The current press coverage regarding the non-functioning of the patches has not proven entirely founded on the Open Telekom Cloud. The micro-codes released by Intel were successfully imported on January 11 following several days of intensive tests.
The updates for V3/V5 processors are running stably in the availability zones in Europe and Singapore. Ongoing tests and platform reports are not showing any faults. The daily system checks are normal. From the perspective of the Open Telekom Cloud team, the security flaws involving these processors have thus been resolved. There will be no rollback.
“We did not find the decision for or against a rollback easy,” Kurt Garloff explains. “We prefer to take the minimal risk of a host crash than accept the security risks to our customers created by errors in the CPU design – customer security first”.
In addition, the performance losses due to the security update are minor. However, we must also point out that the micro-code updates from Intel are not yet complete. There are still no usable security updates available for the V4 processors. These patches have been tested on the Open Telekom Cloud. They resulted in system instability and will therefore not be used on the Open Telekom Cloud. It seems that Intel currently still has issues with delivering micro-code updates that run error-free in all scenarios. Intel even recalled a number of its updates on January 22.
However, Intel has indicated that it now understands the reboot problem. In the short term, updates should be available to close the security gaps with the exception of Spectre-2 scenarios. In the medium term, the Spectre-2 vulnerability should also be eliminated. “As soon as the patches are available, we will start our tests.”