A aplicação InSpectre que postaram na página anterior é 100% certa? Instalei agora a última versão da BIOS disponível no site da minha motherboard, lançada o mês passado, mas continuo vulnerável ao Spectre segundo a aplicação.
@Dark Kaeser quer dizer que em breve irão sair novas bios para motherboards ou essa correcção vem através do Windows update? Para a minha Mb desde que a bios defeituosa foi removida do site ainda não saiu mais nada...
http://www.zdnet.com/article/new-sp...y-secrets-from-intels-sgx-protected-enclaves/To exploit this weakness, the enclave code needs to display certain code patterns. However, these code patterns are present in Intel's software developer kit (SDK) for building SGX programs. Rust-SGX and Graphene-SGX are vulnerable for the same reason. In other words, any code built with the SDKs will be affected.
The attack can be mitigated by Indirect Branch Restricted Speculation (IBRS), one of the fixes Intel shipped in its microcode updates for Spectre Variant 2.
However, since microcode updates can be reverted, developers relying on SGX in the cloud would need to verify the CPU security version number during remote attestation.
We are aware of the research paper from Ohio State and have previously provided information and guidance online about how Intel SGX may be impacted by the side channel analysis vulnerabilities. We anticipate that the existing mitigations for Spectre and Meltdown, in conjunction with an updated software development toolkit for SGX application providers -- which we plan to begin making available on March 16th -- will be effective against the methods described in that research. We recommend customers make sure they are always using the most recent version of the toolkit.