On 3/3/24 13:48, Michael wrote:
It could be AMD have not yet released microcode updates for the community.
OEMs receive new microcode first and patch it in their MoBo BIOS/UEFI
firmware. Eventually the CPU manufacturers release microcode for older CPUs
no longer supported by OEMs. Since you have embedded 'amd-ucode/
microcode_amd_fam17h.bin' in your kernel I don't think there's anything else
you can do at this point in time, beyond emerging the latest sys-kernel/linux-
firmware and rebooting.
PS. I always place the microcode string first in the CONFIG_EXTRA_FIRMWARE=
entries, since it should be the fist thing to load by the CPU. I don't know
if it would makes any difference, since the whole string of firmwares will be
parsed in one go.
That's a good point about the microcode - I'll change that now (it's
easy enough to do.
And after an hour messing about and reading documentation and various
articles, I have found out AMD does not release microcode for my CPU.
I ran the spectre-meltdown-checker script (I've removed non-Zenbleed info):
* Hardware support (CPU microcode) for mitigation techniques
* CPU microcode is known to fix Zenbleed: NO (required version:
0x08701032)
* CPU microcode is known to cause stability problems: NO (family
0x17 model 0x71 stepping 0x0 ucode 0x8701030 cpuid 0x870f10)
* CPU microcode is the latest known available version: YES (latest
version is 0x8701030 dated 2022/03/28 according to builtin firmwares DB
v271+i20230614)
* CPU vulnerability to the speculative execution attack variants
* Affected by CVE-2023-20593 (Zenbleed, cross-process information
leak): YES
CVE-2023-20593 aka 'Zenbleed, cross-process information leak'
* Zenbleed mitigation is supported by kernel: YES (found zenbleed
message in kernel image)
* Zenbleed kernel mitigation enabled and active: YES (FP_BACKUP_FIX
bit set in DE_CFG)
* Zenbleed mitigation is supported by CPU microcode: NO
> STATUS: NOT VULNERABLE (Your kernel mitigates Zenbleed)
So my processor is indeed family 17h - the model is 71h. It indicates
the most recent microcode is being run (probably because I've updated
the motherboard firmware.)
I did find a tool to inspect the microcode blobs so I could see what's
included:
# ./amd_ucode_info.py /usr/lib/firmware/amd-ucode/microcode_amd_fam17h.bin
Microcode patches in /usr/lib/firmware/amd-ucode/microcode_amd_fam17h.bin:
Family=0x17 Model=0x08 Stepping=0x02: Patch=0x0800820d Length=3200 bytes
Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107b Length=3200 bytes
Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 Length=3200 bytes
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
This just confirmed there's no microcode update for my processor model
(71h.)
I did download a different distribution's firmware package (mostly out
of curiosity) and the results are identical.
So AMD just doesn't have microcode for my model of CPU.
As the spectre-meltdown-checker script says the kernel is mitigating
Zenbleed for now, I'm just going forget about this and move on.
Dan