Microcode updates as protection against Spectre & Co.

Werner Fischer

Playlists: 'denog11' videos starting here / audio / related events

Protection against CPU attacks such as Spectre v2 or ZombieLoad require CPU microcode updates. Performing these updates via BIOS updates is often a painful task - so let's delegate this task to the operating system.

Protection against side channel attacks such as Spectre v2, v3a/v4, L1TF or MDS/ZombieLoad requires not only operating system patches but also an update of the CPU microcode. Updating the microcode via the operating system is easier than via a BIOS update - especially when you are running tens, hundreds or even thousands of servers in your datacenter.

Join this ignite talk and learn in 5 minutes everything you need to know to protect your Linux, FreeBSD and Windows servers from L1TF, ZombieLoad and the Spectre's of the world :-)