How to update intel-microcode

Post here if you are a new Porteus member and you're looking for some help.
User avatar
Blaze
DEV Team
DEV Team
Posts: 3869
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

How to update intel-microcode

Post#1 by Blaze » 02 Aug 2018, 09:26

Anybody knows how to update intel-microcode in Porteus?

For example, at this moment version of microcode: 20180703 is latest
https://downloadcenter.intel.com/search ... =microcode
How I can update microcode to this version?

I use SlackBuild (SBo),
https://slackbuilds.org/repository/14.2 ... microcode/
which depends on,
https://slackbuilds.org/repository/14.2 ... code_tool/

However, with the new intel microcode release, microcode-20180703.tgz
the intel-microcode SBo does not work anymore. The new microcode no longer includes microcode.dat, which the SBo seems to depend on.

Update. Thanks for post https://www.linuxquestions.org/question ... ost5851373

intel-microcode.SlackBuild (fixed)
iucode_tool-2.3.1-x86_64-1_slonly.xzm
intel-microcode-20180703-noarch-1_SBo.xzm
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

raja
Shogun
Shogun
Posts: 434
Joined: 02 May 2017, 09:51
Distribution: v3.2.2-32 and Porteus-Artix-64
Location: Chennai,India

How to update intel-microcode

Post#2 by raja » 02 Aug 2018, 18:02

https://www.archlinux.org/packages/extr ... tel-ucode/

Get the intel- ucode image from above link.

include that in your boot parameter for initrd..

initrd /xxx/intel-ucode.img /xxx/initrd.xz

or

get the data file from,

https://downloadcenter.intel.com/downlo ... roduct=873

convert that to a cpio archive for booting and add to boot parameter, like previous example.

dmesg will show,

Code: Select all

[    0.000000] microcode: microcode updated early to revision ..... 
Linux Kernel-4.4.272 -32 bit; Linux Kernel-5.4.185 - 64 bit

User avatar
Blaze
DEV Team
DEV Team
Posts: 3869
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

How to update intel-microcode

Post#3 by Blaze » 02 Aug 2018, 18:27

raja, I builded intel-microcode-20180703-noarch-1_SBo.xzm (see above)
I copied /intel-microcode-20180703-noarch-1_SBo/boot/intel-ucode.cpio to /mnt/sdb1/boot/syslinux/ (this partition with Porteus)
In my grub.cfg (GRUB2)

Code: Select all

initrd  /boot/syslinux/intel-ucode.cpio /boot/syslinux/initrd.xz
but when I boot up PC I see some errors with microcode, and in terminal I don't see that microcode loaded successfully

Code: Select all

root@blaze:~# echo 1 > /sys/devices/system/cpu/microcode/reload
root@blaze:~# grep microcode /proc/cpuinfo
microcode	: 0xc2
microcode	: 0xc2
microcode	: 0xc2
microcode	: 0xc2
root@blaze:~#
and

Code: Select all

root@blaze:~# dmesg | grep -i microcode
[    0.000000] microcode: microcode updated early to revision 0xc2, date = 2017-11-16
[    0.276797] microcode: sig=0x506e3, pf=0x2, revision=0xc2
[    0.276818] microcode: Microcode Update Driver: v2.2.
[    3.253030] [drm] Loading bonaire Microcode
root@blaze:~#
I see that microcode does not update to a new version.

BTW, this issue is appear when I update kernel (build by neko) from this topic ArchLinux packages manager for Porteus
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

raja
Shogun
Shogun
Posts: 434
Joined: 02 May 2017, 09:51
Distribution: v3.2.2-32 and Porteus-Artix-64
Location: Chennai,India

How to update intel-microcode

Post#4 by raja » 02 Aug 2018, 19:30

Blaze, looks like only Microcode revision 0xc2 dated 2017-11-16 , matches your Intel processor. Later revisions may be for current Processors.

If Microcode without the cpio parameter in the menu is different from 0xc2, Linux has indeed updated your firmware.
cheers, nothing for you in the Intel's July update.
Linux Kernel-4.4.272 -32 bit; Linux Kernel-5.4.185 - 64 bit

raja
Shogun
Shogun
Posts: 434
Joined: 02 May 2017, 09:51
Distribution: v3.2.2-32 and Porteus-Artix-64
Location: Chennai,India

How to update intel-microcode

Post#5 by raja » 02 Aug 2018, 19:35

Code: Select all

guest@porteus:~/Downloads$ /usr/sbin/iucode_tool -v --write-earlyfw=intel-ucode.cpio intel-ucode
/usr/sbin/iucode_tool: processed 165 valid microcode(s), 165 signature(s), 165 unique signature(s)
/usr/sbin/iucode_tool: selected 165 microcode(s), 165 signature(s)
/usr/sbin/iucode_tool: Writing selected microcodes to: intel-ucode.cpio
/usr/sbin/iucode_tool: intel-ucode.cpio: 165 microcode entries written, 1647616 bytes
Pl note intel-ucode.cpio file size. I use the image file form arch.
Linux Kernel-4.4.272 -32 bit; Linux Kernel-5.4.185 - 64 bit

User avatar
Blaze
DEV Team
DEV Team
Posts: 3869
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

How to update intel-microcode

Post#6 by Blaze » 04 Aug 2018, 11:05

I run this script https://github.com/speed47/spectre-meltdown-checker

Code: Select all

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability:  NO 
> STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this vulnerability)
> How to fix: The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed.

Code: Select all

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface:  NO  (Vulnerable)
* Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
> STATUS:  VULNERABLE  (Your CPU doesn't support SSBD)
> How to fix: Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section).
I have errors with neko kernel 4.16.18

Code: Select all

ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored
ACPI BIOS Error (bug): Failure looking up [\_SB.PCI0.SAT0.SPT1._GTF.DSSP], AE_NOT_FOUND (20180105/psargs-364)
ACPI Error: Method parse/execution failed \_SB.PCI0.SAT0.SPT1._GTF, AE_NOT_FOUND (20180105/psparse-550)
Image
On my MSI Z170A GAMING PRO CARBON I have this BIOS version - 7A12v1A (Release Date 2018-07-13)
Image
Any suggestions are welcome.

Update. With kernel 4.16.8 by brokenman I have the same errors :hmmm:

I found this solution here https://www.linuxquestions.org/question ... ost5707423
I have 2 different Asus(Intel) motherboards that do the same thing with newer kernels. It's nothing to worry about and there is nothing you can
do about it at this point.

Just to give you some background, as you probably know, ACPI is the power regulation code in your motherboard's BIOS/UEFI:

https://en.wikipedia.org/wiki/Advanc...ower_Interface

It's suppose to be a standard that any operating system can properly
implement. However, in typical Microsoft fashion, MS operating systems
do not follow or properly implement the ACPI standard. Instead, MS gives
motherboard manufacturers their own improperly implemented ACPI code
for inclusion in the motherboard BIOS/UEFI. The code runs fine with MS
windows but all for other operating systems like linux there can be
problems. Because of MS's market dominance, the faulty ACPI
implementation from MS has become the de facto industry standard. As a
result, linux and other non-MS operating systems have to reverse
engineer the faulty ACPI implementation from MS. That's why you can see
problems in linux with ACPI related functionality like suspend to ram,
hibernate, etc.

Apparently, the ACPI related code in certain newer linux kernels has a
problem with the typical BIOS/UEFI ACPI implementation on certain
motherboards which is why we're getting those error messages. Even
though I get those error messages at the beginning of the boot process,
I've had no problems with suspend/resume or any other ACPI related
issues. Here's another guy with the same problem so you are not alone:

https://www.reddit.com/r/linux/comme..._installation/

The advice there was to not run in BIOS legacy mode by disabling UEFI
but to run in UEFI mode instead with secure boot disabled. I haven't
bothered with it myself since I have several operating systems already
installed with BIOS legacy mode and I would have to reinstall everything
if I wanted to switch to UEFI mode.
BTW, I use MBR and BIOS legacy mode.

Update. I have done a small test. I switched on UEFI mode in BIOS.
I took USB-Flash drive with one single FAT32 partition and run the Porteus-installer-for-Linux.com
And booted from this USB Flash drive (in UEFI mode) and it's not resolve this issue. I have the same errors.

I am stuck :wall:

Отправлено спустя 16 часов 3 минуты 56 секунд:
After updating BIOS to 7A12v1A I have this output:

In GRUB2

Code: Select all

root@porteus:~# grep microcode /proc/cpuinfo
microcode	: 0xc6
microcode	: 0xc6
microcode	: 0xc6
microcode	: 0xc6
root@porteus:~# dmesg | grep -i microcode
[    0.280199] microcode: sig=0x506e3, pf=0x2, revision=0xc6
[    0.280218] microcode: Microcode Update Driver: v2.2.
[    3.365087] [drm] Loading bonaire Microcode
root@porteus:~# cat /proc/cmdline
quiet BOOT_IMAGE=/boot/syslinux/vmlinuz changes=/porteus kmap=us,ru
root@porteus:~#
Kernel is Linux 4.16.8-porteus

Code: Select all

./spectre-meltdown-checker.sh
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Kernel supports speculation store bypass:  NO 
> STATUS:  VULNERABLE  (your kernel needs to be updated)
CVE-2018-3639 speculative store bypass (Variant 4)

Impact: software using JIT (no known exploitation against kernel)
Mitigation: microcode update + kernel update making possible for affected software to protect itself
Performance impact of the mitigation: low to medium
Now only this vulnerability is open.

Update. I tried kernel 4.18-rc3 by neko from Porteus-XFCE-v4.0-x86_64-18.07.02.iso viewtopic.php?p=65413#p65413
and now

Code: Select all

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
> STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
but in dmesg (dmesg | grep -i ACPI) with kernel 4.18-rc3 I have this:

Code: Select all

               3ACPI BIOS Error (bug): Could not resolve [\_SB.PCI0.SAT0.PRT1._GTF.DSSP], AE_NOT_FOUND (20180531/psargs-330)
[    0.534500] ACPI Error: Method parse/execution failed \_SB.PCI0.SAT0.PRT1._GTF, AE_NOT_FOUND (20180531/psparse-516)
               3ACPI BIOS Error (bug): Could not resolve [\_SB.PCI0.SAT0.PRT0._GTF.DSSP], AE_NOT_FOUND (20180531/psargs-330)
[    0.535086] ACPI Error: Method parse/execution failed \_SB.PCI0.SAT0.PRT0._GTF, AE_NOT_FOUND (20180531/psparse-516)
               3ACPI BIOS Error (bug): Could not resolve [\_SB.PCI0.SAT0.PRT2._GTF.DSSP], AE_NOT_FOUND (20180531/psargs-330)
[    0.535564] ACPI Error: Method parse/execution failed \_SB.PCI0.SAT0.PRT2._GTF, AE_NOT_FOUND (20180531/psparse-516)
               3ACPI BIOS Error (bug): Could not resolve [\_SB.PCI0.SAT0.PRT0._GTF.DSSP], AE_NOT_FOUND (20180531/psargs-330)
[    0.536584] ACPI Error: Method parse/execution failed \_SB.PCI0.SAT0.PRT0._GTF, AE_NOT_FOUND (20180531/psparse-516)
               3ACPI BIOS Error (bug): Could not resolve [\_SB.PCI0.SAT0.PRT2._GTF.DSSP], AE_NOT_FOUND (20180531/psargs-330)
[    0.537228] ACPI Error: Method parse/execution failed \_SB.PCI0.SAT0.PRT2._GTF, AE_NOT_FOUND (20180531/psparse-516)
               3ACPI BIOS Error (bug): Could not resolve [\_SB.PCI0.SAT0.PRT1._GTF.DSSP], AE_NOT_FOUND (20180531/psargs-330)
[    0.542265] ACPI Error: Method parse/execution failed \_SB.PCI0.SAT0.PRT1._GTF, AE_NOT_FOUND (20180531/psparse-516)
               3ACPI BIOS Error (bug): Could not resolve [\_SB.PCI0.SAT0.PRT3._GTF.DSSP], AE_NOT_FOUND (20180531/psargs-330)
[    0.545523] ACPI Error: Method parse/execution failed \_SB.PCI0.SAT0.PRT3._GTF, AE_NOT_FOUND (20180531/psparse-516)
               3ACPI BIOS Error (bug): Could not resolve [\_SB.PCI0.SAT0.PRT3._GTF.DSSP], AE_NOT_FOUND (20180531/psargs-330)
[    0.547206] ACPI Error: Method parse/execution failed \_SB.PCI0.SAT0.PRT3._GTF, AE_NOT_FOUND (20180531/psparse-516)
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

raja
Shogun
Shogun
Posts: 434
Joined: 02 May 2017, 09:51
Distribution: v3.2.2-32 and Porteus-Artix-64
Location: Chennai,India

How to update intel-microcode

Post#7 by raja » 05 Aug 2018, 10:11

Intel Data sheet says that for Skylake S with cpuid:506E3 (yours - 6th generation), current Production release OEM firmware is 0xC6.

I presume , after BIOS flashing , there will be no need for including intel-ucode.cpio in boot menu,but needs current Kernel with all Intel suggested patches. Can you confirm?

If so, then ,there is a limitation to software mitigation.

I read in the net,
Because existing browser patches for Spectre Variant 1 help protect against Variant 4, Intel plans to ship the fixes for Spectre Variant 3a and 4 ‘turned-off’ by default because the risk is deemed to be low. Intel and AMD are recommending leaving the mitigations for these vulnerabilities disabled.
Linux Kernel-4.4.272 -32 bit; Linux Kernel-5.4.185 - 64 bit

User avatar
Blaze
DEV Team
DEV Team
Posts: 3869
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

How to update intel-microcode

Post#8 by Blaze » 05 Aug 2018, 11:47

raja wrote:
05 Aug 2018, 10:11
I presume , after BIOS flashing , there will be no need for including intel-ucode.cpio in boot menu,but needs current Kernel with all Intel suggested patches. Can you confirm?
In AF mode, without intel-ucode.cpio

Code: Select all

root@porteus:~# grep microcode /proc/cpuinfo
microcode	: 0xc6
microcode	: 0xc6
microcode	: 0xc6
microcode	: 0xc6
root@porteus:~# dmesg | grep -i microcode
[    0.280175] microcode: sig=0x506e3, pf=0x2, revision=0xc6
[    0.280198] microcode: Microcode Update Driver: v2.2.
[    2.654927] [drm] Loading bonaire Microcode
root@porteus:~# cat /proc/cmdline
quiet nomagic base_only norootcopy kmap=us,ru initrd=/boot/syslinux/initrd.xz BOOT_IMAGE=/boot/syslinux/vmlinuz 
root@porteus:~#
Seems microcode is loaded without intel-ucode.cpio :)
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

How to update intel-microcode

Post#9 by brokenman » 05 Aug 2018, 18:21

If you've updated your BIOS chances are you won't need the microcode. Only way to know is to update and run the sniffer script.

You can always get latest microcode from here:
https://slackbuilds.org/repository/14.2 ... microcode/

Just compile it and copy out the resulting .cpio file from the the slackware package.
Be sure to download all files again when updating from slackbuilds. Sometimes the slackbuild script has changes.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
Blaze
DEV Team
DEV Team
Posts: 3869
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

How to update intel-microcode

Post#10 by Blaze » 05 Aug 2018, 19:40

When I tried https://slackbuilds.org/repository/14.2 ... microcode/ 2018-08-02 he needed in microcode.dat and I am was not able to build via SB.
Apparently there was a recent correction intel-microcode.SlackBuild
Just compile it and copy out the resulting .cpio file from the the slackware package.
Yep, but how about update intel-microcode package in 001-core :%)
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

raja
Shogun
Shogun
Posts: 434
Joined: 02 May 2017, 09:51
Distribution: v3.2.2-32 and Porteus-Artix-64
Location: Chennai,India

How to update intel-microcode

Post#11 by raja » 05 Aug 2018, 19:44

Yes, Blaze,Brokenman,

Revision 0xC6 is the latest OEM firmware, for your processor. Now, your Hardware is permanently written with this firmware, provided by Intel to the Motherboard manufacturer.

Intel software update for microcode 3/7/2018 ,release does not include this.

I verified for mine. I should have rev 0x8E, but updates to only 0x84.

Change log lists, Intel has provided latest only for certain Server processors.

Blaze, no more worries for you. No need for intel-ucode updates.
Linux Kernel-4.4.272 -32 bit; Linux Kernel-5.4.185 - 64 bit

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

How to update intel-microcode

Post#12 by brokenman » 07 Aug 2018, 16:35

Thanks for clarifying, raja.
How do i become super user?
Wear your underpants on the outside and put on a cape.

Post Reply