[coreboot] When does AMD release the fam15 spectre microcode updates?

Ivan Ivanov qmastery16 at gmail.com
Wed Apr 25 10:56:20 CEST 2018


If I understood all this correctly, the updated microcodes should be
forcing the CPU to do these MSR writes (or the low level action which
stands behind them) by default. So that, when you got this updated
microcode on your CPU, its already fixed and no further operations are
necessary!

At the moment both me and Mike have sent many letters to AMD (example
provided below, you could use its parts as well). Have not received
any good reply yet (only one reply, with a stupid link to spectre v2
description page and without any files attached) - but we are trying
hard and hope to eventually reach a smart person at AMD who could help
us...

By the way, these microcodes from platomav github page - are from
february/march, and I believe they do not contain a spectre v2 fix. So
we hope to either eventually get these microcodes from AMD, or to
somehow extract them from a super bloated Win10 update, or to try to
extract them from the updated BIOSes of other companies when they come
out

===
1) go to amd support page and open a ticket form
2) set company as "coreboot" or "coreboot BIOS"
Subject: Updated microcode for coreboot BIOS devs
We, the coreboot BIOS developers, have not received any microcode
updates from AMD (aimed towards patching the spectre v2
vulnerability). AMD sent these updated microcode binaries to many
motherboard and BIOS development companies, but forgot to send these
files to us at coreboot! Could you please provide a standalone
download of your updated microcode binaries, to make it possible for
us to include them to our coreboot BIOS running on AMD platforms ? We
will appreciate if you will share these updated microcode binaries
with us - maybe together with SHA-256 or SHA-512 hashes of these files
or GnuPG signatures to ensure the security of transaction Best
regards, Ivan Ivanov, coreboot BIOS firmware engineer

P.S. Although, ideally these new updated microcodes should be
committed tokernel/git/firmware/linux-firmware.git repository -->
directory called
"amd-ucode" .Currently it contains the following files:
microcode_amd.bin ,microcode_amd.bin.asc , microcode_amd_fam15h.bin
,microcode_amd_fam15h.bin.asc , microcode_amd_fam16h.bin
,microcode_amd_fam16h.bin.asc .They have been last updated at 2015/16
year, and we would like to see them updated again

2018-04-25 4:02 GMT+03:00 awokd via coreboot <coreboot at coreboot.org>:
> On Tue, April 24, 2018 11:31 pm, Nico Huber wrote:
>> On 25.04.2018 00:18, Taiidan at gmx.com wrote:
>
>>> I can't believe everyone else is so nonchalant about all this
>>> considering how important it is I still haven't figured out how to update
>>> the microcode on any of my computers - no guides I have found actually
>>> work and no distros have the new microcode for intel or amd despite it
>>> having been months.
>
> I'm not nonchalant, but I'm not entirely sure what to do with those patch
> files and was hoping to see a new amd microcode 15h bin with them
> incorporated.
>
>> I can't believe everybody is so nonchalant about Rowhammer but many
>> people make a big thing out of the comparatively tiny Spectre problem.
>>
>>>
>>> For the best security one should have both the new microcode and the
>>> lfence msr?
>>
>> Not for the best but for any security, you have to understand first that
>> both options only change something if your software is prepared to uti-
>> lize them. First update your software, then check what it needs / what the
>> developers expect (the new microcode I'd guess).
>
> If I remember the earlier discussion right on that lfence msr, the OS can
> also set it so although it would be nice if coreboot did as well, it's not
> required?
>
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot



More information about the coreboot mailing list