Redo the jessie part
This commit is contained in:
parent
62b61aabf1
commit
ae1ec7b2b9
11
evocheck.sh
11
evocheck.sh
|
@ -707,10 +707,21 @@ if [ -e /etc/debian_version ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_MELTDOWN_SPECTRE" = 1 ]; then
|
if [ "$IS_MELTDOWN_SPECTRE" = 1 ]; then
|
||||||
|
# For Stretch, detection is easy as the kernel use
|
||||||
|
# /sys/devices/system/cpu/vulnerabilities/
|
||||||
if is_debianversion stretch; then
|
if is_debianversion stretch; then
|
||||||
for vuln in meltdown spectre_v1 spectre_v2; do
|
for vuln in meltdown spectre_v1 spectre_v2; do
|
||||||
test -f /sys/devices/system/cpu/vulnerabilities/$vuln || echo 'IS_MELTDOWN_SPECTRE FAILED!'
|
test -f /sys/devices/system/cpu/vulnerabilities/$vuln || echo 'IS_MELTDOWN_SPECTRE FAILED!'
|
||||||
done
|
done
|
||||||
|
# For Jessie this is quite complicated to verify and we need to use kernel config file
|
||||||
|
elif is_debianversion jessie; then
|
||||||
|
if grep -q BOOT_IMAGE= /proc/cmdline; then
|
||||||
|
kernelPath=$(grep -Eo 'BOOT_IMAGE=[^ ]+' /proc/cmdline | cut -d= -f2)
|
||||||
|
kernelVer=${kernelPath##*/vmlinuz-}
|
||||||
|
kernelConfig="config-${kernelVer}"
|
||||||
|
grep -Eq '^CONFIG_PAGE_TABLE_ISOLATION=y' /boot/$kernelConfig || echo 'IS_MELTDOWN_SPECTRE FAILED!'
|
||||||
|
grep -Eq '^CONFIG_RETPOLINE=y' /boot/$kernelConfig || echo 'IS_MELTDOWN_SPECTRE FAILED!'
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in a new issue