[coreboot] Microcode Updates PSA (New users please read)

Taiidan at gmx.com Taiidan at gmx.com
Fri Aug 31 00:34:10 CEST 2018

I am making this due to seeing many mis-informed users that are engaging
in dangerous practices.

Microcode updates should ALWAYS be installed unless you are an expert
user and have repeatedly verified that your CPU doesn't require them and
you are prepared for the risks which include for instance on the
piledriver CPU's (opteron 63xx/43xx and the G505S's laptop cpus) a
userland to root exploit, a broken IOMMU and a timer issue that means
games and certain applications don't work properly.

Unfortunately x86 is stuck with non owner controlled undocumented
proprietary microcode updates and in the case of intel they are
encrypted for some reason - AFAIK only POWER has owner controlled microcode.

Despite this it is still a good idea to install them - I do on my
coreboot computers and thus I don't ruin my security for no good reason.

For microcode embedding in coreboot to work you must check both the
"generate microcode update from tree" option and the "use non-free blob
repo" option - doing the first but not the second will result in a
silent fail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xDF372A17.asc
Type: application/pgp-keys
Size: 5247 bytes
Desc: not available
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180830/61e42f19/attachment.skr>

More information about the coreboot mailing list