Tag Archives: microcode

debian linuxlite 3.8 (ubuntu 16.x) intel microcode

debian linuxlite 3.8 (ubuntu 16.x) intel microcode

after yoiu have installed this you should see

# journalctl | grep microcode

Feb 19 14:57:18 lili kernel: microcode: 
CPU0 sig=0x40651, pf=0x1, revision=0x1d

Feb 19 14:57:18 lili kernel: microcode: 
Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, 
Peter Oruba
Advertisements

microcode – everything you ever wanted to know

microcode – everything you ever wanted to know

you need forget everything you thought you knew about microcode was in the old Z80 days

run cat /proc/cpuinfo to see what cpu chip & microcode version you have

$ cat /proc/cpuinfo 
vendor_id : GenuineIntel
cpu family : 6
model : 69
model name : Intel(R) Core(TM) i5-4310U CPU @ 2.00GHz
microcode : 0x1d
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr 
pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall 
nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology 
tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq ssse3 fma cx16 
pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes 
xsave avx f16c rdrand hypervisor lahf_lm abm invpcid_single 
retpoline kaiser fsgsbase tsc_adjust bmi1 avx2 smep bmi2 
invpcid xsaveopt arat
bugs : cpu_meltdown spectre_v1 spectre_v2
bogomips : 5202.00

 

have a look at your logs to see if you have any microcode patches

dmesg | grep "microcode"

journalctl -b -k | grep "microcode"

 

you need to enable nonfree deb/rpm repos so you get access to microcode packages

deb http://deb.debian.org/debian jessie main contrib non-free
deb http://security.debian.org/ jessie/updates main contrib non-free

 

then install the microcode package

aptitude update
aptitude install amd64-microcode

 

check your kernels params and reboot

 

Notes

Unfortunately, the license of the microcode update data from AMD and Intel are not compatible with the Debian Free Software Guidelines.
Therefore, microcode update data will be available through the non-free distribution. The new processor microcode update system is available for both non-free Wheezy and non-free Squeeze (through the backports repository).

Meltdown (the vulnerability affecting only Intel chips) cannot be fixed with microcode updates alone and requires changes to core OS functionality, which may reduce performance further.

Spectre (the vulnerability affecting Intel, AMD and ARM chips) may be able to be worked around with microcode updates alone.

virtualisation and amd and intel speculative execution security bugs

virtualisation and amd and intel speculative execution security bugs

if you want to use amd and intel microcode updates that mitigate against “branch target injection” (aka meltdown and spectre) defects in their CPUs you may want to patch your host and enable hypervisor-assisted guest mitigation so virtual machine guests also function

https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html

  • Hypervisor-Specific Mitigation
  • Hypervisor-Assisted Guest Mitigation
  • Operating System-Specific Mitigations

See also