aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpmikus <pmikus@cisco.com>2020-09-23 10:48:29 +0000
committerPeter Mikus <pmikus@cisco.com>2020-10-14 11:36:42 +0000
commitaad45d97721bb9b054681914c92f125123fba05a (patch)
treebe3093eab1731a82f1de3e9e28aecf3b51d1bf2e
parentef9bab0a1b87871a8365e766a19971f0ec0b7ed8 (diff)
Spec: EPYC zn2
Signed-off-by: pmikus <pmikus@cisco.com> Change-Id: I2dd5602c129f3145ee6aa577929afdd5c2815fcd
-rw-r--r--docs/lab/testbeds_sm_zn2_hw_bios_cfg.md634
-rw-r--r--docs/report/introduction/test_environment_sut_calib_zn2.rst118
-rw-r--r--docs/report/introduction/test_environment_sut_meltspec_zn2.rst331
3 files changed, 1083 insertions, 0 deletions
diff --git a/docs/lab/testbeds_sm_zn2_hw_bios_cfg.md b/docs/lab/testbeds_sm_zn2_hw_bios_cfg.md
new file mode 100644
index 0000000000..6e274da971
--- /dev/null
+++ b/docs/lab/testbeds_sm_zn2_hw_bios_cfg.md
@@ -0,0 +1,634 @@
+# SuperMicro Cascadelake Servers - HW and BIOS Configuration
+
+1. [Linux lscpu](#linux-lscpu)
+1. [Linux dmidecode](#dmidecode)
+1. [Linux dmidecode pci](#linux-dmidecode-pci)
+1. [Linux dmidecode memory](#linux-dmidecode-memory)
+1. [EPYC zn2 Server BIOS Configuration](#epyc-zn2-server-bios-configuration)
+ 1. [Boot Feature](#boot-feature)
+ 1. [CPU Configuration](#cpu-configuration)
+ 1. [Advanced Power Management Configuration](#advanced-power-management-configuration)
+ 1. [CPU P State Control](#cpu-p-state-control)
+ 1. [Hardware PM State Control](#hardware-pm-state-control)
+ 1. [CPU C State Control](#cpu-c-state-control)
+ 1. [Package C State Control](#package-c-state-control)
+ 1. [CPU T State Control](#cpu-t-state-control)
+ 1. [Chipset Configuration](#chipset-configuration)
+ 1. [North Bridge](#north-bridge)
+ 1. [UPI Configuration](#upi-configuration)
+ 1. [Memory Configuration](#memory-configuration)
+ 1. [IIO Configuration](#iio-configuration)
+ 1. [CPU1 Configuration](#cpu1-configuration)
+ 1. [CPU2 Configuration](#cpu2-configuration)
+ 1. [South Bridge](#south-bridge)
+ 1. [PCIe/PCI/PnP Configuration](#pciepcipnp-configuration)
+ 1. [ACPI Settings](#acpi-settings)
+1. [EPYC zn2 Server Firmware Inventory](#epyc-zn2-server-firmware-inventory)
+
+## Linux lscpu
+
+```
+$ lscpu
+Architecture: x86_64
+CPU op-mode(s): 32-bit, 64-bit
+Byte Order: Little Endian
+CPU(s): 64
+On-line CPU(s) list: 0-63
+Thread(s) per core: 2
+Core(s) per socket: 32
+Socket(s): 1
+NUMA node(s): 2
+Vendor ID: AuthenticAMD
+CPU family: 23
+Model: 49
+Model name: AMD EPYC 7532 32-Core Processor
+Stepping: 0
+CPU MHz: 1981.470
+CPU max MHz: 2400.0000
+CPU min MHz: 1500.0000
+BogoMIPS: 4800.05
+Virtualization: AMD-V
+L1d cache: 32K
+L1i cache: 32K
+L2 cache: 512K
+L3 cache: 16384K
+NUMA node0 CPU(s): 0-15,32-47
+NUMA node1 CPU(s): 16-31,48-63
+Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate sme ssbd ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif umip rdpid overflow_recov succor smca
+```
+
+```
+$ lscpu
+Architecture: x86_64
+CPU op-mode(s): 32-bit, 64-bit
+Byte Order: Little Endian
+CPU(s): 64
+On-line CPU(s) list: 0-63
+Thread(s) per core: 2
+Core(s) per socket: 32
+Socket(s): 1
+NUMA node(s): 2
+Vendor ID: AuthenticAMD
+CPU family: 23
+Model: 49
+Model name: AMD EPYC 7532 32-Core Processor
+Stepping: 0
+CPU MHz: 1981.470
+CPU max MHz: 2400.0000
+CPU min MHz: 1500.0000
+BogoMIPS: 4800.05
+Virtualization: AMD-V
+L1d cache: 32K
+L1i cache: 32K
+L2 cache: 512K
+L3 cache: 16384K
+NUMA node0 CPU(s): 0-15,32-47
+NUMA node1 CPU(s): 16-31,48-63
+Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate sme ssbd ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif umip rdpid overflow_recov succor smca
+```
+
+## Linux dmidecode
+
+```
+ $ dmidecode -t slot
+ Handle 0x0026, DMI type 7, 27 bytes
+ Cache Information
+ Socket Designation: L1 Cache
+ Configuration: Enabled, Not Socketed, Level 1
+ Operational Mode: Write Back
+ Location: Internal
+ Installed Size: 2048 kB
+ Maximum Size: 2048 kB
+ Supported SRAM Types:
+ Pipeline Burst
+ Installed SRAM Type: Pipeline Burst
+ Speed: 1 ns
+ Error Correction Type: Multi-bit ECC
+ System Type: Unified
+ Associativity: 8-way Set-associative
+
+ Handle 0x0027, DMI type 7, 27 bytes
+ Cache Information
+ Socket Designation: L2 Cache
+ Configuration: Enabled, Not Socketed, Level 2
+ Operational Mode: Write Back
+ Location: Internal
+ Installed Size: 16384 kB
+ Maximum Size: 16384 kB
+ Supported SRAM Types:
+ Pipeline Burst
+ Installed SRAM Type: Pipeline Burst
+ Speed: 1 ns
+ Error Correction Type: Multi-bit ECC
+ System Type: Unified
+ Associativity: 8-way Set-associative
+
+ Handle 0x0028, DMI type 7, 27 bytes
+ Cache Information
+ Socket Designation: L3 Cache
+ Configuration: Enabled, Not Socketed, Level 3
+ Operational Mode: Write Back
+ Location: Internal
+ Installed Size: 262144 kB
+ Maximum Size: 262144 kB
+ Supported SRAM Types:
+ Pipeline Burst
+ Installed SRAM Type: Pipeline Burst
+ Speed: 1 ns
+ Error Correction Type: Multi-bit ECC
+ System Type: Unified
+ Associativity: 16-way Set-associative
+
+ Handle 0x0029, DMI type 4, 48 bytes
+ Processor Information
+ Socket Designation: CPU
+ Type: Central Processor
+ Family: Zen
+ Manufacturer: Advanced Micro Devices, Inc.
+ ID: 10 0F 83 00 FF FB 8B 17
+ Signature: Family 23, Model 49, Stepping 0
+ Flags:
+ FPU (Floating-point unit on-chip)
+ VME (Virtual mode extension)
+ DE (Debugging extension)
+ PSE (Page size extension)
+ TSC (Time stamp counter)
+ MSR (Model specific registers)
+ PAE (Physical address extension)
+ MCE (Machine check exception)
+ CX8 (CMPXCHG8 instruction supported)
+ APIC (On-chip APIC hardware supported)
+ SEP (Fast system call)
+ MTRR (Memory type range registers)
+ PGE (Page global enable)
+ MCA (Machine check architecture)
+ CMOV (Conditional move instruction supported)
+ PAT (Page attribute table)
+ PSE-36 (36-bit page size extension)
+ CLFSH (CLFLUSH instruction supported)
+ MMX (MMX technology supported)
+ FXSR (FXSAVE and FXSTOR instructions supported)
+ SSE (Streaming SIMD extensions)
+ SSE2 (Streaming SIMD extensions 2)
+ HTT (Multi-threading)
+ Version: AMD EPYC 7532 32-Core Processor
+ Voltage: 1.1 V
+ External Clock: 100 MHz
+ Max Speed: 3300 MHz
+ Current Speed: 2400 MHz
+ Status: Populated, Enabled
+ Upgrade: Socket SP3
+ L1 Cache Handle: 0x0026
+ L2 Cache Handle: 0x0027
+ L3 Cache Handle: 0x0028
+ Serial Number: Unknown
+ Asset Tag: Unknown
+ Part Number: Unknown
+ Core Count: 32
+ Core Enabled: 32
+ Thread Count: 64
+ Characteristics:
+ 64-bit capable
+ Multi-Core
+ Hardware Thread
+ Execute Protection
+ Enhanced Virtualization
+ Power/Performance Control
+```
+
+## Linux dmidecode pci
+
+```
+ $ dmidecode -t slot
+ Getting SMBIOS data from sysfs.
+ SMBIOS 3.2.0 present.
+ # SMBIOS implementations newer than version 3.1.1 are not
+ # fully supported by this version of dmidecode.
+
+ Handle 0x000A, DMI type 9, 17 bytes
+ System Slot Information
+ Designation: M.2-HC1 CPU PCI-E 4.0 X4/X2
+ Type: x4 PCI Express 3 x4
+ Current Usage: Available
+ Length: Short
+ ID: 1
+ Characteristics:
+ 3.3 V is provided
+ Opening is shared
+ PME signal is supported
+ Bus Address: 0000:ff:00.0
+
+ Handle 0x000B, DMI type 9, 17 bytes
+ System Slot Information
+ Designation: M.2-HC2 CPU PCI-E 4.0 X2
+ Type: x2 PCI Express 3 x2
+ Current Usage: Available
+ Length: Short
+ ID: 2
+ Characteristics:
+ 3.3 V is provided
+ Opening is shared
+ PME signal is supported
+ Bus Address: 0000:ff:00.0
+
+ Handle 0x0042, DMI type 9, 17 bytes
+ System Slot Information
+ Designation: RSC-W-66G4 SLOT1 PCI-E 4.0 X16
+ Type: x16 PCI Express 3 x16
+ Current Usage: In Use
+ Length: Long
+ ID: 1
+ Characteristics:
+ 3.3 V is provided
+ PME signal is supported
+ Bus Address: 0000:41:00.0
+
+ Handle 0x0043, DMI type 9, 17 bytes
+ System Slot Information
+ Designation: RSC-W-66G4 SLOT2 PCI-E 4.0 X16
+ Type: x16 PCI Express 3 x16
+ Current Usage: In Use
+ Length: Long
+ ID: 2
+ Characteristics:
+ 3.3 V is provided
+ PME signal is supported
+ Bus Address: 0000:81:00.0
+
+ Handle 0x0045, DMI type 9, 17 bytes
+ System Slot Information
+ Designation: RSC-WR-6 SLOT1 PCI-E 4.0 X16
+ Type: x16 PCI Express 3 x16
+ Current Usage: In Use
+ Length: Long
+ ID: 1
+ Characteristics:
+ 3.3 V is provided
+ PME signal is supported
+ Bus Address: 0000:01:00.0
+
+```
+
+## Linux dmidecode memory
+
+```
+ $ dmidecode -t memory
+ # dmidecode 3.1
+ Getting SMBIOS data from sysfs.
+ SMBIOS 3.2.0 present.
+ # SMBIOS implementations newer than version 3.1.1 are not
+ # fully supported by this version of dmidecode.
+
+ Handle 0x0023, DMI type 16, 23 bytes
+ Physical Memory Array
+ Location: System Board Or Motherboard
+ Use: System Memory
+ Error Correction Type: Multi-bit ECC
+ Maximum Capacity: 2 TB
+ Error Information Handle: 0x0022
+ Number Of Devices: 8
+
+ Handle 0x002B, DMI type 17, 84 bytes
+ Memory Device
+ Array Handle: 0x0023
+ Error Information Handle: 0x002A
+ Total Width: 72 bits
+ Data Width: 64 bits
+ Size: 32 GB
+ Form Factor: DIMM
+ Set: None
+ Locator: DIMMA1
+ Bank Locator: P0_Node0_Channel0_Dimm0
+ Type: DDR4
+ Type Detail: Synchronous Registered (Buffered)
+ Speed: 3200 MT/s
+ Manufacturer: SK Hynix
+ Serial Number: 431E9216
+ Asset Tag: P1-DIMMA1_AssetTag (date:19/00)
+ Part Number: HMA84GR7CJR4N-XN
+ Rank: 2
+ Configured Clock Speed: 3200 MT/s
+ Minimum Voltage: 1.2 V
+ Maximum Voltage: 1.2 V
+ Configured Voltage: 1.2 V
+
+ Handle 0x002E, DMI type 17, 84 bytes
+ Memory Device
+ Array Handle: 0x0023
+ Error Information Handle: 0x002D
+ Total Width: 72 bits
+ Data Width: 64 bits
+ Size: 32 GB
+ Form Factor: DIMM
+ Set: None
+ Locator: DIMMB1
+ Bank Locator: P0_Node0_Channel1_Dimm0
+ Type: DDR4
+ Type Detail: Synchronous Registered (Buffered)
+ Speed: 3200 MT/s
+ Manufacturer: SK Hynix
+ Serial Number: 431E91D2
+ Asset Tag: P1-DIMMB1_AssetTag (date:19/00)
+ Part Number: HMA84GR7CJR4N-XN
+ Rank: 2
+ Configured Clock Speed: 3200 MT/s
+ Minimum Voltage: 1.2 V
+ Maximum Voltage: 1.2 V
+ Configured Voltage: 1.2 V
+
+ Handle 0x0031, DMI type 17, 84 bytes
+ Memory Device
+ Array Handle: 0x0023
+ Error Information Handle: 0x0030
+ Total Width: 72 bits
+ Data Width: 64 bits
+ Size: 32 GB
+ Form Factor: DIMM
+ Set: None
+ Locator: DIMMC1
+ Bank Locator: P0_Node0_Channel2_Dimm0
+ Type: DDR4
+ Type Detail: Synchronous Registered (Buffered)
+ Speed: 3200 MT/s
+ Manufacturer: SK Hynix
+ Serial Number: 431E918A
+ Asset Tag: P1-DIMMC1_AssetTag (date:19/00)
+ Part Number: HMA84GR7CJR4N-XN
+ Rank: 2
+ Configured Clock Speed: 3200 MT/s
+ Minimum Voltage: 1.2 V
+ Maximum Voltage: 1.2 V
+ Configured Voltage: 1.2 V
+
+ Handle 0x0034, DMI type 17, 84 bytes
+ Memory Device
+ Array Handle: 0x0023
+ Error Information Handle: 0x0033
+ Total Width: 72 bits
+ Data Width: 64 bits
+ Size: 32 GB
+ Form Factor: DIMM
+ Set: None
+ Locator: DIMMD1
+ Bank Locator: P0_Node0_Channel3_Dimm0
+ Type: DDR4
+ Type Detail: Synchronous Registered (Buffered)
+ Speed: 3200 MT/s
+ Manufacturer: SK Hynix
+ Serial Number: 431E9187
+ Asset Tag: P1-DIMMD1_AssetTag (date:19/00)
+ Part Number: HMA84GR7CJR4N-XN
+ Rank: 2
+ Configured Clock Speed: 3200 MT/s
+ Minimum Voltage: 1.2 V
+ Maximum Voltage: 1.2 V
+ Configured Voltage: 1.2 V
+
+ Handle 0x0037, DMI type 17, 84 bytes
+ Memory Device
+ Array Handle: 0x0023
+ Error Information Handle: 0x0036
+ Total Width: 72 bits
+ Data Width: 64 bits
+ Size: 32 GB
+ Form Factor: DIMM
+ Set: None
+ Locator: DIMME1
+ Bank Locator: P0_Node0_Channel4_Dimm0
+ Type: DDR4
+ Type Detail: Synchronous Registered (Buffered)
+ Speed: 3200 MT/s
+ Manufacturer: SK Hynix
+ Serial Number: 431E9178
+ Asset Tag: P1-DIMME1_AssetTag (date:19/00)
+ Part Number: HMA84GR7CJR4N-XN
+ Rank: 2
+ Configured Clock Speed: 3200 MT/s
+ Minimum Voltage: 1.2 V
+ Maximum Voltage: 1.2 V
+ Configured Voltage: 1.2 V
+
+ Handle 0x003A, DMI type 17, 84 bytes
+ Memory Device
+ Array Handle: 0x0023
+ Error Information Handle: 0x0039
+ Total Width: 72 bits
+ Data Width: 64 bits
+ Size: 32 GB
+ Form Factor: DIMM
+ Set: None
+ Locator: DIMMF1
+ Bank Locator: P0_Node0_Channel5_Dimm0
+ Type: DDR4
+ Type Detail: Synchronous Registered (Buffered)
+ Speed: 3200 MT/s
+ Manufacturer: SK Hynix
+ Serial Number: 431E9206
+ Asset Tag: P1-DIMMF1_AssetTag (date:19/00)
+ Part Number: HMA84GR7CJR4N-XN
+ Rank: 2
+ Configured Clock Speed: 3200 MT/s
+ Minimum Voltage: 1.2 V
+ Maximum Voltage: 1.2 V
+ Configured Voltage: 1.2 V
+
+ Handle 0x003D, DMI type 17, 84 bytes
+ Memory Device
+ Array Handle: 0x0023
+ Error Information Handle: 0x003C
+ Total Width: 72 bits
+ Data Width: 64 bits
+ Size: 32 GB
+ Form Factor: DIMM
+ Set: None
+ Locator: DIMMG1
+ Bank Locator: P0_Node0_Channel6_Dimm0
+ Type: DDR4
+ Type Detail: Synchronous Registered (Buffered)
+ Speed: 3200 MT/s
+ Manufacturer: SK Hynix
+ Serial Number: 431E9207
+ Asset Tag: P1-DIMMG1_AssetTag (date:19/00)
+ Part Number: HMA84GR7CJR4N-XN
+ Rank: 2
+ Configured Clock Speed: 3200 MT/s
+ Minimum Voltage: 1.2 V
+ Maximum Voltage: 1.2 V
+ Configured Voltage: 1.2 V
+
+ Handle 0x0040, DMI type 17, 84 bytes
+ Memory Device
+ Array Handle: 0x0023
+ Error Information Handle: 0x003F
+ Total Width: 72 bits
+ Data Width: 64 bits
+ Size: 32 GB
+ Form Factor: DIMM
+ Set: None
+ Locator: DIMMH1
+ Bank Locator: P0_Node0_Channel7_Dimm0
+ Type: DDR4
+ Type Detail: Synchronous Registered (Buffered)
+ Speed: 3200 MT/s
+ Manufacturer: SK Hynix
+ Serial Number: 431E9209
+ Asset Tag: P1-DIMMH1_AssetTag (date:19/00)
+ Part Number: HMA84GR7CJR4N-XN
+ Rank: 2
+ Configured Clock Speed: 3200 MT/s
+ Minimum Voltage: 1.2 V
+ Maximum Voltage: 1.2 V
+ Configured Voltage: 1.2 V
+```
+
+## EPYC zn2 Server BIOS Configuration - TG
+
+### Boot Feature
+
+```
+ | Quiet Boot [Enabled] |Boot option |
+ | | |
+ | Option ROM Messages [Force BIOS] | |
+ | Bootup NumLock State [On] | |
+ | Wait For "F1" If Error [Enabled] | |
+ | INT19 Trap Response [Immediate] | |
+ | Re-try Boot [Disabled] | |
+ | | |
+ | Power Configuration | |
+ | Watch Dog Function [Disabled] | |
+ | Restore on AC Power Loss [Last State] | |
+ | Power Button Function [Instant Off] | |
+```
+
+### CPU Configuration
+
+```
+ | ACPI Settings ^| |
+ | -------------------------------------------------- *| |
+ | PCI AER Support [Disabled] *| |
+ | High Precision Event Timer [Disabled] *| |
+ | NUMA Nodes Per Socket [NPS2] *| |
+ | ACPI SRAT L3 Cache As NUMA Domain [Auto] *| |
+ | *| |
+ | CPU Configuration ^| |
+ | -------------------------------------------------- *| |
+ | SMT Control [Auto] *| |
+ | Core Performance Boost [Auto] *| |
+ | Global C-state control [Disabled] *| |
+ | Local APIC Mode [Auto] *| |
+ | CCD Control [Auto] *| |
+ | Core Control [Auto] *| |
+ | Core Control [Auto] *| |
+ | L1 Stream HW Prefetcher [Enabled] *| |
+ | L2 Stream HW Prefetcher [Enabled] *| |
+ | SVM Mode [Enabled] *| |
+ | SMEE [Disabled] *| |
+ | *| |
+ |> CPU1 Information *| |
+ | *| |
+ | NB Configuration ^| |
+ | -------------------------------------------------- *| |
+ | Determinism Control [Manual] *| |
+ | Determinism Slider [Performance] *| |
+ | cTDP Control [Disabled] *| |
+ | IOMMU [Disabled] *| |
+ | ACS Enable [Auto] *| |
+ | Package Power Limit Control [Auto] *| |
+ | APBDIS [1] *| |
+ | Fixed SOC Pstate [P0] *| |
+ | DF Cstates [Enabled] *| |
+ | Preferred IO [Manual] *| |
+ | Preferred IO Bus [##] *| |
+ | *| |
+ | *|-----------------------------|
+ | *|><: Select Screen |
+ | *|^v: Select Item |
+ | *|Enter: Select |
+ | +|+/-: Change Opt. |
+ | +|F1: General Help |
+ | +|F2: Previous Values |
+ | +|F3: Optimized Defaults |
+ | v|F4: Save & Exit |
+ | | |
+```
+
+
+## EPYC zn2 Server BIOS Configuration - DUT
+
+### Boot Feature
+
+```
+ | Quiet Boot [Enabled] |Boot option |
+ | | |
+ | Option ROM Messages [Force BIOS] | |
+ | Bootup NumLock State [On] | |
+ | Wait For "F1" If Error [Enabled] | |
+ | INT19 Trap Response [Immediate] | |
+ | Re-try Boot [Disabled] | |
+ | | |
+ | Power Configuration | |
+ | Watch Dog Function [Disabled] | |
+ | Restore on AC Power Loss [Last State] | |
+ | Power Button Function [Instant Off] | |
+```
+
+### CPU Configuration
+
+```
+ | ACPI Settings ^| |
+ | -------------------------------------------------- *| |
+ | PCI AER Support [Disabled] *| |
+ | High Precision Event Timer [Disabled] *| |
+ | NUMA Nodes Per Socket [NPS2] *| |
+ | ACPI SRAT L3 Cache As NUMA Domain [Auto] *| |
+ | *| |
+ | CPU Configuration ^| |
+ | -------------------------------------------------- *| |
+ | SMT Control [Auto] *| |
+ | Core Performance Boost [Auto] *| |
+ | Global C-state control [Disabled] *| |
+ | Local APIC Mode [Auto] *| |
+ | CCD Control [Auto] *| |
+ | Core Control [Auto] *| |
+ | Core Control [Auto] *| |
+ | L1 Stream HW Prefetcher [Enabled] *| |
+ | L2 Stream HW Prefetcher [Enabled] *| |
+ | SVM Mode [Enabled] *| |
+ | SMEE [Disabled] *| |
+ | *| |
+ |> CPU1 Information *| |
+ | *| |
+ | NB Configuration ^| |
+ | -------------------------------------------------- *| |
+ | Determinism Control [Manual] *| |
+ | Determinism Slider [Performance] *| |
+ | cTDP Control [Disabled] *| |
+ | IOMMU [Disabled] *| |
+ | ACS Enable [Auto] *| |
+ | Package Power Limit Control [Auto] *| |
+ | APBDIS [1] *| |
+ | Fixed SOC Pstate [P0] *| |
+ | DF Cstates [Enabled] *| |
+ | Preferred IO [Manual] *| |
+ | Preferred IO Bus [##] *| |
+ | *| |
+ | *|-----------------------------|
+ | *|><: Select Screen |
+ | *|^v: Select Item |
+ | *|Enter: Select |
+ | +|+/-: Change Opt. |
+ | +|F1: General Help |
+ | +|F2: Previous Values |
+ | +|F3: Optimized Defaults |
+ | v|F4: Save & Exit |
+ | | |
+```
+
+
+## EPYC zn2 Server Firmware Inventory
+
+```
+Host. IPMI IP. BMC. BIOS. CPLD. CPU Microcode. PCI Bus. X710 Firmware. XXV710 Firmware. i40e. MLX5 Firmware. mlx5_core
+s60-t210-sut1. 10.30.55.24. 03.10.04. 1.1a. 02.c2.00. 0x8301038. ?. 6.80 0x80003ce6 1.2074.0. 6.01 0x80003554 1.1747.0. 2.1.14-k. 16.26.1040. 4.6-1.0.1.
+s61-t210-tg1. 10.30.55.25. 03.10.04. 1.1a. 02.c2.00. 0x8301038. ?. 6.80 0x80003ce6 1.2074.0. 6.01 0x80003554 1.1747.0. 2.1.14-k. 16.26.1040. 4.6-1.0.1.
+``` \ No newline at end of file
diff --git a/docs/report/introduction/test_environment_sut_calib_zn2.rst b/docs/report/introduction/test_environment_sut_calib_zn2.rst
new file mode 100644
index 0000000000..c181b5f34c
--- /dev/null
+++ b/docs/report/introduction/test_environment_sut_calib_zn2.rst
@@ -0,0 +1,118 @@
+EPYC Zen2
+~~~~~~~~~
+
+Following sections include sample calibration data measured on
+s60-t210-sut1 server running in one of the AMD EPYC testbeds as
+specified in `FD.io CSIT testbeds - EPYC Zen2`_.
+
+
+Linux cmdline
+^^^^^^^^^^^^^
+
+::
+
+ $ cat /proc/cmdline
+ BOOT_IMAGE=/boot/vmlinuz-4.15.0-72-generic root=UUID=1672f0ef-755e-4a26-884d-02a3f4ac933c ro isolcpus=1-15,33-47,17-31,49-63 nohz_full=1-15,33-47,17-31,49-63 rcu_nocbs=1-15,33-47,17-31,49-63 numa_balancing=disable amd_iommu=on iommu=pt nmi_watchdog=0 audit=0 nosoftlockup processor.max_cstate=0 hpet=disable tsc=reliable mce=off splash quiet vt.handoff=1
+
+
+Linux uname
+^^^^^^^^^^^
+
+::
+
+ $ uname -a
+ Linux s60-t210-sut1 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
+
+
+System-level Core Jitter
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+::
+
+ $ sudo taskset -c 3 /home/testuser/pma_tools/jitter/jitter -i 30
+ Linux Jitter testing program version 1.9
+ Iterations=20
+ The pragram will execute a dummy function 80000 times
+ Display is updated every 20000 displayUpdate intervals
+ Thread affinity will be set to core_id:7
+ Timings are in CPU Core cycles
+ Inst_Min: Minimum Excution time during the display update interval(default is ~1 second)
+ Inst_Max: Maximum Excution time during the display update interval(default is ~1 second)
+ Inst_jitter: Jitter in the Excution time during rhe display update interval. This is the value of interest
+ last_Exec: The Excution time of last iteration just before the display update
+ Abs_Min: Absolute Minimum Excution time since the program started or statistics were reset
+ Abs_Max: Absolute Maximum Excution time since the program started or statistics were reset
+ tmp: Cumulative value calcualted by the dummy function
+ Interval: Time interval between the display updates in Core Cycles
+ Sample No: Sample number
+
+ Inst_Min,Inst_Max,Inst_jitter,last_Exec,Abs_min,Abs_max,tmp,Interval,Sample No
+ 116376,145848,29472,116376,116376,145848,3399090176,2350958712,1
+ 116376,145848,29472,116400,116376,145848,4158259200,2355136968,2
+ 116376,145848,29472,116376,116376,145848,622460928,2343355128,3
+ 116376,145848,29472,116376,116376,145848,1381629952,2362905912,4
+ 116376,145848,29472,116400,116376,145848,2140798976,2344101768,5
+ 116376,145848,29472,116376,116376,145848,2899968000,2341791912,6
+ 116376,145848,29472,116400,116376,145848,3659137024,2340794664,7
+ 116376,145848,29472,116400,116376,145848,123338752,2336863896,8
+ 116376,145752,29376,116400,116376,145848,882507776,2335339584,9
+ 116376,145512,29136,116376,116376,145848,1641676800,2335619160,10
+ 116376,145512,29136,116400,116376,145848,2400845824,2335646280,11
+ 116376,145848,29472,116400,116376,145848,3160014848,2350534872,12
+ 116376,145848,29472,116400,116376,145848,3919183872,2348972352,13
+ 116376,145848,29472,116400,116376,145848,383385600,2363157840,14
+ 116376,145848,29472,116400,116376,145848,1142554624,2349686904,15
+ 116376,145848,29472,116400,116376,145848,1901723648,2356550976,16
+ 116376,145848,29472,119304,116376,145848,2660892672,2365225944,17
+ 116376,145848,29472,116400,116376,145848,3420061696,2365215576,18
+ 116376,145848,29472,116400,116376,145848,4179230720,2349971088,19
+ 116376,145848,29472,116400,116376,145848,643432448,2339421384,20"
+
+
+Memory Bandwidth
+^^^^^^^^^^^^^^^^
+
+::
+
+ $ sudo /home/testuser/mlc --bandwidth_matrix
+ TBC
+
+::
+
+ $ sudo /home/testuser/mlc --peak_injection_bandwidth
+ TBC
+
+::
+
+ $ sudo /home/testuser/mlc --max_bandwidth
+ TBC
+
+
+Memory Latency
+^^^^^^^^^^^^^^
+
+::
+
+ $ sudo /home/testuser/mlc --latency_matrix
+ TBC
+
+::
+
+ $ sudo /home/testuser/mlc --idle_latency
+ TBC
+
+::
+
+ $ sudo /home/testuser/mlc --loaded_latency
+ TBC
+
+
+L1/L2/LLC Latency
+^^^^^^^^^^^^^^^^^
+
+::
+
+ $ sudo /home/testuser/mlc --c2c_latency
+ TBC
+
+.. include:: ../introduction/test_environment_sut_meltspec_zn2.rst
diff --git a/docs/report/introduction/test_environment_sut_meltspec_zn2.rst b/docs/report/introduction/test_environment_sut_meltspec_zn2.rst
new file mode 100644
index 0000000000..24169331a7
--- /dev/null
+++ b/docs/report/introduction/test_environment_sut_meltspec_zn2.rst
@@ -0,0 +1,331 @@
+Spectre and Meltdown Checks
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Following section displays the output of a running shell script to tell if
+system is vulnerable against the several speculative execution CVEs that were
+made public in 2018. Script is available on `Spectre & Meltdown Checker Github
+<https://github.com/speed47/spectre-meltdown-checker>`_.
+
+::
+
+ Spectre and Meltdown mitigation detection tool v0.43
+
+ Checking for vulnerabilities on current system
+ Kernel is Linux 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64
+ CPU is AMD EPYC 7532 32-Core Processor
+
+ Hardware check
+ * Hardware support (CPU microcode) for mitigation techniques
+ * Indirect Branch Restricted Speculation (IBRS)
+ * SPEC_CTRL MSR is available: YES
+ * CPU indicates IBRS capability: YES (IBRS_SUPPORT feature bit)
+ * CPU indicates preferring IBRS always-on: NO
+ * CPU indicates preferring IBRS over retpoline: YES
+ * Indirect Branch Prediction Barrier (IBPB)
+ * PRED_CMD MSR is available: YES
+ * CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
+ * Single Thread Indirect Branch Predictors (STIBP)
+ * SPEC_CTRL MSR is available: YES
+ * CPU indicates STIBP capability: YES (AMD STIBP feature bit)
+ * CPU indicates preferring STIBP always-on: NO
+ * Speculative Store Bypass Disable (SSBD)
+ * CPU indicates SSBD capability: YES (AMD SSBD in SPEC_CTRL)
+ * L1 data cache invalidation
+ * FLUSH_CMD MSR is available: NO
+ * CPU indicates L1D flush capability: NO
+ * CPU supports Transactional Synchronization Extensions (TSX): NO
+ * CPU supports Software Guard Extensions (SGX): NO
+ * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
+ * CPU microcode is known to cause stability problems: NO (family 0x17 model 0x31 stepping 0x0 ucode 0x8301034 cpuid 0x830f10)
+ * CPU microcode is the latest known available version: NO (latest version is 0x8301039 dated 2020/02/07 according to builtin firmwares DB v160.20200912+i20200722)
+ * CPU vulnerability to the speculative execution attack variants
+ * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+ * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+ * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+ * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): NO
+ * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
+ * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+ * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
+ * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
+ * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+ * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+ * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+ * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+ * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+ * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
+ * Vulnerable to CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+ CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
+ * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+ * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
+ * Kernel has the Red Hat/Ubuntu patch: NO
+ * Kernel has mask_nospec64 (arm64): NO
+ * Kernel has array_index_nospec (arm64): NO
+ > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+
+ CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
+ * Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
+ * Mitigation 1
+ * Kernel is compiled with IBRS support: YES
+ * IBRS enabled and active: YES (for firmware code only)
+ * Kernel is compiled with IBPB support: YES
+ * IBPB enabled and active: YES
+ * Mitigation 2
+ * Kernel has branch predictor hardening (arm): NO
+ * Kernel compiled with retpoline option: YES
+ * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
+ > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
+
+ CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports Page Table Isolation (PTI): YES
+ * PTI enabled and active: NO
+ * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
+ * Running as a Xen PV DomU: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3640 aka 'Variant 3a, rogue system register read'
+ * CPU microcode mitigates the vulnerability: YES
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3639 aka 'Variant 4, speculative store bypass'
+ * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+ * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
+ * SSB mitigation is enabled and active: YES (per-thread through prctl)
+ * SSB mitigation currently active for selected processes: YES (systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
+ > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+
+ CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
+ * CPU microcode mitigates the vulnerability: N/A
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports PTE inversion: YES (found in kernel image)
+ * PTE inversion enabled and active: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
+ * Information from the /sys interface: Not affected
+ * This system is a host running a hypervisor: NO
+ * Mitigation 1 (KVM)
+ * EPT is disabled: N/A (the kvm_intel module is not loaded)
+ * Mitigation 2
+ * L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
+ * L1D flush enabled: NO
+ * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
+ * Hyper-Threading (SMT) is enabled: YES
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+ * Kernel mitigation is enabled and active: NO
+ * SMT is either mitigated or disabled: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+ * Kernel mitigation is enabled and active: NO
+ * SMT is either mitigated or disabled: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+ * Kernel mitigation is enabled and active: NO
+ * SMT is either mitigated or disabled: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+ * Kernel mitigation is enabled and active: NO
+ * SMT is either mitigated or disabled: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
+ * TAA mitigation enabled and active: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * This system is a host running a hypervisor: NO
+ * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
+ * iTLB Multihit mitigation enabled and active: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
+ * SRBDS mitigation control is supported by the kernel: NO
+ * SRBDS mitigation control is enabled and active: NO (SRBDS not found in sysfs hierarchy)
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
+
+ Need more detailed information about mitigation options? Use --explain
+ A false sense of security is worse than no security at all, see --disclaimer
+
+::
+
+ Spectre and Meltdown mitigation detection tool v0.43
+
+ Checking for vulnerabilities on current system
+ Kernel is Linux 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64
+ CPU is AMD EPYC 7532 32-Core Processor
+
+ Hardware check
+ * Hardware support (CPU microcode) for mitigation techniques
+ * Indirect Branch Restricted Speculation (IBRS)
+ * SPEC_CTRL MSR is available: YES
+ * CPU indicates IBRS capability: YES (IBRS_SUPPORT feature bit)
+ * CPU indicates preferring IBRS always-on: NO
+ * CPU indicates preferring IBRS over retpoline: YES
+ * Indirect Branch Prediction Barrier (IBPB)
+ * PRED_CMD MSR is available: YES
+ * CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
+ * Single Thread Indirect Branch Predictors (STIBP)
+ * SPEC_CTRL MSR is available: YES
+ * CPU indicates STIBP capability: YES (AMD STIBP feature bit)
+ * CPU indicates preferring STIBP always-on: NO
+ * Speculative Store Bypass Disable (SSBD)
+ * CPU indicates SSBD capability: YES (AMD SSBD in SPEC_CTRL)
+ * L1 data cache invalidation
+ * FLUSH_CMD MSR is available: NO
+ * CPU indicates L1D flush capability: NO
+ * CPU supports Transactional Synchronization Extensions (TSX): NO
+ * CPU supports Software Guard Extensions (SGX): NO
+ * CPU supports Special Register Buffer Data Sampling (SRBDS): NO
+ * CPU microcode is known to cause stability problems: NO (family 0x17 model 0x31 stepping 0x0 ucode 0x8301034 cpuid 0x830f10)
+ * CPU microcode is the latest known available version: NO (latest version is 0x8301039 dated 2020/02/07 according to builtin firmwares DB v160.20200912+i20200722)
+ * CPU vulnerability to the speculative execution attack variants
+ * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
+ * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES
+ * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): NO
+ * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): NO
+ * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
+ * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
+ * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
+ * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
+ * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): NO
+ * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): NO
+ * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): NO
+ * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): NO
+ * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)): NO
+ * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)): NO
+ * Vulnerable to CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)): NO
+
+ CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
+ * Mitigated according to the /sys interface: YES (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+ * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
+ * Kernel has the Red Hat/Ubuntu patch: NO
+ * Kernel has mask_nospec64 (arm64): NO
+ * Kernel has array_index_nospec (arm64): NO
+ > STATUS: NOT VULNERABLE (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
+
+ CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
+ * Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
+ * Mitigation 1
+ * Kernel is compiled with IBRS support: YES
+ * IBRS enabled and active: YES (for firmware code only)
+ * Kernel is compiled with IBPB support: YES
+ * IBPB enabled and active: YES
+ * Mitigation 2
+ * Kernel has branch predictor hardening (arm): NO
+ * Kernel compiled with retpoline option: YES
+ * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
+ > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability)
+
+ CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports Page Table Isolation (PTI): YES
+ * PTI enabled and active: NO
+ * Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
+ * Running as a Xen PV DomU: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3640 aka 'Variant 3a, rogue system register read'
+ * CPU microcode mitigates the vulnerability: YES
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3639 aka 'Variant 4, speculative store bypass'
+ * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+ * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status)
+ * SSB mitigation is enabled and active: YES (per-thread through prctl)
+ * SSB mitigation currently active for selected processes: YES (systemd-journald systemd-logind systemd-networkd systemd-resolved systemd-timesyncd systemd-udevd)
+ > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
+
+ CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
+ * CPU microcode mitigates the vulnerability: N/A
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports PTE inversion: YES (found in kernel image)
+ * PTE inversion enabled and active: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
+ * Information from the /sys interface: Not affected
+ * This system is a host running a hypervisor: NO
+ * Mitigation 1 (KVM)
+ * EPT is disabled: N/A (the kvm_intel module is not loaded)
+ * Mitigation 2
+ * L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
+ * L1D flush enabled: NO
+ * Hardware-backed L1D flush supported: NO (flush will be done in software, this is slower)
+ * Hyper-Threading (SMT) is enabled: YES
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+ * Kernel mitigation is enabled and active: NO
+ * SMT is either mitigated or disabled: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+ * Kernel mitigation is enabled and active: NO
+ * SMT is either mitigated or disabled: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+ * Kernel mitigation is enabled and active: NO
+ * SMT is either mitigated or disabled: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * Kernel supports using MD_CLEAR mitigation: YES (found md_clear implementation evidence in kernel image)
+ * Kernel mitigation is enabled and active: NO
+ * SMT is either mitigated or disabled: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * TAA mitigation is supported by kernel: YES (found tsx_async_abort in kernel image)
+ * TAA mitigation enabled and active: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
+ * Mitigated according to the /sys interface: YES (Not affected)
+ * This system is a host running a hypervisor: NO
+ * iTLB Multihit mitigation is supported by kernel: YES (found itlb_multihit in kernel image)
+ * iTLB Multihit mitigation enabled and active: NO
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
+ * SRBDS mitigation control is supported by the kernel: NO
+ * SRBDS mitigation control is enabled and active: NO (SRBDS not found in sysfs hierarchy)
+ > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
+
+ > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
+
+ Need more detailed information about mitigation options? Use --explain
+ A false sense of security is worse than no security at all, see --disclaimer \ No newline at end of file