FreeBSD announced last month that it was made aware of the Spectre and Meltdown security vulnerabilities discovered by various researchers from Google’s Project Zero, Graz University of Technology, Cyberus Technology, and others in late December 2017 to have time to fix them for their BSD-powered operating system.
The project said that they are working with CPU vendors like Intel and AMD to mitigate both Spectre and Meltdown on FreeBSD, but did not give an estimated time of the publication of the patches. One and a half months later, the patches to mitigate Meltdown via PTI (Page Table Isolation) arrived, along with PCID optimization of PTI.
Also, the FreeBSD project released a kernel update that includes the IBRS (Indirect Branch Restricted Speculation) feature to partially mitigate the Spectre vulnerability, which is harder to fix than Meltdown and could hunt us for next few years, according to one of the security researchers involved in its unearthing.
On the other hand, the OpenBSD UNIX-like operating system, which is known for its proactive security and integrated cryptography features, only recently received a patch that apparently mitigates the Meltdown security vulnerability. No Spectre fix was released at the moment of writing, but it could be available soon too.
OpenBSD developer Philip Guenther says in a commit that to fix Meltdown, the team had to implement a user/kernel page table separation feature for Intel CPUs. He explained how their patch works and said that the per-CPU page layout was mostly inspired from the work done by the DragonFlyBSD project.
Submitted by: Arnfried Walbrecht
Comments are closed.