Doesn't the motherboard firmware feed the CPU with a microcode at boot? Otherwise we'd have less than 30 seconds to set up the BIOS....

hmm. You could be right. That would make sense.

Perhaps Linux only replaces the microcode that the motherboard feeds the CPU if it has a newer version of the microcode.

That's exactly what Linux does.

there are lots of different parts running firmware in a modern Intel CPU.

the one that is required to avoid spurious locks and reboots is IntelME, the part that normally is used for lights-out management but that Intel has been mission-creep into other tasks (helping with the bring-up, handling some DRM etc.), it doesn't even run on the main x86 core,but on a dedicated core that is running even if the CPUis shut down.

Given its position (ouside the reachof the CPU, in charge of management), it's critical: the slightest bug and you're at risk of getting your computer hacked while off.

Laptop/Desktop ma manufacturer like Dell have been making custom"de-fanged" firmware that just do the barely strict minimum to bring up the hardware without spurious reboots, and completely remove any networking component so that if you don't need lights-out management, your computer ins't at remote risk.

The microcode is a different piece: Remember the over-simplified metaphore that modern Intel and AMD are a CISC instruction set running over a collection of RISC units ? In an over-simplified manner, the microcode is the thing in between, the "program" that tells which micro-ops to execute for a given complex x86 instruction.
The CPU has already one built-in, just in order to be able run machine code.But since the infamous pentium bug, it's field updateable in order to be able to "patch around" CPU design flaws. The BIOS can overload a newer one, and later the OS can also load anewer one, but it's optional (and does't survive reboot).

The Linux kernel can load one into the CPU from the ucode-* packages, if available. if not, you're left with whatever bugs came in your CPU from the factory.

interesting to see how some KVM virtualized work loads i.e. Nginx performed better than bare metal dedicated

All this "anti-microcode-update" movement is getting out of hand.

You're the anti-vaxxers of the computing world, lol.

someone just said that microcode updates were hard to avoid, and they arent, im not telling people to do this, just how to do it if they want, thats why i put the quotes on fix

I just don't want to lose performance yet because I am working on projects that require enough performance to deliver their results in time, and yes, they do a lot of data transfer.

This 30 second rule sounds like bs.

Remember when people didn't use encryption on their wireless networks because it was slower? Same story all over again.