On Thursday, January 02, 2014 11:28:14 PM Sam Kuper wrote:
On the C7/C710 and Pavilion 14 as shipped, where are those microcode updates stored?
This [1] should help you extract a stock coreboot.rom that you can cbfstool with. The rest is left as an exercise to the reader. (Short answer: cpu_microcode_blob.bin in CBFS)
And how exactly is a CPU different if the microcode update is patched in the factory rather than uploaded at boot? It's the same microcode in the end.
First of all, if some microcode is in the CPU from the factory rather [yada, yada, yada]
I don't care for any Stallmanian lecturing on how microcode updates work. I've worked with them, I've written code to upload them, and I've seen firsthand how their absence bricks a system. With the risk of sounding arrogant, that gives me the credit to avoid your uninformed lecturing. You have the option in coreboot to not include them. Period.
What I gather from your description is that you want is the CPU that works best without microcode updates. Ask around, or test yourself. I don't think many people have tested without microcode updates.
Alex
[1] http://www.chromium.org/chromium-os/developer-information-for-chrome-os-devi...
On 20/12/2013, ron minnich rminnich@gmail.com wrote:
At this point it's harder and harder to escape the Blob. It eats you alive! http://www.youtube.com/watch?v=TdUsyXQ8Wrs
In a similar vein :)
https://web.archive.org/web/20130422085916/http://www.openbsd.org/lyrics.htm...
On 02/01/2014, mrnuke mr.nuke.me@gmail.com wrote:
On Thursday, January 02, 2014 11:28:14 PM Sam Kuper wrote:
On the C7/C710 and Pavilion 14 as shipped, where are those microcode updates stored?
This [1] should help you extract a stock coreboot.rom that you can cbfstool
with. The rest is left as an exercise to the reader. (Short answer: cpu_microcode_blob.bin in CBFS)
Thank you, but unfortunately, I don't own a Samsung Series 5 550 or a Series 3 Chromebox, nor any other CrOS device from which to extract a stock coreboot.rom.
And how exactly is a CPU different if the microcode update is patched in the factory rather than uploaded at boot?
First of all, if some microcode is in the CPU from the factory rather [yada, yada, yada]
I don't care for any Stallmanian lecturing on how microcode updates work. [...] With the risk of sounding arrogant, that gives me the credit to avoid your uninformed lecturing.
With respect, I wasn't trying to lecture anyone; I was giving a straight answer to your question.
I freely admit I'm not terribly well-informed on the subject. That's why I'm reading to learn as much as I can and asking questions here to fill in the gaps.
You have the option in coreboot to not include them. Period.
That was my understanding, but thanks for confirming it.
What I gather from your description is that you want is the CPU that works best without microcode updates.
I'm after a couple of things:
- Server: x86, not necessarily Intel, with Core Solo performance or better, that supports 16GB+ of RAM with double bit error correction (e.g. Chipkill). - Laptop/netbook: not necessarily x86, with Core Solo performance or better, that supports 2GB+ of RAM.
And the kicker is that I'd like both to be fully open! Since no such systems appear to exist, I'm trying in each case to pick the least worst option.[1] That *doesn't necessarily* mean running without microcode updates, so even though you may not agree with them, the reasons I gave for distinguishing between baked-in microcode and patched-in microcode were earnest ones. It does mean that I've read the "supported motherboards" page (for the server) and the X60 and Chromebook-related pages - plus several other pages - on the Coreboot wiki.
Ask around
That's what I'm doing :)
or test yourself.
I intend to, but first I'm trying to identify the best candidate(s), because my budget is small. If the C7/C710/HP14 didn't have CPU errata & corresponding microcode updates, then I'd be tempted to get one for testing. If not, then probably the X60 is a better option for me. Hence my questions here :)
I don't think many people have tested without microcode updates.
Some Trisquel folks are running without microcode updates.[2] I don't know if anyone except Intel and the sort of security folks mentioned in Kris Kaspersky's presentation[3] are *testing* anything in relation to that, though.
Anyhow, since I've managed inadvertently to generate a couple of slightly tetchy replies here since I started this thread (i.e. yours and the earlier one from Gregg Levine), maybe that's a hint that I'm asking too many questions or something, and that I should take my leave for now?
Thanks again for the help you've given,
Sam
[1] I don't have a fixed understanding of what I mean by "least worst option". Each time I learn something relevant, I try to update my understanding accordingly. [2] http://trisquel.info/en/forum/intel-processor-microcode-security-update-tris... [3] http://www.cs.dartmouth.edu/~sergey/cs258/2010/D2T1%20-%20Kris%20Kaspersky%2...
On Thu, Jan 02, 2014 at 06:43:02PM -0500, mrnuke wrote:
I don't think many people have tested without microcode updates.
So far I've had relatively good luck with that. Lately, specifically, these CPUs seem to work fine without microcode update:
AMD A8-5600K AMD A6-5400K
I tested those on the Asus F2A85-M/CSM board.
You can also omit the optional xhci blob (no usb3 support) as well as the VGA BIOS.
Thanks, Ward.