Announcement

Collapse
No announcement yet.

Intel Rolls Out Updated, Post-Spectre CPU Microcode (20180312)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel Rolls Out Updated, Post-Spectre CPU Microcode (20180312)

    Phoronix: Intel Rolls Out Updated, Post-Spectre CPU Microcode (20180312)

    Intel has published the Intel Processor Microcode Package for Linux 20180312 release with the latest improvements around the microcode-based approach for Spectre CPU vulnerability mitigation, succeeding their microcode updates from earlier in the year...

    http://www.phoronix.com/scan.php?pag...ocode-20180312

  • #2
    Lenovo rolled out a BIOS update last week for my T430. If you guys are using one of their sandy/ivy bridge computers, worth have a look to see if yours also got a updated BIOS.

    On mine, since I didn't have a Windows partition, I had to burn a CD to install the update, since using a flashdrive was a no go. Scary stuff that update, do not remove the dam CD until the process start over again, I'm not kidding.

    Comment


    • #3
      https://lkml.org/lkml/2018/1/21/192

      Was this patchset merged or rewritten?

      Comment


      • #4
        there are new versions of the microcode available but not any detailed change-log
        yeah no kidding huh. black box binary blobs are like a box of chocolates, you never know what you are going to get.

        Comment


        • #5
          I always update my thinkpads with an usb-drive. Here's how: https://workaround.org/article/updat...b-flash-stick/

          I did it today already on six different thinkpads, including x230, x250, t430, t440 and t440s and I worked well on all of them.
          Hope I wasn't to fast and they broke something again.

          It activated IBRS, IBPB or STIBP capabilities.
          Last edited by treba; 03-13-2018, 08:53 PM.

          Comment


          • #6
            Originally posted by quaz0r View Post
            yeah no kidding huh. black box binary blobs are like a box of chocolates, you never know what you are going to get.
            The way I see it, it's more like Schrödinger's cat paradox. The blob can do underhanded things or what it's supposed to and nothing else, but there's really no way for you to know, thus existing in a state of being both compromised and safe at the same time. Like how the cat is dead and alive at the same time.
            "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."

            Comment


            • #7
              I do not have intel CPUs (or at least none affected. all ancient (486 level) or an in-order Atom), but I'd rather not apply any firmware updates right now. Ucode via OS might be okay, since you can still revert this, but once it is in the firmware thing might become more difficult if the microcode is messed up, again.
              Stop TCPA, stupid software patents and corrupt politicians!

              Comment


              • #8
                Anyone know how Fedora picks these up?

                Comment


                • #9
                  On skylake desktop machines, arch/x86/kernel/cpu/intel.c needs to be patched after this to remove the following line:

                  { INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 },

                  from sku_microcode spectre_bad_microcodes[] array.

                  Comment


                  • #10
                    Originally posted by willmore View Post
                    Anyone know how Fedora picks these up?
                    You mean when? Fedora ships it with the microcode_ctl package which is installed by default. The next version will probably have it.

                    Comment

                    Working...
                    X