Hi Paul, during adding the feature in needrestart I've looked more closely at the uicode-tool stuff. I don't think we need to examine the initrd since the following command should give already the required informations:
# iucode_tool -Sl /lib/firmware/intel-ucode/ iucode_tool: system has processor(s) with signature 0x000306c3 microcode bundle 1: /lib/firmware/intel-ucode/06-5e-03 microcode bundle 2: /lib/firmware/intel-ucode/06-3d-04.initramfs ... microcode bundle 54: /lib/firmware/intel-ucode/06-25-05 microcode bundle 55: /lib/firmware/intel-ucode/0f-06-02 selected microcodes: 003/001: sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528 The processor is running a microcode with signature 0x000306c3 and the last line after 'selected microcodes:' should contain the most recent signature value, shouldn't it? I wonder if it is still required to look at the revision value for each CPU/Core (grep microcode /proc/cpuinfo). For single socket systems each core should report the same version. I do not now if it would possible to run different microcode releases on multi socket systems. For the check in needrestart it should be enough to compare the current running microcode signature with the latest available one. This would also handle outdated initrd images gracefuly. Regards, Thomas Thomas Liske <tho...@fiasko-nw.net> writes: > tags 886445 upstream > thanks > > > Hi Paul, > > thanks for summarising your findings. I'm going add the new feature to > handle the microcode update problem in needrestart 3.0. > > > HTH, > Thomas > > > Paul Wise <p...@debian.org> writes: > >> Package: needrestart >> Version: 2.11-4 >> Severity: wishlist >> >> Please detect the need to reboot to apply Intel microcode updates. >> >> When iucode_tool is installed, please check if /boot/initrd.img* >> contain the same microcode rev for the current CPU signature as the >> Linux kernel is listing in /proc/cpuinfo as the microcode version. >> >> First, get the processor signature (also available in next step): >> >> $ /usr/sbin/iucode_tool -Sv >> /usr/sbin/iucode_tool: system has processor(s) with signature 0x00020655 >> >> Second, match the processor signature against the 'sig' field of the >> selected microcodes in all the initrds and extract the 'rev' field of >> that microcode. >> >> $ /usr/sbin/iucode_tool -tr -Sl /boot/initrd.img-4.14.0-2-amd64 >> /usr/sbin/iucode_tool: system has processor(s) with signature 0x00020655 >> microcode bundle 1: /boot/initrd.img-4.14.0-2-amd64 >> selected microcodes: >> 001/001: sig 0x00020652, pf_mask 0x12, 2015-06-30, rev 0x000f, size 8192 >> 001/002: sig 0x00020655, pf_mask 0x92, 2015-06-30, rev 0x0005, size 3072 >> >> Third, match the extracted rev field against the microcode field in the >> Linux /proc/cpuinfo file. >> >> $ grep micro /proc/cpuinfo >> microcode : 0x5 >> microcode : 0x5 >> microcode : 0x5 >> microcode : 0x5 >> >> When running as root, the microcode versions are also in /sys: >> >> $ head /sys/devices/system/cpu/*/microcode/version >> head: cannot open '/sys/devices/system/cpu/cpu0/microcode/version' for >> reading: Permission denied >> head: cannot open '/sys/devices/system/cpu/cpu1/microcode/version' for >> reading: Permission denied >> head: cannot open '/sys/devices/system/cpu/cpu2/microcode/version' for >> reading: Permission denied >> head: cannot open '/sys/devices/system/cpu/cpu3/microcode/version' for >> reading: Permission denied >> >> $ sudo head /sys/devices/system/cpu/*/microcode/version >> ==> /sys/devices/system/cpu/cpu0/microcode/version <== >> 0x5 >> >> ==> /sys/devices/system/cpu/cpu1/microcode/version <== >> 0x5 >> >> ==> /sys/devices/system/cpu/cpu2/microcode/version <== >> 0x5 >> >> ==> /sys/devices/system/cpu/cpu3/microcode/version <== >> 0x5 >> >> -- >> bye, >> pabs >> >> https://wiki.debian.org/PaulWise > > -- > supp...@ibh.de Tel. +49 351 477 77 30 > www.ibh.de Fax +49 351 477 77 39 > > ----------------------------------------------------------------------- > Dipl.-Ing. Thomas Liske > Teamleiter DataCenter Services > > > IBH IT-Service GmbH Amtsgericht Dresden > Heilbronner Str. 20 HRB 13626 > 01189 Dresden GF: Prof. Dr. T. Horn, S. Horn > Germany VAT DE182302907 > ----------------------------------------------------------------------- > Ihr Partner für: LAN, WAN IP-Quality, Security, VoIP, SAN, Backup, USV > ----------------------------------------------------------------------- > professioneller IT-Service - kompetent und zuverlässig > ----------------------------------------------------------------------- > -- :: WWW: https://fiasko-nw.net/~thomas/ :: ::: Jabber: xmpp:tho...@jabber.fiasko-nw.net ::: :: flickr: https://www.flickr.com/photos/laugufe/ ::
