Intel has finally relased their full fixed firmware rollout for Spectre/Meltdown... SRPMS: microcode-0.20180312-1.mga6.nonfree.src.rpm noarch: microcode-0.20180312-1.mga6.nonfree.noarch.rpm
Installed. Rebooted from complete power down. Date looks odd Thomas, is this correct? $ rpm -q microcode microcode-0.20180312-1.mga6.nonfree $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x80, date = 2018-01-04 [ 0.000000] Intel Spectre v2 broken microcode detected; disabling Speculation Control [ 0.786864] microcode: sig=0x806e9, pf=0x80, revision=0x80 [ 0.786989] microcode: Microcode Update Driver: v2.2.
ok, seems Intel did not fix all microcodes yet :/ And kernel detects the broken microcode and refuses to enable Spectre v2 mitigations on that cpu ... What cpu is it ?
$ cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 142 model name : Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz stepping : 9 microcode : 0x80 cpu MHz : 3100.151 cache size : 3072 KB physical id : 0 siblings : 4 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 22 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp bugs : cpu_meltdown spectre_v1 spectre_v2 bogomips : 5424.00 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management:
ah, wait... you need to recreate the initrd for early firmware loading Just do a dracut -f and reboot
Blocks: (none) => 22731
Is 2018-01-21 correct for this microcode? $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x84, date = 2018-01-21 [ 0.783326] microcode: sig=0x806e9, pf=0x80, revision=0x84 [ 0.783454] microcode: Microcode Update Driver: v2.2.
(In reply to claire robinson from comment #5) > Is 2018-01-21 correct for this microcode? > > $ dmesg | grep microcode > [ 0.000000] microcode: microcode updated early to revision 0x84, date = > 2018-01-21 > [ 0.783326] microcode: sig=0x806e9, pf=0x80, revision=0x84 > [ 0.783454] microcode: Microcode Update Driver: v2.2. Yep. They have gone through a _long_ validation to not repeat the first microcode mess...
And here is the changelog for the firmwares https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File?product=873 It references the fixed "revisions", not the dates of them
on mga6-64 4.14.25-desktop before updating: $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0xc2, date = 2017-11-16 [ 0.000000] Intel Spectre v2 broken microcode detected; disabling Speculation Control [ 0.511261] microcode: sig=0x506e3, pf=0x2, revision=0xc2 [ 0.511590] microcode: Microcode Update Driver: v2.2. after installing microcode-0.20180312-1.mga6.nonfree.noarch executing dracut -f and re-booting: $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0xc2, date = 2017-11-16 [ 0.000000] Intel Spectre v2 broken microcode detected; disabling Speculation Control [ 0.511278] microcode: sig=0x506e3, pf=0x2, revision=0xc2 [ 0.511603] microcode: Microcode Update Driver: v2.2. $ rpm -q microcode microcode-0.20180312-1.mga6.nonfree ls -ll /boot -rw------- 1 root root 9813122 Mar 14 19:08 initrd-4.14.25-desktop-1.mga6.img $ cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 94 model name : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz stepping : 3 microcode : 0xc2 cpu MHz : 3959.747 cache size : 8192 KB physical id : 0 siblings : 8 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 22 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp bugs : cpu_meltdown spectre_v1 spectre_v2 bogomips : 6816.00 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: Am I correct in believing that my CPU is not included in this update? If I'm understanding the release notes correctly it is not among the i7 CPU's listed.
CC: (none) => jim
Try "# dracut -f" Jim. This will be pushed with the kernel so the initrd should be rebuilt with new microcode. Is there anything to ensure microcode is installed before the kernel Thomas, so that it isn't missed from the initrd build?
That doesn't really help though if it's installed separately. Should this instead rebuild initrd for itself?
Mageia 6, x86_64 CPU: Quad core Intel Core i7-4790 (-HT-MCP-) $ rpm -q microcode microcode-0.20180108-1.mga6.nonfree Forgot 'dracut -f'. Warm reboot. $ rpm -q microcode microcode-0.20180312-1.mga6.nonfree $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x23, date = 2017-11-20 [ 0.000000] Intel Spectre v2 broken microcode detected; disabling Speculation Control [ 0.426314] microcode: sig=0x306c3, pf=0x2, revision=0x23 [ 0.426626] microcode: Microcode Update Driver: v2.2. $ sudo dracut -f Cold boot. $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x24, date = 2018-01-21 [ 0.422720] microcode: sig=0x306c3, pf=0x2, revision=0x24 [ 0.423024] microcode: Microcode Update Driver: v2.2.
CC: (none) => tarazed25
x86_64, another machine. CPU: Quad core Intel Core i7-4790K (-HT-MCP-) Installed new microcode. # dracut -f Warm boot. $ rpm -q microcode microcode-0.20180312-1.mga6.nonfree [lcl@vega ~]$ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x24, date = 2018-01-21 [ 0.466867] microcode: sig=0x306c3, pf=0x2, revision=0x24 [ 0.466934] microcode: Microcode Update Driver: v2.2. [ 2.262382] em28xx 3-2:1.0: microcode start address = 0x0004, boot configuration = 0x01
x86_64, Dell XPS 13 CPU: Dual core Intel Core i7-7500U (-HT-MCP-) $ rpm -q microcode microcode-0.20180312-1.mga6.nonfree $ sudo dracut -f Warm boot. $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x84, date = 2018-01-21 [ 0.552282] microcode: sig=0x806e9, pf=0x80, revision=0x84 [ 0.552425] microcode: Microcode Update Driver: v2.2.
x86, Dell Alienware X51 CPU: Quad core Intel Core i7-2600 (-HT-MCP-) The microcode in use was dated 2013-06-12 Followed the same procedure as before. $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x2d, date = 2018-02-07 [ 0.372529] microcode: sig=0x206a7, pf=0x2, revision=0x2d [ 0.372686] microcode: Microcode Update Driver: v2.2. Does 2018-02-07 make sense?
x86_64, Aorus X5 CPU: Quad core Intel Core i7-5700HQ (-HT-MCP-) The new firmware was loaded after a warm reboot. $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x1d, date = 2018-01-21 [ 0.932395] microcode: sig=0x40671, pf=0x20, revision=0x1d [ 0.932673] microcode: Microcode Update Driver: v2.2.
(In reply to claire robinson from comment #9) > Try "# dracut -f" Jim. > Thanks, Claire, but that is what I did and the initrd was rebuilt. The timestamp on the file was updated. Contrary to my earlier (mis)understanding this CPU is listed as one of those included in this update: https://downloadcenter.intel.com/product/88196/Intel-Core-i7-6700-Processor-8M-Cache-up-to-4-00-GHz- I downgraded microcode, rebuilt the initrd and re-booted. Then installed the update again, rebuilt the initrd and re-booted, but the result is the same as I reported in comment#8 I'm at a loss as to what else I can do.
Installed the microcode update testing package in VBOX 5.2.8 [neoser10@MGA6 ~]$ su Contraseña: [root@MGA6 neoser10]# dmesg | grep microcode [root@MGA6 neoser10]# dracut -f dracut: Executing: /usr/bin/dracut -f dracut: dracut module 'bootchart' will not be installed, because command '/sbin/bootchartd' could not be found! dracut: dracut module 'systemd' will not be installed, because it's in the list to be omitted! dracut: dracut module 'systemd-bootchart' will not be installed, because command '/usr/lib/systemd/systemd-bootchart' could not be found! dracut: systemd-initrd needs systemd in the initramfs dracut: dracut module 'caps' will not be installed, because command 'capsh' could not be found! dracut: systemd-networkd needs systemd in the initramfs dracut: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found! dracut: dracut module 'busybox' will not be installed, because command 'busybox' could not be found! dracut: dracut module 'network' will not be installed, because it's in the list to be omitted! dracut: dracut module 'network' will not be installed, because it's in the list to be omitted! dracut: dracut module 'ifcfg' depends on 'network', which can't be installed dracut: dracut module 'mdraid' will not be installed, because command 'mdadm' could not be found! dracut: dracut module 'multipath' will not be installed, because command 'multipath' could not be found! dracut: dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found! dracut: dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found! dracut: dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found! dracut: 95nfs: Could not find any command of 'rpcbind portmap'! dracut: dracut module 'biosdevname' will not be installed, because command 'biosdevname' could not be found! dracut: dracut module 'masterkey' will not be installed, because command 'keyctl' could not be found! dracut: dracut-systemd needs systemd-initrd in the initramfs dracut: dracut module 'caps' will not be installed, because command 'capsh' could not be found! dracut: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found! dracut: dracut module 'busybox' will not be installed, because command 'busybox' could not be found! dracut: dracut module 'ifcfg' depends on 'network', which can't be installed dracut: dracut module 'mdraid' will not be installed, because command 'mdadm' could not be found! dracut: dracut module 'multipath' will not be installed, because command 'multipath' could not be found! dracut: dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found! dracut: dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found! dracut: dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found! dracut: 95nfs: Could not find any command of 'rpcbind portmap'! dracut: dracut module 'masterkey' will not be installed, because command 'keyctl' could not be found! dracut: *** Including module: bash *** dracut: *** Including module: dash *** dracut: *** Including module: i18n *** dracut: *** Including module: drm *** dracut: *** Including module: plymouth *** dracut: *** Including module: kernel-modules *** dracut: *** Including module: resume *** dracut: *** Including module: rootfs-block *** dracut: *** Including module: terminfo *** dracut: *** Including module: udev-rules *** dracut: Skipping udev rule: 40-redhat.rules dracut: Skipping udev rule: 50-firmware.rules dracut: Skipping udev rule: 50-udev.rules dracut: Skipping udev rule: 91-permissions.rules dracut: Skipping udev rule: 80-drivers-modprobe.rules dracut: *** Including module: usrmount *** dracut: *** Including module: base *** dracut: *** Including module: fs-lib *** dracut: *** Including module: shutdown *** dracut: *** Including modules done *** dracut: *** Installing kernel module dependencies and firmware *** dracut: *** Installing kernel module dependencies and firmware done *** dracut: *** Resolving executable dependencies *** dracut: *** Resolving executable dependencies done*** dracut: Could not find 'strip'. Not stripping the initramfs. dracut: *** Generating early-microcode cpio image *** dracut: *** Constructing GenuineIntel.bin **** dracut: *** Store current command line parameters *** dracut: Stored kernel commandline: dracut: rd.driver.pre=ata_piix rd.driver.pre=pata_acpi rd.driver.pre=ata_generic rd.driver.pre=ahci rd.driver.pre=piix rd.driver.pre=ide_pci_generic dracut: resume=UUID=38a78b6c-450a-44d4-99a0-1edb3adb77c7 resume=UUID=38a78b6c-450a-44d4-99a0-1edb3adb77c7 dracut: root=UUID=b24d8367-7814-49af-8c30-86212e431573 rootfstype=ext4 rootflags=rw,relatime,data=ordered dracut: *** Creating image file '/boot/initrd-4.14.25-desktop-1.mga6.img' *** dracut: *** Creating initramfs image file '/boot/initrd-4.14.25-desktop-1.mga6.img' done *** [root@MGA6 neoser10]# Rebooting dmesg | grep microcode & journalctl | grep microcode did not show messages (remember I am using vbox) Processor Info: (covered by microcode update as listed in download page) Intel Pentium Dual Core E5200/Wolfdale @2.50 Ghz Family 6 Model 7 Stepping 6 Extended Family 6 Extended Model 17 Revision M0
CC: (none) => neoser10
x86_64 on Lenovo Ideapad Y500. CPU: Quad core Intel Core i7-3630QM (-HT-MCP-) Warm reboot. $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x1f, date = 2018-02-07 [ 1.602541] microcode: sig=0x306a9, pf=0x10, revision=0x1f [ 1.602792] microcode: Microcode Update Driver: v2.2.
x86_64 Dell Precision T1600 CPU Intel(R) Xeon(R) CPU E31270 @ 3.40GHz $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x2d, date = 2018-02-07 [ 1.633399] microcode: sig=0x206a7, pf=0x2, revision=0x2d [ 1.633686] microcode: Microcode Update Driver: v2.2.
CC: (none) => smelror
Installed without issues. Does nothing new on a Intel Q9400 CPU. $ rpm -q microcode microcode-0.20180312-1.mga6.nonfree The following output is the same before and after the update. $ egrep 'model name|flags|bugs' /proc/cpuinfo | head -n 4 model name : Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl cpuid aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm pti tpr_shadow vnmi flexpriority dtherm bugs : cpu_meltdown spectre_v1 spectre_v2 $ journalctl -b0 | grep microcode Mar 15 09:27:45 marte kernel: microcode: microcode updated early to revision 0xa0b, date = 2010-09-28 Mar 15 09:27:45 marte kernel: microcode: sig=0x1067a, pf=0x10, revision=0xa0b Mar 15 09:27:45 marte kernel: microcode: Microcode Update Driver: v2.2.
CC: (none) => mageia
Does nothing for my Core 2 Duo E8400, either - even though it's on the list. On my production install this afternoon, I started by updating to Plasma 5.12.2, except for the glib2 packages, mostly to clear the clutter out of the list presented by Updates Testing. (Plasma working perfectly, BTW.) After a warm boot and a few tests of Plasma, I went after kernel 4.14.25, including idetect.lst and these microcodes, all in one operation. If I'm understanding the above comments, that should mean that dracut wasn't needed. After a reboot, I saw this: $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0xa0b, date = 2010-09-28 [ 2.752493] microcode: sig=0x1067a, pf=0x1, revision=0xa0b [ 2.752531] microcode: Microcode Update Driver: v2.2. $ egrep 'model name|flags|bugs' /proc/cpuinfo | head -n 4 model name : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl cpuid aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm pti tpr_shadow vnmi flexpriority dtherm bugs : cpu_meltdown spectre_v1 spectre_v2 model name : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz I ran "dracut -f" and did a cold boot, just in case, but the results are the same. Personal speculation: Intel only revised microcodes for processors newer than a certain age. The microcodes included for processors older than that are simply the same ones as before, carried through. And most likely, Intel has no intention of updating microcodes for those older processors. Ever. On the plus side, I don't see anything that these updates "breaks" on this older hardware that wasn't "broken" before.
CC: (none) => andrewsfarm
Testing M6 x64 real EFI hardware with AMD E1-1200 processor Doubting that it is relevant to this update, but it *was* offered. kernel: 4.14.25-desktop-1.mga6 [previously installed] microcode-0.20180312-1.mga6.nonfree After updating the microcode to that shown, re-boot, then # dracut -f from a virtual terminal, which (like c17) spilled heaps of messages about omitting things because of missing commands. Initrd was re-made, however: -rw------- 1 root root 11933080 Maw 18 17:20 /boot/initrd-4.14.25-desktop-1.mga6.img Re-boot again, here I am. From PC_LX c20: $ journalctl -b0 | grep microcode Maw 18 17:22:33 localhost.localdomain kernel: microcode: microcode updated early to new patch_level=0x05000119 Maw 18 17:22:33 localhost.localdomain kernel: microcode: CPU0: patch_level=0x05000119 Maw 18 17:22:33 localhost.localdomain kernel: microcode: CPU1: patch_level=0x05000119 Maw 18 17:22:33 localhost.localdomain kernel: microcode: Microcode Update Driver: v2.2. $ cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 20 model : 2 model name : AMD E1-1200 APU with Radeon(tm) HD Graphics stepping : 0 microcode : 0x5000119 ... processor : 1 vendor_id : AuthenticAMD cpu family : 20 model : 2 model name : AMD E1-1200 APU with Radeon(tm) HD Graphics stepping : 0 microcode : 0x5000119 No problems to date.
@Thomas Apart from the uncertainty about initrd & the need ? for '# dracut -f', the end result looks OK; what is your view? - the one that matters. It would be nice to wrap up these two updates.
CC: (none) => lewyssmith
As we push kernel and microcode at the same time, it will get automatically added in the new kernel initrd. I've also added a comment if people want to add it in current initrd to use dracut -f Advisory (also added to svn): type: security subject: Updated microcode packages fix security vulnerabilities CVE: - CVE-2017-5715 src: 6: nonfree: - microcode-0.20180312-1.mga6.nonfree description: | This update provides new microcode fixes and mitigations for Spectre (CVE-2017-5715) for many Intel CPUs produced in the last 5 years. So far the Intel microcode updates are for several processors from many of Intel Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake, Gemini Lake, Apollo Lake, Crystal Well and IVT platforms. Theese updated microcodes should also fix the instabilities that some users experienced with the earlier microcode updates released in MGASA-2018-0079. We will provide more microcode updates later on when they are made available by Intel and Amd. if you want to use this microcode on your current running kernel, you need to re-create the initrd (initial ramdisk used at boot time), you can do so by issuing the command 'dracut -f' as root, and reboot your system We also suggest that you check if there is updated BIOS and EFI firmwares from your hardware vendor. For a list of updated microcode revisions, read the referened Intel list page. references: - https://bugs.mageia.org/show_bug.cgi?id=22762 - https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File?product=873
Keywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA6-64-OK, MGA6-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0176.html
Status: NEW => RESOLVEDResolution: (none) => FIXED