Closed legoktm closed 1 year ago
At https://github.com/freedomofpress/securedrop-apt-test/pull/199#issuecomment-1642888039 @rocodes wrote:
Tested on an older NUC: (NUC7i7DNHE): happy to report that kernel and metapackages install and system boot successfully; running meltdown checker produces expected results. LGTM
There is a firmware warning when installing the linux-image package (
Missing firmware /lib/firmware/i915/skl_guc_62.0.0.bin for module i915
) but it is a known issue present for several previous updates and does not affect installation. https://docs.kernel.org/gpu/i915.html
Testing on NUC12:
uname -r
: 5.15.120-1-grsec-securedrop
sudo paxtest blackhat
: Consistent results before and after kernel upgrade. "Return to function (memcpy)" is listed vulnerable (before and after), all others are not vulnerable/denied resources.spectre-meltdown-checker
: Not vulnerable
across the boardLooks great to me!
Being done with coordination in https://github.com/freedomofpress/securedrop-workstation/issues/907.
Checklist
Testing matrix
Instructions on testing procedure
To update to the new kernel, please use
sudo apt-get update && sudo unattended-upgrades -d
(notsudo apt-get upgrade
) OR wait 24h for the automatic update to happen.