[coreboot] When does AMD release the fam15 spectre microcode updates?
Nico Huber
nico.h at gmx.de
Wed Apr 25 01:31:58 CEST 2018
On 25.04.2018 00:18, Taiidan at gmx.com wrote:
> On 04/17/2018 03:30 AM, Rudolf Marek wrote:
>
>> Hi,
>>
>> I found new microcode here [1], I used cpu00610F01_ver0600111F_2018-03-05_AC55EB96.bin as a microcode for my Trinity family15h CPU.
>> I hacked together a new microcode header which contains the equivalence table etc to be able to load this microcode into the CPU from Linux.
>>
>> dd if=/lib/firmware/amd-ucode/microcode_amd_fam15h.bin bs=1 count=84 of=header.bin
>> cat header.bin cpu00610F01_ver0600111F_2018-03-05_AC55EB96.bin > microcode_amd_fam15h.bin
>>
>> copy the file to same location and trigger update:
>>
>> echo 1 > /sys/devices/system/cpu/microcode/reload
>>
>> [ 6032.948243] microcode: CPU0: new patch_level=0x0600111f
>> [ 6032.964913] microcode: CPU2: new patch_level=0x0600111f
>>
>> Please note that the header.bin does contain a size of the microcode blob, but it happens to be the same, so it works. Normally the container
>> may contain more microcode blobs. But in my case I use just "right" one for my CPU.
>>
>> The new microcode seems to be adding the IBPB feature.
>>
>> Thanks
>> Rudolf
>>
>>
>> [1] https://github.com/platomav/CPUMicrocodes
> This didn't work on my piledriver CPU's :[
>
> When I try to "reload" nothing happens not even an error in dmesg....the
> reload command has never worked for me no matter what system I use intel
> or amd.
>
> Thanks for helping.
> I can't believe everyone else is so nonchalant about all this
> considering how important it is I still haven't figured out how to
> update the microcode on any of my computers - no guides I have found
> actually work and no distros have the new microcode for intel or amd
> despite it having been months.
I can't believe everybody is so nonchalant about Rowhammer but many
people make a big thing out of the comparatively tiny Spectre problem.
>
> For the best security one should have both the new microcode and the
> lfence msr?
Not for the best but for any security, you have to understand first that
both options only change something if your software is prepared to uti-
lize them. First update your software, then check what it needs / what
the developers expect (the new microcode I'd guess).
Nico
More information about the coreboot
mailing list