I have two issues. One is that I have come across the issue of CVE and microcode updates. That post includes a link to a script that checks one's computer CPU for vulnerability. I see there are ways to apparently fix this, but it's not easy.

I think to avoid having to get stuck in a mess, I should find out if slackpkg has installed any updates for microcode. I say this because I've read that some distros include such updates if one keeps their system up to date. Thus my question: how do I find out the history of slackpkg updates? If I can figure that out and determine in the history if the microcode has been updated, I can leave this alone. Otherwise, I'll consider whether and how to proceed with a microcode update of my own.

Take a look at /var/lib/slackpkg/install.log.
/var/lib/pkgtools/packages has a list of installed packages.
Also /var/lib/pkgtools/removed_packages has a list of removed and upgraded packages.

2 members found this post helpful.

One correction, the install.log is only there if you have also installed slackpkg+

3 members found this post helpful.

Thanks, Paulo2. As I was replying, I see the reply from fourtysixandtwo. I do not have slackpkg+. I tried "grep intel" and "grep microcode*" with the other options and none of those return anything. I'll assume the microcode was not updated and think about my options. Thanks again.

1 members found this post helpful.

Thanks, I was afraid of that. I don't know anymore what is installed by slackpkg and what is installed by slackpkg+.
I install slackpkg+ right after a Slackware fresh install.

1 members found this post helpful.

Have you ever had interest in dual booting with NetBSD? I found its microcode pkgsrc package extremely simple to use. IIRC I only noticed it working from seeing boot messages about the microcode being updated.

https://cdn.netbsd.org/pub/pkgsrc/cu...bsd/index.html

But naturally if you don't already have a separate interest in also running NetBSD it wouldn't make sense to install it just for this. Following the Slackbuild instructions would be far simpler than installing a 2nd OS.

1 members found this post helpful.

Amd or Intel? Here's a procedure for the intel microcode if you are using a generic kernel and an initrd. The Amd procedure would be similar and less steps, but someone who's done it for Amd will have to comment on it.

-Install intel-microcode and iucode_tool from slackbuilds.org
-create /boot/intel-ucode.img for your specific cpu (smaller cpio image)
-I recommend creating an /etc/mkinitrd.conf and adding a "MICROCODE_ARCH=" line as follows. Note that I also add the btrfs module here and the sed/findmnt combination will replace ROOTDEV with whatever you have specified in /etc/fstab for /. In my case that's the UUID.
# I've found that this line isn't actually needed, but is still useful as a reminder.
-if you haven't also updated the kernel then you can just run
Now you can reboot. I would save the before/after output of the "spectre-meltdown-checker.sh" script to compare.

Now that you know how, do you really want to slow down your cpu? How likely is it that any of those attacks can be used on your system?

1 members found this post helpful.

@thirdm, I think I tried OpenBSD, but couldn't get it to play nice with GRUB or something.

@fourtysixandtwo. Thanks for explaining the steps. I had seen one resource, but it didn't seem to cover the whole process. But more to your point, I remember reading in one thread or another recently that updating the microcode could lead to other problems. You reminded of the main issues and with those in mind, I'm not sure I want to do update.

1 members found this post helpful.