On 04/17/2018 03:30 AM, Rudolf Marek wrote:
Hi,
I found new microcode here [1], I used cpu00610F01_ver0600111F_2018-03-05_AC55EB96.bin as a microcode for my Trinity family15h CPU. I hacked together a new microcode header which contains the equivalence table etc to be able to load this microcode into the CPU from Linux.
dd if=/lib/firmware/amd-ucode/microcode_amd_fam15h.bin bs=1 count=84 of=header.bin cat header.bin cpu00610F01_ver0600111F_2018-03-05_AC55EB96.bin > microcode_amd_fam15h.bin
copy the file to same location and trigger update:
echo 1 > /sys/devices/system/cpu/microcode/reload
[ 6032.948243] microcode: CPU0: new patch_level=0x0600111f [ 6032.964913] microcode: CPU2: new patch_level=0x0600111f
Please note that the header.bin does contain a size of the microcode blob, but it happens to be the same, so it works. Normally the container may contain more microcode blobs. But in my case I use just "right" one for my CPU.
The new microcode seems to be adding the IBPB feature.
Thanks Rudolf
This didn't work on my piledriver CPU's :[
When I try to "reload" nothing happens not even an error in dmesg....the reload command has never worked for me no matter what system I use intel or amd.
Thanks for helping. I can't believe everyone else is so nonchalant about all this considering how important it is I still haven't figured out how to update the microcode on any of my computers - no guides I have found actually work and no distros have the new microcode for intel or amd despite it having been months.
For the best security one should have both the new microcode and the lfence msr?