Re: Kernel for Spectre and Meltdown
- Date: Mon, 29 Jan 2018 11:17:35 +0100
- From: Michael Lange <klappnase@xxxxxxxxxx>
- Subject: Re: Kernel for Spectre and Meltdown
On Mon, 29 Jan 2018 08:35:58 +0000
Michael Fothergill <michael.fothergill@xxxxxxxxx> wrote:
> Your need to upgrade to unstable (Debian Sid). Then you need to get
> the latest kernel from the kernel.org website.
> You also need to install GCC7 in sid which will give you version 7.3.0
> at present. That is a new enough compiler to be able to properly
> install the spectre and meltdown fixes.
The "meltdown fix" (a.k.a. page tables isolation) is already included in
Stretch's 4.9 kernel.
> Then you need to run the spectre/meltdown checker which you can get
> from a github site and run locally on your box to know it's really
> installed properly.
> AFAICT at present running a kernel with spectre and meltdown protection
> means running debian in the opposite way it is usually billed as to the
> outside world ie unstable for quite some time.
That's not entirely true, you can run Debian Stable / Stretch with a
kernel that was compiled on Sid with gcc-7.3, however it is true that for
now there is no such kernel available for Stretch out-of-the-box and even
installing the latest gcc-7 compiler packages from sid on a Stretch
system is, if possible at all, probably not trivial.
I assume that most likely someone is working on an update to gcc-6 that
will make it possible to compile the latest "spectre fix" into the kernel
with Stretch's default compiler and we will have to wait until that is
I think it is likely though, that a kernel with that fix will be
available soon in the "experimental" suite and could be installed
manually on Stretch.
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
After a time, you may find that "having" is not so pleasing a thing,
after all, as "wanting." It is not logical, but it is often true.
-- Spock, "Amok Time", stardate 3372.7