{"id":37617,"date":"2018-04-11T08:09:03","date_gmt":"2018-04-11T06:09:03","guid":{"rendered":"http:\/\/www.planet3dnow.de\/cms\/?p=37617"},"modified":"2018-04-11T22:02:08","modified_gmt":"2018-04-11T20:02:08","slug":"april-patchday-microcode-updates-fuer-amd-cpus-mit-spectre-schutz","status":"publish","type":"post","link":"https:\/\/www.planet3dnow.de\/cms\/37617-april-patchday-microcode-updates-fuer-amd-cpus-mit-spectre-schutz\/","title":{"rendered":"April-Patch nutzt Microcode-Updates f\u00fcr AMD-CPUs mit Spectre-Schutz"},"content":{"rendered":"

Gestern Abend unse\u00adrer Zeit hat Micro\u00adsoft sein kumu\u00adla\u00adti\u00adves Update f\u00fcr April 2018<\/a> ver\u00ad\u00f6f\u00adfent\u00adlicht. Neben der \u00fcbli\u00adchen klei\u00adne\u00adren Sicher\u00adheits\u00adup\u00addates ent\u00adh\u00e4lt das Paket nun auch Spect\u00adre-Schutz f\u00fcr AMD-Pro\u00adzes\u00adso\u00adren bis zur\u00fcck zu Bulldozer:<\/p>\n

Pro\u00advi\u00addes sup\u00adport to con\u00adtrol usa\u00adge of Indi\u00adrect Branch Pre\u00addic\u00adtion Bar\u00adri\u00ader (IBPB<\/span>) within some AMD<\/span> pro\u00adces\u00adsors (CPUs) for miti\u00adga\u00adting CVE-2017<\/span>\u20135715, Spect\u00adre Vari\u00adant 2 when swit\u00adching from user con\u00adtext to ker\u00adnel con\u00adtext (See AMD<\/span> Archi\u00adtec\u00adtu\u00adre Gui\u00adde\u00adlines around Indi\u00adrect Branch Con\u00adtrol and AMD<\/span> Secu\u00adri\u00adty Updates for more details). Fol\u00adlow ins\u00adtruc\u00adtions out\u00adlined in KB4073119<\/span> for Win\u00addows Cli\u00adent (IT<\/span> Pro) gui\u00addance to enable usa\u00adge of IBPB<\/span> within some AMD<\/span> pro\u00adces\u00adsors (CPUs) for miti\u00adga\u00adting Spect\u00adre Vari\u00adant 2 when swit\u00adching from user con\u00adtext to ker\u00adnel context.<\/p><\/blockquote>\n

Dazu hat AMD<\/span> ein White\u00adpa\u00adper<\/a> ver\u00ad\u00f6f\u00adfent\u00adlicht, das die Schutz\u00adma\u00df\u00adnah\u00admen gegen die Spect\u00adre Vari\u00adan\u00adte 2 erl\u00e4u\u00adtert. Genau wie Intel setzt AMD<\/span> unter Win\u00addows zwangs\u00adwei\u00adse auch auf neue Befeh\u00adle, die per Micro\u00adcode in die CPUs ein\u00adge\u00adbracht wer\u00adden m\u00fcs\u00adsen. Aller\u00addings legt AMD<\/span> \u2013 anders als Intel \u2013 nahe, von den drei neu\u00aden Befeh\u00adlen nur die Indi\u00adrect Branch Pre\u00addic\u00adtion Bar\u00adri\u00ader<\/em> (IBPB<\/span>) zu nut\u00adzen. Die bei\u00adden ande\u00adren Befeh\u00adle Indi\u00adrect Branch Rest\u00adric\u00adted Spe\u00adcu\u00adla\u00adti\u00adon<\/em> (IBRS<\/span>) und Sin\u00adgle Thread Indi\u00adrect Branch Pre\u00addic\u00adtor<\/em> (STIBP<\/span>) h\u00e4lt AMD<\/span> in Sachen Per\u00adfor\u00admance f\u00fcr nicht zweckm\u00e4\u00dfig.<\/p>\n

Damit Win\u00addows den Spect\u00adre-Schutz nut\u00adzen kann, gibt es zwei M\u00f6g\u00adlich\u00adkei\u00adten. Ent\u00adwe\u00adder der Main\u00adboard-Her\u00adstel\u00adler ver\u00ad\u00f6f\u00adfent\u00adlicht ein neu\u00ades BIOS<\/span>, das den Micro\u00adcode auf die neu\u00ades\u00adte Ver\u00adsi\u00adon aktua\u00adli\u00adsiert, oder aber man l\u00e4sst Win\u00addows das Micro\u00adcode-Update nach\u00adla\u00adden, was ins\u00adbe\u00adson\u00adde\u00adre f\u00fcr \u00e4lte\u00adre Platt\u00adfor\u00admen (Bull\u00addo\u00adzer, Piledri\u00adver, etc.) sinn\u00advoll w\u00e4re, wo kei\u00adne BIOS-Updates mehr zu erwar\u00adten sind. Aller\u00addings ist aktu\u00adell noch offen ob dies f\u00fcr AMD-CPUs gesche\u00adhen wird. Anders als bei Intel muss bei AMD<\/span> der Schutz zudem manu\u00adell akti\u00adviert wer\u00adden. Die detail\u00adlier\u00adte Vor\u00adge\u00adhens\u00adwei\u00adse ist unter KB4073119<\/span><\/a> beschrie\u00adben. Zusam\u00admen\u00adge\u00adfasst m\u00fcs\u00adsen fol\u00adgen\u00adde Wer\u00adte in der Regis\u00adtry gesetzt werden:<\/p>\n

reg add \u201cHKEY_LOCAL_MACHINE<\/span>\\SYSTEM<\/span>\\CurrentControlSet\\Control\\Session Manager\\Memory Manage\u00adment\u201d \/v Fea\u00adture\u00adSet\u00adtings\u00adOver\u00adri\u00adde \/t REG_DWORD<\/span> \/d 64 \/f<\/p>\n

reg add \u201cHKEY_LOCAL_MACHINE<\/span>\\SYSTEM<\/span>\\CurrentControlSet\\Control\\Session Manager\\Memory Manage\u00adment\u201d \/v Fea\u00adture\u00adSet\u00adtings\u00adOver\u00adri\u00adde\u00adMask \/t REG_DWORD<\/span> \/d 3 \/f<\/p><\/blockquote>\n

Der\u00adzeit ist der Spect\u00adre-Schutz f\u00fcr AMD-Pro\u00adzes\u00adso\u00adren nur f\u00fcr Win\u00addows 10 v1709 erh\u00e4lt\u00adlich, d\u00fcrf\u00adte jedoch auch in v1803 kom\u00admen, sobald offi\u00adzi\u00adell erh\u00e4lt\u00adlich. Ob \u00e4lte\u00adre Win\u00addows-Ver\u00adsio\u00adnen \u2013 auch \u00e4lte\u00adre Win\u00addows-10-Ver\u00adsio\u00adnen \u2013 noch ver\u00adsorgt wer\u00adden, wur\u00adde noch nicht kom\u00admu\u00adni\u00adziert. Gegen Spect\u00adre Vari\u00adan\u00adte 1 waren auch AMD-Pro\u00adzes\u00adso\u00adren bis\u00adher schon per Soft\u00adware gesch\u00fctzt, f\u00fcr Melt\u00addown waren AMD-Pro\u00adzes\u00adso\u00adren im Gegen\u00adsatz zu Intel-CPUs nie anf\u00e4llig.<\/p>\n","protected":false},"excerpt":{"rendered":"

Ges\u00adtern Abend unse\u00adrer Zeit hat Micro\u00adsoft sein kumu\u00adla\u00adti\u00adves Update f\u00fcr April 2018 ver\u00ad\u00f6f\u00adfent\u00adlicht. Neben der \u00fcbli\u00adchen klei\u00adne\u00adren Sicher\u00adheits\u00adup\u00addates ent\u00adh\u00e4lt das Paket nun auch Spect\u00adre-Schutz f\u00fcr AMD-Pro\u00ad\u00adzes\u00ad\u00adso\u00ad\u00adren bis zur\u00fcck zu Bull\u00addo\u00adzer. (\u2026) Wei\u00adter\u00adle\u00adsen \u00bb<\/a><\/p>\n","protected":false},"author":2,"featured_media":35751,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0,"footnotes":""},"categories":[16,17],"tags":[1475,1420,658],"class_list":["post-37617","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-patches","category-service-packs","tag-kumulativ","tag-spectre","tag-windows-10","entry"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/37617","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/comments?post=37617"}],"version-history":[{"count":12,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/37617\/revisions"}],"predecessor-version":[{"id":37647,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/37617\/revisions\/37647"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media\/35751"}],"wp:attachment":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media?parent=37617"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/categories?post=37617"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/tags?post=37617"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}