Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update/security: Upgrade kernel on scaleway machines #3719

Open
luhenry opened this issue Aug 20, 2024 · 2 comments
Open

update/security: Upgrade kernel on scaleway machines #3719

luhenry opened this issue Aug 20, 2024 · 2 comments

Comments

@luhenry
Copy link
Contributor

luhenry commented Aug 20, 2024

With the recent GhostWrite attack, we need to update the kernels on our RISC-V machines hosted at Scaleway. The steps are documented at https://www.scaleway.com/en/docs/bare-metal/elastic-metal/reference-content/elastic-metal-rv1-guidelines/#update-the-kernel

That kernel update will also allow to disable completely the support for vector on these machines, both for security reasons (as it's the source of the attack in question), but also because the vector instructions available on this machines implement an unratified version of the Vector spec (not 1.0.0).

cc @sxa

@Haroon-Khel
Copy link
Contributor

Haroon-Khel commented Aug 27, 2024

To reiterate, in the scaleway console the Eclipse Adoptium user is not able to access the more info page of the test-rise machines to be able to boot them into rescue mode. Awaiting the required permissions

@sxa
Copy link
Member

sxa commented Nov 13, 2024

Upgrade process has not been successful, so we should look at reprovisioning and re-running ansible on the machines instead of upgrading the existing ones.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: No status
Development

No branches or pull requests

3 participants