page tables isolation) is already included in
Stretch's 4.9 kernel.

> Then you need to run the spectre/meltdown checker which you can get
> from a github site and run locally on your box to know it's really
> installed properly.
> AFAICT at present running a kernel with spectre and meltdown protection
> means running debian in the opposite way it is usually billed as to the
> outside world ie unstable for quite some time.

That's not entirely true, you can run Debian Stable / Stretch with a
kernel that was compiled on Sid with gcc-7.3, however it is true that for
now there is no such kernel available for Stretch out-of-the-box and even
installing the latest gcc-7 compiler packages from sid on a Stretch
system is, if possible at all, probably not trivial.

I assume that most likely someone is working on an update to gcc-6 that
will make it possible to compile the latest "spectre fix" into the kernel
with Stretch's default compiler and we will have to wait until that is

I think it is likely though, that a kernel with that fix will be
available soon in the "experimental" suite and could be installed
manually on Stretch.



.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

After a time, you may find that "having" is not so pleasing a thing,
after all, as "wanting."  It is not logical, but it is often true.
		-- Spock, "Amok Time", stardate 3372.7