s/meltdown/spectre/ aka CVE-2017-5715 On Fri, Jan 12, 2018 at 5:21 PM, Daniele Viganò < daniele.vig...@globalquakemodel.org> wrote:
> A quick follow-up: microcode package release 20171117 did not include > mitigation to Meltdown, but 20180108 (https://downloadcenter.intel. > com/download/27431/Linux-Processor-Microcode-Data-File?v=t) does. By the > way it seems it could cause random reboots on Broadwell and Haswell CPUs > (see https://newsroom.intel.com/news/intel-security-issue- > update-addressing-reboot-issues/). > > I think that, having such CPU models, is more safe to update the firmware > via microcode_ctl (and thus the OS) before flashing a new BIOS with the new > microcode update in it; this should make possible to test the new microcode > and easily revert to the previous version in case of issues without the > need to perform a firmware downgrade, at least until the situation becomes > more clear. > > Cheers, > Daniele > > > > On Sat, Jan 6, 2018 at 5:23 PM, Daniele Viganò <daniele.vigano@ > globalquakemodel.org> wrote: > >> A temporary solution could be manually updating the content of >> /lib/firmware/intel-ucode/, getting the ucode bins directly from the Intel >> website: https://downloadcenter.intel.com/download/27337/Linux-Proces >> sor-Microcode-Data-File?product=873 >> >> intel-ucode dirctory contains binary microcode files named in >>> family-model-stepping pattern. The file is supported in most modern Linux >>> distributions. It's generally located in the /lib/firmware directory, >>> and can be updated throught the microcode reload interface. >>> >>> To update the intel-ucode package to the system, one need: >>> 1. Ensure the existence of /sys/devices/system/cpu/microcode/reload >>> 2. Copy intel-ucode directory to /lib/firmware, overwrite the files in >>> /lib/firmware/intel-ucode/ >>> 3. Write the reload interface to 1 to reload the microcode files, e.g. >>> echo 1 > /sys/devices/system/cpu/microcode/reload >>> >> >> This should contains _all_ latest available microcodes, including pieces >> not shipped by microcode_ctl-2.1-22.2 (and in fact the Intel package has >> more bin files in it). Not sure if this is enough. >> >> Cheers, >> Daniele >> >> -- >> *DANIELE VIGANÒ* | System Administrator | *Skype* dennyv85 | >> *+39-0382-5169882 >> <+39%200382%20516%209882>* >> *GLOBAL EARTHQUAKE MODEL *| working together to assess risk >> *GEM -* globalquakemodel.org <http://www.globalquakemodel.org/> | *T -* >> @GEMwrld <http://twitter.com/GEMwrld> | *F -* GEMwrld >> <http://www.facebook.com/GEMwrld> >> > > > > -- > *DANIELE VIGANÒ* | System Administrator | *Skype* dennyv85 | *+39-0382-5169882 > <+39%200382%20516%209882>* > *GLOBAL EARTHQUAKE MODEL *| working together to assess risk > *GEM -* globalquakemodel.org <http://www.globalquakemodel.org/> | *T -* > @GEMwrld <http://twitter.com/GEMwrld> | *F -* GEMwrld > <http://www.facebook.com/GEMwrld> > -- *DANIELE VIGANÒ* | System Administrator | *Skype* dennyv85 | *+39-0382-5169882* *GLOBAL EARTHQUAKE MODEL *| working together to assess risk *GEM -* globalquakemodel.org <http://www.globalquakemodel.org/> | *T -* @GEMwrld <http://twitter.com/GEMwrld> | *F -* GEMwrld <http://www.facebook.com/GEMwrld>
_______________________________________________ Linux-PowerEdge mailing list Linux-PowerEdge@dell.com https://lists.us.dell.com/mailman/listinfo/linux-poweredge