Page MenuHomeSolus
Create Task
Maniphest T3431

intel-microcode
Closed, ResolvedPublic
Actions

Description

intel-microcode

https://downloadcenter.intel.com/download/26400/Linux-Processor-Microcode-Data-File

According to Arch wiki: Users of CPUs belonging to the Intel Haswell and Broadwell processor families in particular must install these microcode updates to ensure system stability and security. But all Intel users should install the updates as a matter of course.

https://downloadcenter.intel.com/downloads/eula/26400/Linux-Processor-Microcode-Data-File?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F26400%2Feng%2Fmicrocode-20161104.tgz

I'm not sure about AMD microcodes, but Arch has them included in linux-firmware package and no other action is required according to their wiki.

I get "intel-microcode" package as an install recommendation on many distros from their Driver Manager (Arch has the package as intel-ucode AND it is in .img format, while from Intel website it is in .dat format, I don't know why, I guess it is in .img format after working with it with iucode tool) . After installing, it is automatically applied. Arch needs manual steps to enable it in their kernel.
Well, but I'm sure you know how to implement this (I don't). :D

The update can be then verified by:

$ dmesg | grep microcode

Oh, and I hope "Third Party Repository" is correct tag.

Event Timeline

lowang created this task.Apr 23 2017, 9:28 AM
lowang updated the task description. (Show Details)Apr 23 2017, 9:38 AM
kyrios123 added a subscriber: kyrios123.Apr 23 2017, 9:40 AM

Well... it's there already...

$ dmesg | grep microcode
[    1.163941] microcode: sig=0x906e9, pf=0x20, revision=0x48
[    1.164230] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
lowang added a comment.EditedApr 23 2017, 9:47 AM
In T3431#60478, @kyrios123 wrote:

Well... it's there already...

$ dmesg | grep microcode
[    1.163941] microcode: sig=0x906e9, pf=0x20, revision=0x48
[    1.164230] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba

Nope... This is your "default" microcode version from BIOS.
If you have the microcode installed on some other GNU/Linux distro, and there is some update for your processor (like on mine), it should say "updated early".
Like this:

[    0.000000] CPU0 microcode updated early to revision 0x1b, date = 2014-05-29
[    0.221951] CPU1 microcode updated early to revision 0x1b, date = 2014-05-29
[    0.242064] CPU2 microcode updated early to revision 0x1b, date = 2014-05-29
[    0.262349] CPU3 microcode updated early to revision 0x1b, date = 2014-05-29
[    0.507267] microcode: CPU0 sig=0x306a9, pf=0x2, revision=0x1b
[    0.507272] microcode: CPU1 sig=0x306a9, pf=0x2, revision=0x1b
[    0.507276] microcode: CPU2 sig=0x306a9, pf=0x2, revision=0x1b
[    0.507281] microcode: CPU3 sig=0x306a9, pf=0x2, revision=0x1b
[    0.507286] microcode: CPU4 sig=0x306a9, pf=0x2, revision=0x1b
[    0.507292] microcode: CPU5 sig=0x306a9, pf=0x2, revision=0x1b
[    0.507296] microcode: CPU6 sig=0x306a9, pf=0x2, revision=0x1b
[    0.507300] microcode: CPU7 sig=0x306a9, pf=0x2, revision=0x1b
[    0.507335] microcode: Microcode Update Driver: v2.00 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
lowang updated the task description. (Show Details)Apr 23 2017, 10:00 AM
DataDrake closed this task as Wontfix.Apr 23 2017, 3:20 PM
DataDrake claimed this task.
DataDrake added a subscriber: DataDrake.

Arch: https://www.archlinux.org/packages/core/any/linux-firmware/
Solus: https://git.solus-project.com/packages/linux-firmware/tree/package.yml

Literally the same package +/- a version release.

All microcode releases from AMD and Intel come from kernel.org in the linux-firmware repo.

ikey reopened this task as Open.Apr 23 2017, 8:52 PM
ikey added a subscriber: ikey.

Confusion in the naming here. linux-firmware != intel-microcode.
We do have AMD microcode early loading support built in in the latest updates, however I need to investigate the situation with
the Intel microcode one (i.e. distributable or not)

These have to be prebuilt into the initrd shipped into our linux-lts pkg which is why its not there yet.

For AMD:

drwxr-xr-x   3 root     root            0 Apr 19 23:54 .
-rw-r--r--   1 root     root            2 Apr 19 23:54 early_cpio
drwxr-xr-x   3 root     root            0 Apr 19 23:54 kernel
drwxr-xr-x   3 root     root            0 Apr 19 23:54 kernel/x86
drwxr-xr-x   2 root     root            0 Apr 19 23:54 kernel/x86/microcode
-rw-r--r--   1 root     root        25506 Apr 19 23:54 kernel/x86/microcode/AuthenticAMD.bin

The licensing conditions for the Intel microcode (not the ones in linux-firmware) seem different, hence
not being included right now.

ikey added a comment.Apr 23 2017, 8:54 PM

Also note that microcode updates aren't necessary if you apply a firmware update to your machine, as recommended by
vendors. Also note that with sufficiently new glibc versions the lock elision bugs won't hit you. For the mean time it's better
to update the firmware/BIOS itself.

marcoraz added a subscriber: marcoraz.Apr 28 2017, 6:40 PM
DataDrake reassigned this task from DataDrake to ikey.May 3 2017, 1:51 AM
siru added a subscriber: siru.Jun 12 2017, 9:56 AM
TheMarketAnarchist awarded a token.Aug 24 2017, 4:05 AM
TheMarketAnarchist added a subscriber: TheMarketAnarchist.
traella added a subscriber: traella.Sep 5 2017, 7:45 PM

Is there a timeframe for including the microcode?

Unknown Object (User) added a subscriber: Unknown Object (User).Sep 13 2017, 12:00 AM
joebonrichie edited projects, added Package Requests, Platform Integration; removed Third Party Software.EditedOct 2 2017, 10:56 PM
joebonrichie added a subscriber: joebonrichie.

I will take a look at this, i'm hoping this can be made available in the repos and enabled by default for next iso.

https://downloadcenter.intel.com/download/26925/Linux-Processor-Microcode-Data-File
If you attempt to download the microcode you can have a look at the licence which seems to suggest this distributable.

edit: Some documentation: we can choose between early loading (requires more plumbing) and late loading methods (easiest)
https://www.kernel.org/doc/Documentation/x86/microcode.txt

edit: Okay, I didn't realise dracut already had support for this, so adding this is super easy.

baimafeima added a subscriber: baimafeima.Oct 3 2017, 9:00 AM
joebonrichie closed this task as Resolved.Oct 4 2017, 2:17 PM

Resolved by
https://dev.solus-project.com/R3571:5a07492aa6ce6139f7beded89ded8093c9e7181a
https://dev.solus-project.com/R1966:f24dbb792e0ff205a74237f585fe92c8efbdf7ae
https://dev.solus-project.com/R3764:8ec004c2185fb064094a08fab0c3f4db499cd515

ikey added a comment.Oct 4 2017, 3:33 PM

Props to @joebonrichie for enabling this

Justin awarded a token.Oct 15 2017, 9:08 AM
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.