Provided by: spectre-meltdown-checker_0.37-1_all bug

NAME
       Spectre - manual page for Spectre and Meltdown mitigation detection tool v0.37


DESCRIPTION
       Spectre and Meltdown mitigation detection tool v0.37

              Usage:

       Live mode:
              spectre-meltdown-checker [options] [--live]

              Offline    mode:    spectre-meltdown-checker    [options]   [--kernel   <kernel_file>]   [--config
              <kernel_config>] [--map <kernel_map_file>]

              Modes:

              Two modes are available.

              First mode is the "live" mode (default), it does its best to find information about the  currently
              running  kernel.   To  run under this mode, just start the script without any option (you can also
              use --live explicitly)

              Second mode is the "offline" mode, where you can inspect a non-running  kernel.   You'll  need  to
              specify the location of the kernel file, config and System.map files:

       --kernel kernel_file
              specify a (possibly compressed) Linux or BSD kernel file

       --config kernel_config
              specify a kernel config file (Linux only)

       --map kernel_map_file
              specify a kernel System.map file (Linux only)

              Options:

       --no-color
              don't use color codes

       --verbose, -v
              increase verbosity level, possibly several times

       --no-explain
              don't produce a human-readable explanation of actions to take to mitigate a vulnerability

       --paranoid
              require IBPB to deem Variant 2 as mitigated

       --no-sysfs
              don't use the /sys interface even if present [Linux]

       --sysfs-only
              only use the /sys interface, don't run our own checks [Linux]

       --coreos
              special mode for CoreOS (use an ephemeral toolbox to inspect kernel) [Linux]

       --arch-prefix PREFIX
              specify   a   prefix   for   cross-inspecting   a   kernel   of  a  different  arch,  for  example
              "aarch64-linux-gnu-",   so   that   invoked   tools   will   be   prefixed   with    this    (i.e.
              aarch64-linux-gnu-objdump)

       --batch text
              produce machine readable output, this is the default if --batch is specified alone

       --batch json
              produce JSON output formatted for Puppet, Ansible, Chef...

       --batch nrpe
              produce machine readable output formatted for NRPE

       --batch prometheus
              produce output for consumption by prometheus-node-exporter

       --variant [1,2,3]
              specify  which  variant you'd like to check, by default all variants are checked, can be specified
              multiple times (e.g. --variant 2 --variant 3)

       --hw-only
              only check for CPU information, don't check for any variant

       --no-hw
              skip CPU information and checks, if you're inspecting a kernel not to be run on this host

              Return codes:

              0 (not vulnerable), 2 (vulnerable), 3 (unknown), 255 (error)

              IMPORTANT: A false sense  of  security  is  worse  than  no  security  at  all.   Please  use  the
              --disclaimer option to understand exactly what this script does.


SEE ALSO
       The  full  documentation for Spectre is maintained as a Texinfo manual.  If the info and Spectre programs
       are properly installed at your site, the command

              info Spectre

       should give you access to the complete manual.

Spectre and Meltdown mitigation detection tool ... April 2018                                         SPECTRE(1)