[Bug] - Speculative Store Bypass - missing microcode for AMD

[daniejstriata]

I have a t3a.medium and noticed during boot:

kernel: Speculative Store Bypass: Vulnerable
kernel: Speculative Return Stack Overflow: IBPB-extending microcode not applied!
kernel: Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.
kernel: Speculative Return Stack Overflow: Mitigation: safe RET, no microcode

Should the firmware not be installed for affected AMD CPUs? User space tasks may still be vulnerable.

https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html

release: 20231113 kernel: 6.1.61-85.141.amzn2023.x86_64

[ozbenh]

This isn't something Amazon Linux has control on. I talked to our hypervisor folks, they say this has to do with mitigations not being exposed to the guest (but present in the hypervisor) to avoid changing the performance profile of existing instances. There are general informations about our approach towards mitigations here: https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/the-ec2-approach-to-preventing-side-channels.html