On Sat, 13 Jan 2018, Thomas Liske wrote:
> # iucode_tool -Sl /lib/firmware/intel-ucode/
It would have to be:
iucode_tool -Sl /lib/firmware/intel-ucode /usr/share/misc/intel-microcode*
and that could still miss something.
Maybe it would be best to look inside the initrds directly, too...
iucode_tool -Sl -tb /lib/firmware/intel-ucode \
-ta /usr/share/misc/intel-microcode* \
-tr /boot/initrd*
anything you do will have *some* failure mode, some people load
microcode the Arch way for example... others might have appended it to
the kernel image...
> I wonder if it is still required to look at the revision value for each
> CPU/Core (grep microcode /proc/cpuinfo). For single socket systems each
To be safe, you'd have to, yes.
> core should report the same version. I do not now if it would possible
> to run different microcode releases on multi socket systems.
There is something called "mixed stepping" systems, where the steppings
of the processors are not exactly the same, and thus neither is the
microcode. Family and model of all processors must be the same.
So far, there no mixed-model systems.
BTW, iucode_tool had a few bugs on this area, they have been fixed since
iucode-tool 1.5.2-1.
> For the check in needrestart it should be enough to compare the current
> running microcode signature with the latest available one. This would
> also handle outdated initrd images gracefuly.
Well, it would not be perfect. But maybe it would be good enough.
--
Henrique Holschuh
