AMD has at long last coughed up the stuff to the linux-firmware people
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/...
The fam15h microcode update adds IBPB
* Indirect Branch Prediction Barrier (IBPB) * PRED_CMD MSR is available: YES * CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
The question is what about the other stuff? IBRS, STIBP? This is confusing due to zero documentation on these updates from amd...Why don't they have those in this update? Would it be possible to easily add the support flags without microcode for those who use libreboot?
Would it still be a good idea to add the lfence msr as rmarek mentioned?
As this is all above my pay-grade I would very much appreciate one of the experts to chime in.
My lord yet another one. https://www.phoronix.com/scan.php?page=news_item&px=Spectre-V3-V4-Vulner... https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... Now we also seem to need something called SSBD (Speculative Store Bypass Disable) of which I can't find much information on, does anyone know if fam15h will receive it? and if the microcode update 0x06000852 I have posted is the latest one currently in the wild? It only has one of mitigations whilst AMD's "Architecture_Guidelines_Update_Indirect_Branch_Control.pdf" seems to indicate that there are microcode with all three (and now 4) mitigations.
Where can one obtain the microcode with all 4 for fam15h?
Hi all,
Dne 22.5.2018 v 07:03 Taiidan@gmx.com napsal(a):
AMD has at long last coughed up the stuff to the linux-firmware people
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/...
The fam15h microcode update adds IBPB
* Indirect Branch Prediction Barrier (IBPB) * PRED_CMD MSR is available: YES * CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
For some reason this firmware update deletes microcode for Trinity CPUs, I tried to contact the person who commit this without any luck. As I have previously written the github page has even newer microcode.
The question is what about the other stuff? IBRS, STIBP? This is confusing due to zero documentation on these updates from amd...Why
Not true, check: https://developer.amd.com/resources/speculative-execution/
You only need IBPB + retpoline in kernel + RSB clear on CPL switch.
don't they have those in this update? Would it be possible to easily add the support flags without microcode for those who use libreboot?
So libreboot guys don't want any fixes for a CPU?
Would it still be a good idea to add the lfence msr as rmarek mentioned?
You could, but OS will do that for you (at least Linux). Moreover the Variant 4, can be mitigated on fam15h by switch off some chicken bits in the CFG_LS see above.
I think I have seen some commit in Linux to do that.
Thanks Rudolf
On Wed, May 23, 2018 at 12:54 PM Rudolf Marek r.marek@assembler.cz wrote:
Hi all,
Dne 22.5.2018 v 07:03 Taiidan@gmx.com napsal(a):
don't they have those in this update? Would it be possible to easily add the support flags without microcode for those who use libreboot?
So libreboot guys don't want any fixes for a CPU?
I've been wondering about this. IIRC the original motivation for the libreboot fork was microcode. Is microcode still out of bounds for libreboot?
Hi again,
Dne 23.5.2018 v 21:52 Rudolf Marek napsal(a):
For some reason this firmware update deletes microcode for Trinity CPUs, I tried to contact the person who commit this without any luck. As I have previously written the github page has even newer microcode.
This was fixed, however the old (same) microcode was provided again.
Thanks Rudolf
Hi Rudolf,
Please could you try contacting this AMD person again, regarding the problems with this recent microcode update? Because it looks like he noticed your messages since he at least tried to fix, but haven't noticed mine for some reason (regarding the lack of updated 16h microcode; why only 15h and 17h are being updated while 16h is forgotten - I could not understand, and this is relevant since there are some coreboot-supporting 16h boards)
Best regards, Mike Banon
On Sat, May 26, 2018 at 7:13 PM, Rudolf Marek r.marek@assembler.cz wrote:
Hi again,
Dne 23.5.2018 v 21:52 Rudolf Marek napsal(a):
For some reason this firmware update deletes microcode for Trinity CPUs, I tried to contact the person who commit this without any luck. As I have previously written the github page has even newer microcode.
This was fixed, however the old (same) microcode was provided again.
Thanks Rudolf
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
On 22/05/2018 07:03, Taiidan@gmx.com wrote:
AMD has at long last coughed up the stuff to the linux-firmware people
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/...
The fam15h microcode update adds IBPB
* Indirect Branch Prediction Barrier (IBPB) * PRED_CMD MSR is available: YES * CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
The question is what about the other stuff? IBRS, STIBP? This is confusing due to zero documentation on these updates from amd...Why don't they have those in this update? Would it be possible to easily add the support flags without microcode for those who use libreboot?
What you mean with "add the support flags without microcode"?
A CPU either supports some instructions (like IBPB) because it actually does (i.e. the microcode tells it how to do that), or it does not.
I don't know if you can fake enable these support flags, but I don't think it is a good idea at all, at best it would just be a lie, at worst it could cause issues (crashing?) if the kernel calls an instruction that isn't available (I don't know how that is handled).
-Alberto
-
Alberto Bursi -
Mike Banon -
ron minnich -
Rudolf Marek -
Taiidan@gmx.com