From ae1ec7b2b9f3bd2d1c78af544562dd207ef5f330 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S?= <bserie@evolix.fr>
Date: Wed, 27 Jun 2018 18:01:07 +0200
Subject: [PATCH] Redo the jessie part

---
 evocheck.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/evocheck.sh b/evocheck.sh
index e634be4..f5c88a3 100755
--- a/evocheck.sh
+++ b/evocheck.sh
@@ -707,10 +707,21 @@ if [ -e /etc/debian_version ]; then
     fi
 
     if [ "$IS_MELTDOWN_SPECTRE" = 1 ]; then
+        # For Stretch, detection is easy as the kernel use
+        # /sys/devices/system/cpu/vulnerabilities/
         if is_debianversion stretch; then
             for vuln in meltdown spectre_v1 spectre_v2; do
                 test -f /sys/devices/system/cpu/vulnerabilities/$vuln || echo 'IS_MELTDOWN_SPECTRE FAILED!'
             done
+        # For Jessie this is quite complicated to verify and we need to use kernel config file
+        elif is_debianversion jessie; then
+            if grep -q BOOT_IMAGE= /proc/cmdline; then
+                kernelPath=$(grep -Eo 'BOOT_IMAGE=[^ ]+' /proc/cmdline | cut -d= -f2)
+                kernelVer=${kernelPath##*/vmlinuz-}
+                kernelConfig="config-${kernelVer}"
+                grep -Eq '^CONFIG_PAGE_TABLE_ISOLATION=y' /boot/$kernelConfig || echo 'IS_MELTDOWN_SPECTRE FAILED!'
+                grep -Eq '^CONFIG_RETPOLINE=y' /boot/$kernelConfig || echo 'IS_MELTDOWN_SPECTRE FAILED!'
+            fi
         fi
     fi
 fi