Hi,

unfortunately no.

Intel has not released anything yet, that would to either fix or mitigate either
Meltdown and Spectre.

I haven't either seen a full changelog about these, but it is assumed that this
updated microcode helps to keep the performance impact on the Meltdown patches
in Linux 4.14 somewhat lower.

At the moment we do not have any clear information from the vendors what
actually works and what doesn't.

Best,
-Michael

On Sun, 2018-01-14 at 21:55 +0200, Horace Michael wrote:
> Hi,
> The microcode is the one for fixing (at processor side) the Spectre
> vulnerability?
> 
> 
> On January 14, 2018 3:16:31 PM GMT+02:00, Jonatan Schlag <jonatan.schlag(a)ipfir
> e.org> wrote:
> > Add intel microcode too the distribution and configure dracut in a way
> > that the microcode is loaded early in the boot process.
> > 
> > Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
> > ---
> > config/dracut/dracut.conf                      |  3 +
> > config/rootfiles/common/i586/intel-microcode   | 95
> > ++++++++++++++++++++++++++
> > config/rootfiles/common/x86_64/intel-microcode | 95
> > ++++++++++++++++++++++++++
> > lfs/cdrom                                      |  2 +-
> > lfs/intel-microcode                            | 80
> > ++++++++++++++++++++++
> > lfs/linux-initrd                               |  2 +-
> > make.sh                                        |  1 +
> > src/paks/linux-pae/install.sh                  |  2 +-
> > src/scripts/rebuild-initrd                     |  2 +-
> > 9 files changed, 278 insertions(+), 4 deletions(-)
> > create mode 100644 config/rootfiles/common/i586/intel-microcode
> > create mode 100644 config/rootfiles/common/x86_64/intel-microcode
> > create mode 100644 lfs/intel-microcode
> > 
> > diff --git a/config/dracut/dracut.conf b/config/dracut/dracut.conf
> > index 52bba9c62..e9bd566b6 100644
> > --- a/config/dracut/dracut.conf
> > +++ b/config/dracut/dracut.conf
> > @@ -31,6 +31,9 @@ filesystems+="reiserfs vfat xfs"
> > #hostonly="yes"
> > #
> > 
> > +# Load microcode for the CPU early
> > +early_microcode=yes
> > +
> > # install local /etc/mdadm.conf
> > #mdadmconf="no"
> > 
> > diff --git a/config/rootfiles/common/i586/intel-microcode
> > b/config/rootfiles/common/i586/intel-microcode
> > new file mode 100644
> > index 000000000..765debc79
> > --- /dev/null
> > +++ b/config/rootfiles/common/i586/intel-microcode
> > @@ -0,0 +1,95 @@
> > +#lib/firmware/intel-ucode
> > +lib/firmware/intel-ucode/06-03-02
> > +lib/firmware/intel-ucode/06-05-00
> > +lib/firmware/intel-ucode/06-05-01
> > +lib/firmware/intel-ucode/06-05-02
> > +lib/firmware/intel-ucode/06-05-03
> > +lib/firmware/intel-ucode/06-06-00
> > +lib/firmware/intel-ucode/06-06-05
> > +lib/firmware/intel-ucode/06-06-0a
> > +lib/firmware/intel-ucode/06-06-0d
> > +lib/firmware/intel-ucode/06-07-01
> > +lib/firmware/intel-ucode/06-07-02
> > +lib/firmware/intel-ucode/06-07-03
> > +lib/firmware/intel-ucode/06-08-01
> > +lib/firmware/intel-ucode/06-08-03
> > +lib/firmware/intel-ucode/06-08-06
> > +lib/firmware/intel-ucode/06-08-0a
> > +lib/firmware/intel-ucode/06-09-05
> > +lib/firmware/intel-ucode/06-0a-00
> > +lib/firmware/intel-ucode/06-0a-01
> > +lib/firmware/intel-ucode/06-0b-01
> > +lib/firmware/intel-ucode/06-0b-04
> > +lib/firmware/intel-ucode/06-0d-06
> > +lib/firmware/intel-ucode/06-0e-08
> > +lib/firmware/intel-ucode/06-0e-0c
> > +lib/firmware/intel-ucode/06-0f-02
> > +lib/firmware/intel-ucode/06-0f-06
> > +lib/firmware/intel-ucode/06-0f-07
> > +lib/firmware/intel-ucode/06-0f-0a
> > +lib/firmware/intel-ucode/06-0f-0b
> > +lib/firmware/intel-ucode/06-0f-0d
> > +lib/firmware/intel-ucode/06-16-01
> > +lib/firmware/intel-ucode/06-17-06
> > +lib/firmware/intel-ucode/06-17-07
> > +lib/firmware/intel-ucode/06-17-0a
> > +lib/firmware/intel-ucode/06-1a-04
> > +lib/firmware/intel-ucode/06-1a-05
> > +lib/firmware/intel-ucode/06-1c-02
> > +lib/firmware/intel-ucode/06-1c-0a
> > +lib/firmware/intel-ucode/06-1d-01
> > +lib/firmware/intel-ucode/06-1e-05
> > +lib/firmware/intel-ucode/06-25-02
> > +lib/firmware/intel-ucode/06-25-05
> > +lib/firmware/intel-ucode/06-26-01
> > +lib/firmware/intel-ucode/06-2a-07
> > +lib/firmware/intel-ucode/06-2d-06
> > +lib/firmware/intel-ucode/06-2d-07
> > +lib/firmware/intel-ucode/06-2f-02
> > +lib/firmware/intel-ucode/06-3a-09
> > +lib/firmware/intel-ucode/06-3c-03
> > +lib/firmware/intel-ucode/06-3d-04
> > +lib/firmware/intel-ucode/06-3e-04
> > +lib/firmware/intel-ucode/06-3e-06
> > +lib/firmware/intel-ucode/06-3e-07
> > +lib/firmware/intel-ucode/06-3f-02
> > +lib/firmware/intel-ucode/06-3f-04
> > +lib/firmware/intel-ucode/06-45-01
> > +lib/firmware/intel-ucode/06-46-01
> > +lib/firmware/intel-ucode/06-47-01
> > +lib/firmware/intel-ucode/06-4e-03
> > +lib/firmware/intel-ucode/06-4f-01
> > +lib/firmware/intel-ucode/06-55-04
> > +lib/firmware/intel-ucode/06-56-02
> > +lib/firmware/intel-ucode/06-56-03
> > +lib/firmware/intel-ucode/06-56-04
> > +lib/firmware/intel-ucode/06-5c-09
> > +lib/firmware/intel-ucode/06-5e-03
> > +lib/firmware/intel-ucode/06-7a-01
> > +lib/firmware/intel-ucode/06-8e-09
> > +lib/firmware/intel-ucode/06-8e-0a
> > +lib/firmware/intel-ucode/06-9e-09
> > +lib/firmware/intel-ucode/06-9e-0a
> > +lib/firmware/intel-ucode/06-9e-0b
> > +lib/firmware/intel-ucode/0f-00-07
> > +lib/firmware/intel-ucode/0f-00-0a
> > +lib/firmware/intel-ucode/0f-01-02
> > +lib/firmware/intel-ucode/0f-02-04
> > +lib/firmware/intel-ucode/0f-02-05
> > +lib/firmware/intel-ucode/0f-02-06
> > +lib/firmware/intel-ucode/0f-02-07
> > +lib/firmware/intel-ucode/0f-02-09
> > +lib/firmware/intel-ucode/0f-03-02
> > +lib/firmware/intel-ucode/0f-03-03
> > +lib/firmware/intel-ucode/0f-03-04
> > +lib/firmware/intel-ucode/0f-04-01
> > +lib/firmware/intel-ucode/0f-04-03
> > +lib/firmware/intel-ucode/0f-04-04
> > +lib/firmware/intel-ucode/0f-04-07
> > +lib/firmware/intel-ucode/0f-04-08
> > +lib/firmware/intel-ucode/0f-04-09
> > +lib/firmware/intel-ucode/0f-04-0a
> > +lib/firmware/intel-ucode/0f-06-02
> > +lib/firmware/intel-ucode/0f-06-04
> > +lib/firmware/intel-ucode/0f-06-05
> > +lib/firmware/intel-ucode/0f-06-08
> > diff --git a/config/rootfiles/common/x86_64/intel-microcode
> > b/config/rootfiles/common/x86_64/intel-microcode
> > new file mode 100644
> > index 000000000..765debc79
> > --- /dev/null
> > +++ b/config/rootfiles/common/x86_64/intel-microcode
> > @@ -0,0 +1,95 @@
> > +#lib/firmware/intel-ucode
> > +lib/firmware/intel-ucode/06-03-02
> > +lib/firmware/intel-ucode/06-05-00
> > +lib/firmware/intel-ucode/06-05-01
> > +lib/firmware/intel-ucode/06-05-02
> > +lib/firmware/intel-ucode/06-05-03
> > +lib/firmware/intel-ucode/06-06-00
> > +lib/firmware/intel-ucode/06-06-05
> > +lib/firmware/intel-ucode/06-06-0a
> > +lib/firmware/intel-ucode/06-06-0d
> > +lib/firmware/intel-ucode/06-07-01
> > +lib/firmware/intel-ucode/06-07-02
> > +lib/firmware/intel-ucode/06-07-03
> > +lib/firmware/intel-ucode/06-08-01
> > +lib/firmware/intel-ucode/06-08-03
> > +lib/firmware/intel-ucode/06-08-06
> > +lib/firmware/intel-ucode/06-08-0a
> > +lib/firmware/intel-ucode/06-09-05
> > +lib/firmware/intel-ucode/06-0a-00
> > +lib/firmware/intel-ucode/06-0a-01
> > +lib/firmware/intel-ucode/06-0b-01
> > +lib/firmware/intel-ucode/06-0b-04
> > +lib/firmware/intel-ucode/06-0d-06
> > +lib/firmware/intel-ucode/06-0e-08
> > +lib/firmware/intel-ucode/06-0e-0c
> > +lib/firmware/intel-ucode/06-0f-02
> > +lib/firmware/intel-ucode/06-0f-06
> > +lib/firmware/intel-ucode/06-0f-07
> > +lib/firmware/intel-ucode/06-0f-0a
> > +lib/firmware/intel-ucode/06-0f-0b
> > +lib/firmware/intel-ucode/06-0f-0d
> > +lib/firmware/intel-ucode/06-16-01
> > +lib/firmware/intel-ucode/06-17-06
> > +lib/firmware/intel-ucode/06-17-07
> > +lib/firmware/intel-ucode/06-17-0a
> > +lib/firmware/intel-ucode/06-1a-04
> > +lib/firmware/intel-ucode/06-1a-05
> > +lib/firmware/intel-ucode/06-1c-02
> > +lib/firmware/intel-ucode/06-1c-0a
> > +lib/firmware/intel-ucode/06-1d-01
> > +lib/firmware/intel-ucode/06-1e-05
> > +lib/firmware/intel-ucode/06-25-02
> > +lib/firmware/intel-ucode/06-25-05
> > +lib/firmware/intel-ucode/06-26-01
> > +lib/firmware/intel-ucode/06-2a-07
> > +lib/firmware/intel-ucode/06-2d-06
> > +lib/firmware/intel-ucode/06-2d-07
> > +lib/firmware/intel-ucode/06-2f-02
> > +lib/firmware/intel-ucode/06-3a-09
> > +lib/firmware/intel-ucode/06-3c-03
> > +lib/firmware/intel-ucode/06-3d-04
> > +lib/firmware/intel-ucode/06-3e-04
> > +lib/firmware/intel-ucode/06-3e-06
> > +lib/firmware/intel-ucode/06-3e-07
> > +lib/firmware/intel-ucode/06-3f-02
> > +lib/firmware/intel-ucode/06-3f-04
> > +lib/firmware/intel-ucode/06-45-01
> > +lib/firmware/intel-ucode/06-46-01
> > +lib/firmware/intel-ucode/06-47-01
> > +lib/firmware/intel-ucode/06-4e-03
> > +lib/firmware/intel-ucode/06-4f-01
> > +lib/firmware/intel-ucode/06-55-04
> > +lib/firmware/intel-ucode/06-56-02
> > +lib/firmware/intel-ucode/06-56-03
> > +lib/firmware/intel-ucode/06-56-04
> > +lib/firmware/intel-ucode/06-5c-09
> > +lib/firmware/intel-ucode/06-5e-03
> > +lib/firmware/intel-ucode/06-7a-01
> > +lib/firmware/intel-ucode/06-8e-09
> > +lib/firmware/intel-ucode/06-8e-0a
> > +lib/firmware/intel-ucode/06-9e-09
> > +lib/firmware/intel-ucode/06-9e-0a
> > +lib/firmware/intel-ucode/06-9e-0b
> > +lib/firmware/intel-ucode/0f-00-07
> > +lib/firmware/intel-ucode/0f-00-0a
> > +lib/firmware/intel-ucode/0f-01-02
> > +lib/firmware/intel-ucode/0f-02-04
> > +lib/firmware/intel-ucode/0f-02-05
> > +lib/firmware/intel-ucode/0f-02-06
> > +lib/firmware/intel-ucode/0f-02-07
> > +lib/firmware/intel-ucode/0f-02-09
> > +lib/firmware/intel-ucode/0f-03-02
> > +lib/firmware/intel-ucode/0f-03-03
> > +lib/firmware/intel-ucode/0f-03-04
> > +lib/firmware/intel-ucode/0f-04-01
> > +lib/firmware/intel-ucode/0f-04-03
> > +lib/firmware/intel-ucode/0f-04-04
> > +lib/firmware/intel-ucode/0f-04-07
> > +lib/firmware/intel-ucode/0f-04-08
> > +lib/firmware/intel-ucode/0f-04-09
> > +lib/firmware/intel-ucode/0f-04-0a
> > +lib/firmware/intel-ucode/0f-06-02
> > +lib/firmware/intel-ucode/0f-06-04
> > +lib/firmware/intel-ucode/0f-06-05
> > +lib/firmware/intel-ucode/0f-06-08
> > diff --git a/lfs/cdrom b/lfs/cdrom
> > index 7a7fff166..7056e9a0b 100644
> > --- a/lfs/cdrom
> > +++ b/lfs/cdrom
> > @@ -94,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> > 	dd if=/dev/zero  bs=1k count=2            >
> > /install/cdrom/boot/isolinux/boot.catalog
> > ifneq "$(BUILD_PLATFORM)" "arm"
> > 	cp /boot/vmlinuz-$(KVER)-ipfire            
> > /install/cdrom/boot/isolinux/vmlinuz
> > -	dracut --force -a "installer" --strip --xz
> > /install/cdrom/boot/isolinux/instroot $(KVER)-ipfire
> > +	dracut --force --early-microcode -a "installer" --strip --xz
> > /install/cdrom/boot/isolinux/instroot $(KVER)-ipfire
> > 	cp $(DIR_SRC)/config/syslinux/boot.png     
> > /install/cdrom/boot/isolinux/boot.png
> > 	cp /usr/lib/memtest86+/memtest.bin         
> > /install/cdrom/boot/isolinux/memtest
> > 	cp /usr/share/ipfire-netboot/ipxe.lkrn     
> > /install/cdrom/boot/isolinux/netboot
> > diff --git a/lfs/intel-microcode b/lfs/intel-microcode
> > new file mode 100644
> > index 000000000..03a000e91
> > --- /dev/null
> > +++ b/lfs/intel-microcode
> > @@ -0,0 +1,80 @@
> > +###########################################################################
> > ####
> > +#                                                                     
> >       #
> > +# IPFire.org - A linux based firewall                                 
> >       #
> > +# Copyright (C) 2007-2016  IPFire Team  <info(a)ipfire.org>             
> >       #
> > +#                                                                     
> >       #
> > +# This program is free software: you can redistribute it and/or modify
> >       #
> > +# it under the terms of the GNU General Public License as published by
> >       #
> > +# the Free Software Foundation, either version 3 of the License, or   
> >       #
> > +# (at your option) any later version.        
> 
> --
> Horace Michael (aka H&M)
>  Please excuse my typos and brevity. Sent from a Smartphone.