speed47
commented
4 years ago Thanks for the pointer. When the CPUs have these bugs fixed in "hardware", intel sets some bits to tell the OS about this, most notably within the ARCH_CAPABILITIES they introduced back in 2018 when the first series of vulnerabilities appeared. Each new vuln gets its bit in ARCH_CAPABILITIES, such as MDS_NO, TAA_NO, PSCHANGE_MSC_NO, RDCL_NO, SSB_NO, etc. The script checks these bits, in the "hardware checks" part, and mark the corresponding vulnerabilities as "not affected" if you have those CPUs. Keeping this open with the "information" tag, just in case we need this pointer later!
The list is here https://www.intel.com/content/www/us/en/architecture-and-technology/engineering-new-protections-into-hardware.html