Meltdown and spectre


#1

Can anyone confirm whether the Librem laptops contain CPUs that are affected by meltdown and spectre security flaws?


#2

#3

If you are strictly only concerned with the flaw known as “Meltdown” and the flaw known as “Spectre” then I think you can sleep easy. They were dealt with a long time ago.

A different answer would be: pretty much every Intel CPU has these and similar security flaws (all relating to speculative execution), and even some AMD CPUs and some ARM CPUs do likewise.

So the questions are:

  • are the security flaws known yet?
  • then … have they been patched yet? mitigated yet?

A small subset of these security flaws was patched by updated Intel CPU firmware - and related operating system patches to take advantage of that.

A much larger subset of these security flaws was just patched by workarounds in the operating system, and in other software.

Some changes were made to web browsers to make remote exploitation difficult or impossible.

I think you can assume that most Linux distros (and most other operating systems) are pumping out patches and workarounds as best they can, as each flaw becomes known.


#4

@kieran thanks for your informative reply.
From my POV I’d prefer a CPU that has been updated to prevent the identified security issues rather than a OS patch, which I see as a temporary solution. So I’d rather choose a system that did not contain a ‘flawed’ chip as my next purchase.


#5

So would I. However when you consider that the latest flaws were announced last month and the 10th generation CPUs are among the vulnerable models, what you seek doesn’t exist.

I also have the suspicion that part of the problem is that Intel doesn’t see some of these as flaws, but instead as undocumented, intended behavior that must be worked around in the software.