Spectre/meltdown kernel options controllable by customer

Add spectre-meltdown-checker package. Implements customer configuration of kernel options to control spectre/meltdown related kernel options. Default (with "nopti nospectre_v2" options) can be changed to "" using system modify -S spectre_meltdown_all Change-Id: Id86c4bbe9063cf6c47fe4128d641ef2983622481 Signed-off-by: Jack Ding <jack.ding@windriver.com>
2018-05-11 14:24:06 -04:00 · 2018-05-11 14:24:06 -04:00 · 88877ed3cd
commit 88877ed3cd
parent 892489acd7
3 changed files with 38 additions and 0 deletions
--- a/1
+++ b/1
@ -54,6 +54,7 @@ security/tpm2-openssl-engine
 security/libtpms
 security/swtpm
 security/audit
+security/spectre-meltdown-checker
 kernel-std
 devtools/puppet-4.8.2
 devtools/puppet-modules/puppet-boolean-1.0.2
--- a/security/spectre-meltdown-checker/centos/build_srpm.data
+++ b/security/spectre-meltdown-checker/centos/build_srpm.data
@ -0,0 +1,2 @@
+COPY_LIST="$CGCS_BASE/downloads/spectre-meltdown-checker-0.37+-5cc77741.tar.bz2"
+TIS_PATCH_VER=0
--- a/security/spectre-meltdown-checker/centos/spectre-meltdown-checker.spec
+++ b/security/spectre-meltdown-checker/centos/spectre-meltdown-checker.spec
@ -0,0 +1,35 @@
+Name: spectre-meltdown-checker
+Version: 0.37+
+Release: %{tis_patch_ver}%{?_tis_dist}
+Summary: Checker script for spectre/meltdown
+
+Group: base
+License: GPLv3
+URL: https://github.com/speed47/spectre-meltdown-checker.git
+Source0: spectre-meltdown-checker-0.37+-5cc77741.tar.bz2
+
+BuildArch: noarch
+Requires: bash
+
+%description
+Script to check whether kernel is susceptible to spectre/meltdown vulnerabilities.
+
+
+%prep
+tar xjf %{SOURCE0}
+
+%build
+
+
+%install
+install -d -m 755 %{buildroot}/usr/sbin/
+install -m 744 spectre-meltdown-checker/spectre-meltdown-checker.sh %{buildroot}/usr/sbin/spectre-meltdown-checker.sh
+
+
+%files
+%license %{name}/LICENSE
+/usr/sbin/*
+
+
+%changelog
+