Category: Other
What is Meltdown and Spectre issue
The issue is a new side-channel analysis method developed by external researchers that gathers information by observing the physical behavior of certain processing techniques that are common to modern computing platforms, when operating as designed. Malicious code using this method and running locally on a normally operating platform could infer data values from memory.
Will ASRock Rack release the FW for it?
ASRock Rack has been notified about an industry-wide potential security issue and is taking action to help our customers address their concerns.
- Based on Intel and ASRock Rack current assessment of these exploits we believe that they do not have the potential to corrupt, modify or delete data.
- ASRock Rack is working with Intel to design, test and deploy the appropriate mitigations as early as reasonably possible.
- Firmware mitigations will be available and continue to roll out over the next few weeks.
- For more information please refer to Intel public announcement website:
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
Where can I find OS hotfix for it:
Following is the hot fix for each OS.
P.S
Some Linux distributions have more than one update.
For example: CVE-2017-5753 and CVE-2017-5715 is for “Spectre”, CVE-2017-5754 is for “Meltdown”
RedHat /CentOS 6 :
https://access.redhat.com/errata/RHSA-2018:0008
RedHat /CentOS 7:
https://access.redhat.com/errata/RHSA-2018:0007
Ubuntu:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
SUSE:
https://www.suse.com/security/cve/CVE-2017-5753
https://www.suse.com/security/cve/CVE-2017-5715
https://www.suse.com/security/cve/CVE-2017-5754
Debian:
https://security-tracker.debian.org/tracker/CVE-2017-5753
https://security-tracker.debian.org/tracker/CVE-2017-5715
https://security-tracker.debian.org/tracker/CVE-2017-5754
Fedora:
https://fedoramagazine.org/protect-fedora-system-meltdown/
VMware:
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
Wind River:
https://www.windriver.com/announces/cve-2015-7547_notice/
If you are using priority Linux, and need to patch by yourself.
Linux patches info is in below website for variant 2 and 3.
https://meltdownattack.com/
P.S
Variant 1 (CVE-2017-5753/) Bounds Check Bypass unless you run 4.9 or later. It doesn't have an eBPF problem.
eBPF is fixed upstream already.
1. The Serial Number for your product is located here:
I. For systems/ barebones:
II. For motherboards:
2. Motherboard Model and H/W Rev. could be found on the board itself:
e.g. Motherboard Model = EP2C621D16GM, H/W Rev. = 1.00
3. Motherboard PPID is optional if you have the S/N numberyou’re your product. If the S/N number of the motherboard is missing, please find the white label on the board and key in the part framed in red.
4. BIOS version (UEFI Version) and BMC version could be checked in BIOS Main page:
Steps:
Clear the CMOS !. you need to:
1. Disconnect the system power cable
2. Remove the CMOS Battery
3. Press the power button to drain residual energy
4. Touch/short the 2 points/pads on the CLRMOS pad with a paperclip for at least 5 seconds.
Sample the shape of the Clr_cmos pad:
5. Power on and re-check to the system.
Issue
^ Using H5Viewer to remotely control Linux OS system in CMD mode. With Caps Lock pressed, only half of the letters are upper case.
In some Linux hosts, when the host is booted into text mode, CAPS LOCK LED status will not be updated properly. CAPS LOCK LED won’t turn ON/OFF while changing the CAPS lock status in the host OS.
In such cases, H5Viewer CAPS LOCK synchronization functionality will not work properly. The screen capture above shows an example of typing letters in H5Viewer (after pressing CAPS LOCK) will toggle between lower to upper case inside host.
Solution
Currently due to the host side limitation of AMI, the issue could be bypassed with the Virtual keyboard function, or by pressing the Shift button to switch case.
Or simply switch to JViewer to remotely control the system instead using H5Viewer.
Before requesting for RMA, there are few methods to try and find out if your issue at hand is actually caused by our product itself:
1. If your system has issue booting up, please try below:
I. CMOS clearing: https://www.asrockrack.com/support/faq.asp?k=CMOS
II. Reseat all your hardware components and cables, make sure they are installed to the motherboard properly.
III. Remove all other hardware components until there is only one CPU and DIMM left, then try booting up again.
IV. If you have multiple systems or spare components at hand, you could try swapping some components which could be issue related with them.
V. If there is a later version of BIOS listed for your product on our site, please try updating to it and see if it fixes your issue.
How to update BIOS: ASRock Rack > Support
2. What information can you provide us to help:
I. Fill out your system configuration completely including firmware version (both BIOS and BMC) on our support site: https://event.asrockrack.com/tsd.asp?ln=en
II. If there is a “Dr. Debug” on your motherboard, record the current code showing when the issue occurs.
