sara2000
asked on
ESXI 6.* , Meltdown and Spectra patches.
VMware has released patch E600-20180140 BG etc earler.
We already applied BIOS and BIOS but have not applied OS patches yet since we have E5-2699 V4 CPU.
After reading these KB articles, https://kb.vmware.com/s/article/52345
https://www.virtuallyghetto.com/2018/01/automating-intel-sighting-remediation-using-powercli-ssh-not-required.html
I have couple of questions for experts who have applied the patches already.
1 Do we have to add the line cpuid.7.edx = "----:00--:----:----:----:
2. Do we have to power the after/before applying the OS patch?
I would appreciate your help.
We already applied BIOS and BIOS but have not applied OS patches yet since we have E5-2699 V4 CPU.
After reading these KB articles, https://kb.vmware.com/s/article/52345
https://www.virtuallyghetto.com/2018/01/automating-intel-sighting-remediation-using-powercli-ssh-not-required.html
I have couple of questions for experts who have applied the patches already.
1 Do we have to add the line cpuid.7.edx = "----:00--:----:----:----:
2. Do we have to power the after/before applying the OS patch?
I would appreciate your help.
ASKER
Have you applied ESXi600-201801402-BG ?
Yes
Are you hosts affected by the issue ?
This is where I am confused, if William script results that "IntelSighting" true the CPU line in config?
Yes
Are you hosts affected by the issue ?
This is where I am confused, if William script results that "IntelSighting" true the CPU line in config?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, Andrew, Excellent explanation. Last question about the VM. Is it necessary to power cycle?
Yes, but not hosts.
ASKER
I have added that line for masked CPU in /etc/vmware/config file
I ran William script again for verify-esximicrocodepatch -vmhost myhost , but the result is same as before.
Is it ok? or I did something wrong?
I ran William script again for verify-esximicrocodepatch -vmhost myhost , but the result is same as before.
Is it ok? or I did something wrong?
I know William's script is not perfect.
If you've patched, have a CPU which is affected, you have down all you can at this time.
Restart VMs, at your convenience.
and Patch VMs!
If you've patched, have a CPU which is affected, you have down all you can at this time.
Restart VMs, at your convenience.
and Patch VMs!
ASKER
Thanks, Andrew.
Are you hosts affected by the issue ? If so yes you need to make those changes.
e.g. your CPU have the incorrect microcode
Have you run the script that William Lam created ?