Page 2 of 11
#16 RE: Microcodes for branch target injection. by boombastik 06.01.2018 19:42

avatar

The file i used was already in .bin file ready for ubu.

#17 RE: Microcodes for branch target injection. by Lurkios 06.01.2018 19:45

Zitat von boombastik im Beitrag #7
The file i used was already in .bin file ready for ubu.
I think I got past that part (extracted the microcode.dat and located the correct .bin file) - mind showing me how you added the file to UBU?

EDIT: I'm an idiot. UBU already has the option to select your own file.

#18 RE: Microcodes for branch target injection. by boombastik 06.01.2018 19:51

avatar

With ubu u can select an external file .bin to load microcode, it is in the menu.

I know how to add it internally in ubu but because it is sonix's tool maybe he dont want to tell. Sorry for that.

#19 RE: Microcodes for branch target injection. by Lurkios 06.01.2018 19:52

Zitat von boombastik im Beitrag #9
With ubu u can select an external file .bin to load microcode, it is in the menu.
I know how to add it internally in ubu but because it is sonix's tool maybe he dont want to tell. Sorry for that.
Just saw that as you posted it - thank you for that, I'm an idiot.

#20 RE: Microcodes for branch target injection. by animefan 06.01.2018 20:07

I extracted this microcode update for my i7 6700K (CPU-ID 506E3 - version C2) from the official UEFI bios update for PRIME-Z270-K-ASUS (version 1002) and successfully updated my Z170 Deluxe (version 3504) UEFI bios:

PS C:\WINDOWS\system32> Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: True


BTIHardwarePresent : True
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : True
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True

#21 RE: Microcodes for branch target injection. by boombastik 06.01.2018 20:18

avatar

If use hwinfo64 please open the sensor tab and play a game like battlefiled.
After 30 minute what says in windows hardware section (whea)?
example
-http://cdn.overclock.net/d/d9/900x900px-LL-d9efb6a8_1.jpeg

#22 RE: Microcodes for branch target injection. by mbk1969 06.01.2018 23:26

Zitat von boombastik im Beitrag #4
If use hwinfo64 please open the sensor tab and play a game like battlefiled.
After 30 minute what says in windows hardware section (whea)?
example
-http://cdn.overclock.net/d/d9/900x900px-LL-d9efb6a8_1.jpeg
You can try to read events in event logs. Run Event Viewer, locate log "Applications and Services Logs => Microsoft => Windows => Kernel-WHEA". There are two views there "Errors" and "Operational". Also you can check "Windows Logs => System"

#23 RE: Microcodes for branch target injection. by geneo 07.01.2018 06:40

avatar

Zitat von boombastik im Beitrag #1
First of all the windows patch two attacks.

1)Rogue data cache load.
This patched software and are ok to go.
If your cpu is haswell and newer the windows activates also PCID perfomance optimization and the perfomance hit is smaller. I know that the x58 socket westmere xeon has support for PCID but windows dont activate it, as i think that is so no good as newer cpus.

2)Branch target injection.
This need software and firmware update to work as intented.
The OS already patched this but to work ok you need and a microcode update.

Intel has released all these microcodes for this until now:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304



The first one is for haswell and i tested it in two asrock z97 anniverssary motherboards and work ok. I put it in Sonix's UBU tool if anyone want to try it.I have only tested it in asrock z97 motherboards with haswell refresh cpus. Also killkernel tried it in his asrock formula motherboard and it worked.

GeneO an intel overclocker found from tests that microcode 23 is slower from microcode 22, but i think if someone dont overclock it is the same.

-http://www.overclock.net/t/1645289/haswe...ity-differences

Thnks killkernel for testing and GeneO for his perfomance overview.




If you want to see if your hardware is patched from 2 attacks you can see more there:
-https://www.tenforums.com/windows-10-new...rabilities.html




I did not say it is not slower if you don't overclock, I said that I didn't see any WHEA errors in limited testing with no overclock. 23h has WHEA internal CPU errors where 22h does not, even when not overclocked but under load. I only bench marked overclocked but I expect 23h is slower than 22h no matter the clock speed. I got 9% slower on realbench @ 4.7 GHz

#24 RE: Microcodes for branch target injection. by Toetje583 07.01.2018 07:52

It's kinda easy to update the tool so the user gets prompted to choose the correct microcode version (Example Socket 1151):

1. Add the Microcode file to > \UBU\Modules\mCode\1151


2. Rename the files so they look the same as the others example:

cpu000906E9_plat2A_ver0000007C_date03-12-2017.bin (Kabylake Microcode)
cpu000506E3_plat36_ver000000C2_date16-11-2017.bin (Skylake Microcode)

3. And then edit the bacthfile under \UBU\Modules\mCode\Sel1151.bat


Kabylake:

1
2
3
4
5
6
7
8
9
10
11
 
echo		Select Microcode for CPU Kabylake (LGA1151)
echo.
echo 34 Version 34 Date 10-07-2016
echo 3A Version 3A Date 22-08-2016
echo 3C Version 3C Date 05-09-2016
echo 3E Version 3E Date 16-09-2016
echo 42 Version 42 Date 02-10-2016
echo 48 Version 48 Date 15-11-2016
echo 58 Version 58 Date 09-03-2017
echo 5E Version 5E Date 06-04-2017 - Bug fix HT
echo 7C Version 7C Date 03-12-2017 - Spectre Update
 



Find:

1
2
 

if /I %ec%==5E (set mc1=1151\cpu000906E9_plat2A_ver0000005E_date06-04-2017.bin) && goto mn_skl
 



Add After:

1
2
 

if /I %ec%==7C (set mc1=1151\cpu000906E9_plat2A_ver0000007C_date03-12-2017.bin) && goto mn_skl
 



Skylake:


Find:

1
 
echo 	BA Version BA Date 09-04-2017 - Bug fix HT
 



Add After:

1
2
 

echo C2 Version C2 Date 16-11-2017 - Spectre Update
 




Find:

1
2
 

if /I %ec%==BA (set mc2=1151\cpu000506E3_plat36_ver000000BA_date09-04-2017.bin) && exit /b
 



Add After:

1
 
if /I %ec%==C2 (set mc2=1151\cpu000506E3_plat36_ver000000C2_date16-11-2017.bin) && exit /b
 



Procces is the same for other sockets with there own microcodes!

Cheers!

#25 RE: Microcodes for branch target injection. by epunk 08.01.2018 19:16

avatar

Zitat von mbk1969 im Beitrag #4
If Intel will publish updated CPU microcode for your CPU then it will be possible to use UBU because only thing to do will be to find/extract so called section file for the CPU. After extraction you can paste section file to certain UBU subfolder and it will show it in menu.

Also you can apply CPU microcode update with the help of VMware driver - here is page with instructions
http://forum.notebookreview.com/threads/...windows.787152/


Details about the method for utilizing the said VMWare driver can be found in this forum, too - see this thread

#26 RE: Microcodes for branch target injection. by AikonCWD 09.01.2018 15:09

Hi all, 1st message on this forum :)

This tool+BIOS is compatible with my ASUS z97 PRO GAMER? I wanna update my BIOS to get the last patch for Spectre vuln. but I'm not sure if this is the correct thread.

Anyone can confirm? Thanks! :)

This is my current system:

#27 RE: Microcodes for branch target injection. by SaFiS 09.01.2018 15:55

Thanks for the modified tool. Worked like a charm on my MB (ASUS MAXIMUS VII FORMULA)...

#28 RE: Microcodes for branch target injection. by AikonCWD 09.01.2018 16:18

Zitat von SaFiS im Beitrag #13
Thanks for the modified tool. Worked like a charm on my MB (ASUS MAXIMUS VII FORMULA)...




Hi, can you post the steps you followed to update your BIOS?

#29 RE: Microcodes for branch target injection. by mbk1969 09.01.2018 23:07

New microcode.dat
https://downloadcenter.intel.com/downloa...e-Data-File?v=t

PS Hey, my granddad IB-E 4930 received updated microcode: 428 => 42A!

#30 RE: Microcodes for branch target injection. by tiliarou 10.01.2018 07:44

Do you recommend updating microcode with Vmare tool under windows ?
https://labs.vmware.com/flings/vmware-cp...e-update-driver

Xobor Forum Software von Xobor
Datenschutz