Slackware on older Thinkpads - Should I stay or should I go? On the ThinkPad that is...
by firefli from LinuxQuestions.org on (#5SNFG)
Hi Folks,
For those of you with older Thinkpads (i.e T(4/)510, T(5/4)20, T(5/4)30), do you use these machines as your primary machines? I'm kinda stuck on mine
and Slackware runs well on it but I'm wondering whether I should start looking elsewhere for a similarly good laptop...and am coming up ...empty. Seems they don't make them like they used to - sturdy, upgradeable, awesome keyboard, long term driver/bios support etc...ok enough of that rant.
But these machines are getting old, and it appears Intel has been slowly dropping microcode updates for older cpu's as new variants are found. I say this because my attempt to mitigate the SRBDS vulnerability did not work, and from some searching I found a link at Phoronix ( https://www.phoronix.com/scan.php?pa...enchmark&num=1 ) saying (on the first page) that for IVY Bridge no microcode for the Srbds vulnerability has been made available.
If another variant of the Spectre/Meltdown vulnerability is discovered, we can probably say bye-bye to the T440(p)/T540 next, so ...
So the question is: Are you Thinkpad (T410/420/430 etc) owners thinking of alternate hardware? If so, I would be interested in knowing what you are planning to get to replace your laptop? Will it be New? Used? AMD? Arm? Alder Lake? Something else?
Or is not completely patching Spectre/Meltdown vulnerabilities ok with you?
And if you are curious as to what I did to try and mitigate the vulnerability the steps are outined just below but that isn't really the question anymore (I think :-) ) Maybe there is a microcode for the srbds that I don't know about.
##############################################################################
### What I did to upgrade the microcode to patch the SRBDS vulnerability ###
##############################################################################
In the end, after installing the intel-microcode and iucode_tool and because I am using grub, I only needed to add one line in /etc/default/grub:
GRUB_EARLY_INITRD_LINUX_CUSTOM="intel-ucode.cpio"
With that done the /boot/grub/grub.cfg file was updated by doing another "grub-mkconfig -o /boot/grub/grub.cfg".
I could see that grub-mkconfig -o /boot/grub/grub.cfg updated the menu entries to load the microcode - but after rebooting the output of lscpu showing the status of mitigations for Spectre/Meltdown didn't change with the microcode added. Checking the output of "cat /sys/devices/system/cpu/vulnerabilities/srbds" also showed the same result - i.e srbds was still vulnerable.
Output of lscpu showing vulnerabilities:
Vulnerabilities:
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Mitigation; Clear CPU buffers; SMT vulnerable
Meltdown: Mitigation; PTI
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Full generic retpoline, IBPB conditional, IBRS_FW, STIBP conditional
, RSB filling
Srbds: Vulnerable: No microcode
Tsx async abort: Not affected
----------
Output from cat also shows the same status:
cat /sys/devices/system/cpu/vulnerabilities/srbds
Vulnerable: No microcode
---------- Output from dmesg
dmesg | grep -i microcode
[ 0.092538] SRBDS: Vulnerable: No microcode
[ 4.169392] microcode: sig=0x306a9, pf=0x10, revision=0x21
[ 4.170357] microcode: Microcode Update Driver: v2.2.
For those of you with older Thinkpads (i.e T(4/)510, T(5/4)20, T(5/4)30), do you use these machines as your primary machines? I'm kinda stuck on mine
and Slackware runs well on it but I'm wondering whether I should start looking elsewhere for a similarly good laptop...and am coming up ...empty. Seems they don't make them like they used to - sturdy, upgradeable, awesome keyboard, long term driver/bios support etc...ok enough of that rant.
But these machines are getting old, and it appears Intel has been slowly dropping microcode updates for older cpu's as new variants are found. I say this because my attempt to mitigate the SRBDS vulnerability did not work, and from some searching I found a link at Phoronix ( https://www.phoronix.com/scan.php?pa...enchmark&num=1 ) saying (on the first page) that for IVY Bridge no microcode for the Srbds vulnerability has been made available.
If another variant of the Spectre/Meltdown vulnerability is discovered, we can probably say bye-bye to the T440(p)/T540 next, so ...
So the question is: Are you Thinkpad (T410/420/430 etc) owners thinking of alternate hardware? If so, I would be interested in knowing what you are planning to get to replace your laptop? Will it be New? Used? AMD? Arm? Alder Lake? Something else?
Or is not completely patching Spectre/Meltdown vulnerabilities ok with you?
And if you are curious as to what I did to try and mitigate the vulnerability the steps are outined just below but that isn't really the question anymore (I think :-) ) Maybe there is a microcode for the srbds that I don't know about.
##############################################################################
### What I did to upgrade the microcode to patch the SRBDS vulnerability ###
##############################################################################
In the end, after installing the intel-microcode and iucode_tool and because I am using grub, I only needed to add one line in /etc/default/grub:
GRUB_EARLY_INITRD_LINUX_CUSTOM="intel-ucode.cpio"
With that done the /boot/grub/grub.cfg file was updated by doing another "grub-mkconfig -o /boot/grub/grub.cfg".
I could see that grub-mkconfig -o /boot/grub/grub.cfg updated the menu entries to load the microcode - but after rebooting the output of lscpu showing the status of mitigations for Spectre/Meltdown didn't change with the microcode added. Checking the output of "cat /sys/devices/system/cpu/vulnerabilities/srbds" also showed the same result - i.e srbds was still vulnerable.
Output of lscpu showing vulnerabilities:
Vulnerabilities:
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Mitigation; Clear CPU buffers; SMT vulnerable
Meltdown: Mitigation; PTI
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Full generic retpoline, IBPB conditional, IBRS_FW, STIBP conditional
, RSB filling
Srbds: Vulnerable: No microcode
Tsx async abort: Not affected
----------
Output from cat also shows the same status:
cat /sys/devices/system/cpu/vulnerabilities/srbds
Vulnerable: No microcode
---------- Output from dmesg
dmesg | grep -i microcode
[ 0.092538] SRBDS: Vulnerable: No microcode
[ 4.169392] microcode: sig=0x306a9, pf=0x10, revision=0x21
[ 4.170357] microcode: Microcode Update Driver: v2.2.