Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Sunday, 7 January 2018 20:46:52 GMT taii...@gmx.com wrote: > I have several sandy/ivybridge CPU's and I was wondering if anyone knows > as to if intel is releasing microcode updates for them. > > It sure would be funny if intel wanted you to buy a new CPU to fix a > problem that was their fault to begin with. Welcome to unbridled capitalism, USA-style. -- Regards, Peter.
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Sunday, 7 January 2018 20:46:52 GMT taii...@gmx.com wrote: > I have several sandy/ivybridge CPU's and I was wondering if anyone knows > as to if intel is releasing microcode updates for them. > > It sure would be funny if intel wanted you to buy a new CPU to fix a > problem that was their fault to begin with. As I found explained elsewhere, what can be done with microcode updates is actually very limited. It was claimed that most often Intel would use updates to disable features, permanently, and could not do much more with microcode. This agrees with my understanding of electronics, though I originally did think that slightly more was possible. Perhaps they could disable some cache functionality or speculative execution, but you would still be left with the performance penalties of most of the code-based fixes. In any case, using my original expectations, I would not expect them to be able to modify the behavior of the execution units in such a fundamental way. If great changes are possible with microcode then Intel's processors are actually closer to FPGAs, which I do not think is likely, as FPGAs are very power and space inefficient. On Sun, Jan 7, 2018 at 6:00 PM, Peter Humphrey wrote: > Welcome to unbridled capitalism, USA-style. > I have a mobile device that I noticed had a severe reduction in battery life mid-November, about the time the patches were rolled out by Microsoft. I may have to look at legal action in this regard, as now the device is unusable. I assumed it was compromised anyway and would prefer the performance back. Cheers, R0b0t1
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Mon, Jan 8, 2018 at 7:46 AM, taii...@gmx.com wrote: > I have several sandy/ivybridge CPU's and I was wondering if anyone knows > as to if intel is releasing microcode updates for them. > Its been reported they said they will "provide firmware updates by the end of next week for 90% of all CPU models it released in the past five years" and i think that referred to last week. For ~amd64 this came through on Friday. I guess an md5sum of the relevant file before and after this update may provide some indication. Fri Jan 5 20:22:21 2018 >>> sys-firmware/intel-microcode-20171117_p20171215 Sound like Spectre fixes will involve a combination of new CPU microcode and software code updates.
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On 01/07/2018 02:46 PM, taii...@gmx.com wrote: > I have several sandy/ivybridge CPU's and I was wondering if anyone > knows as to if intel is releasing microcode updates for them. > > It sure would be funny if intel wanted you to buy a new CPU to fix a > problem that was their fault to begin with. > > Do you remember the x87 bugs discovered in the original i586 Pentiums? Never fixed. Still built into every Intel CPU. Intel does NOT replace "defective-by-design" hardware. Instead, every OS is required to "software emulate" the FPU. Search for "errata-not-bug". Intel's term for their screw-ups in their CPUs. Intel is only releasing patch code for the last five years of products. And ... if you read up on the "e-mails" being posted ... ... It looks as if Intel is NOT going to fix this in future CPUs either. Instead, every OS will be required to "work-around-this". Perhaps the reason "someone" tried to implicate this effects ALL CPU architectures? ( IBM RISC 6000, PowerPC, DEC Alpha, IBM System/390, Sun SPARC64, for example ) Intel did try to make their "patch" mandatory for AMD CPUs ( with NO disable switch ). Why? Think about it. Corbin
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Monday, 8 January 2018 17:47:03 GMT Corbin Bird wrote: > On 01/07/2018 02:46 PM, taii...@gmx.com wrote: > > I have several sandy/ivybridge CPU's and I was wondering if anyone > > knows as to if intel is releasing microcode updates for them. > > > > It sure would be funny if intel wanted you to buy a new CPU to fix a > > problem that was their fault to begin with. > > Do you remember the x87 bugs discovered in the original i586 Pentiums? > Never fixed. > Still built into every Intel CPU. > Intel does NOT replace "defective-by-design" hardware. > Instead, every OS is required to "software emulate" the FPU. > > Search for "errata-not-bug". > Intel's term for their screw-ups in their CPUs. > > Intel is only releasing patch code for the last five years of products. > > And ... if you read up on the "e-mails" being posted ... > ... It looks as if Intel is NOT going to fix this in future CPUs either. > Instead, every OS will be required to "work-around-this". > > Perhaps the reason "someone" tried to implicate this effects ALL CPU > architectures? > ( IBM RISC 6000, PowerPC, DEC Alpha, IBM System/390, Sun SPARC64, for > example ) > > Intel did try to make their "patch" mandatory for AMD CPUs ( with NO > disable switch ). > Why? > Think about it. > > Corbin So what affordable and available CPUs should one be looking into for a new desktop build? Also, laptops? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
I have a less-two-old N3700 CPU on a Asrock N3700-ITX board that (was)is perfect for my NAS, but without pcid instruction that mitigates the last pti patches slowdown. Asrock said nothing about the microcode/bios update and I asked for warranty return because I consider a factory defect but I think that I will fight with the seller. BTW, the European Community Law requires at least 2 years of warranty coverage on factory defects... Proud to be European. ciao luigi On Mon, Jan 8, 2018 at 1:00 AM, Peter Humphrey wrote: > On Sunday, 7 January 2018 20:46:52 GMT taii...@gmx.com wrote: > > I have several sandy/ivybridge CPU's and I was wondering if anyone knows > > as to if intel is releasing microcode updates for them. > > > > It sure would be funny if intel wanted you to buy a new CPU to fix a > > problem that was their fault to begin with. > > Welcome to unbridled capitalism, USA-style. > > -- > Regards, > Peter. > > > -- Luigi 'Comio' Mantellini R&D - Software Industrie Dial Face S.p.A. Via Canzo, 4 20068 Peschiera Borromeo (MI), Italy Tel.: +39 02 5167 2813 Fax: +39 02 5167 2459 web: www.idf-hit.com mail: luigi.mantell...@idf-hit.com
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On 01/09/2018 01:56 AM, Mick wrote: > On Monday, 8 January 2018 17:47:03 GMT Corbin Bird wrote: >> On 01/07/2018 02:46 PM, taii...@gmx.com wrote: >>> I have several sandy/ivybridge CPU's and I was wondering if anyone >>> knows as to if intel is releasing microcode updates for them. >>> >>> It sure would be funny if intel wanted you to buy a new CPU to fix a >>> problem that was their fault to begin with. >> Do you remember the x87 bugs discovered in the original i586 Pentiums? >> Never fixed. >> Still built into every Intel CPU. >> Intel does NOT replace "defective-by-design" hardware. >> Instead, every OS is required to "software emulate" the FPU. >> >> Search for "errata-not-bug". >> Intel's term for their screw-ups in their CPUs. >> >> Intel is only releasing patch code for the last five years of products. >> >> And ... if you read up on the "e-mails" being posted ... >> ... It looks as if Intel is NOT going to fix this in future CPUs either. >> Instead, every OS will be required to "work-around-this". >> >> Perhaps the reason "someone" tried to implicate this effects ALL CPU >> architectures? >> ( IBM RISC 6000, PowerPC, DEC Alpha, IBM System/390, Sun SPARC64, for >> example ) >> >> Intel did try to make their "patch" mandatory for AMD CPUs ( with NO >> disable switch ). >> Why? >> Think about it. >> >> Corbin > So what affordable and available CPUs should one be looking into for a new > desktop build? > > Also, laptops? > At this point, the only sure bet, is a non x86, x86_64, ARM, ARM64 CPU. Don't know enough to make a recommendation on a particular CPU arch at this point. Try asking taii...@gmx.com or Ian Zimmerman ( both on gentoo-users mailing list ) about PPC/PPC64. Re-post of saved e-mail : > On 12/25/2017 06:33 PM, Ian Zimmerman wrote: > >> On 2017-12-24 14:44, taii...@gmx.com wrote: >> >>> POWER 9: TALOS 2 (server/workstation, brand new and very high >>> performance - the only brand new hardware that is legitimately libre) >> This is interesting, but can it run gentoo? There's a handbook edition >> for PPC64, but that's not quite the same, is it? > It is. > PPC64 is big endian, PPC64LE is little endian. > > POWER8/9 are Bi-Endian so you can use both (most linux distros only > support little) > > PPC64 compile covers PowerPC and POWER. > > > TALOS 2 is an end user obtainable derivative of the Romulus POWER 9 > development board, there are a variety of modifications and it is more > open source than Romulus - you can also pay for it with bitcoin. > It supports dual sforza CPU's which have up to 24 cores per socket > with SMT4 (4 threads at the same time per core)
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Tue, Jan 9, 2018 at 8:33 PM, Corbin Bird wrote: > > On 01/09/2018 01:56 AM, Mick wrote: > > At this point, the only sure bet, is a non x86, x86_64, ARM, ARM64 CPU. > > Don't know enough to make a recommendation on a particular CPU arch at this > point. > Good luck with that... If you aren't hearing about Spectre fixes for a CPU it is most likely because it is so obscure that nobody has bothered to check whether it is vulnerable. Sure, there are some CPUs that have been tested and found to be ok. However, almost anything modern is vulnerable to spectre. I just wasn't something that was on anybody's radar. New CPUs are likely to be resistant to these types of attacks regardless of vendor. Sure, if I was about to place an order for 1000 CPUs tomorrow I'd probably pick AMD over Intel to avoid the PTI overhead, but that is about as far as I'd let these vulnerabilities affect purchase decisions. There are lots of good reasons to go with ARM vs x86, but this isn't really one of them. And outside of x86/ARM I think almost any other CPU choice is going to be a niche item. -- Rich
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Wednesday, 10 January 2018 01:46:08 GMT Rich Freeman wrote: > On Tue, Jan 9, 2018 at 8:33 PM, Corbin Bird wrote: > > On 01/09/2018 01:56 AM, Mick wrote: > > > > At this point, the only sure bet, is a non x86, x86_64, ARM, ARM64 CPU. > > > > Don't know enough to make a recommendation on a particular CPU arch at > > this > > point. > > Good luck with that... > > If you aren't hearing about Spectre fixes for a CPU it is most likely > because it is so obscure that nobody has bothered to check whether it > is vulnerable. > > Sure, there are some CPUs that have been tested and found to be ok. > However, almost anything modern is vulnerable to spectre. I just > wasn't something that was on anybody's radar. New CPUs are likely to > be resistant to these types of attacks regardless of vendor. Yes, but I would be surprised if new 'fixed' CPUs land anytime before 2019 ... if not 2020. I'd rather not be running an old Intel i7 which has not had its microcode patched all the way until then - if the complimentary microcode patch is *also* improving security besides speed, after the consequential kernel patches. > Sure, if I was about to place an order for 1000 CPUs tomorrow I'd > probably pick AMD over Intel to avoid the PTI overhead, but that is > about as far as I'd let these vulnerabilities affect purchase > decisions. There are lots of good reasons to go with ARM vs x86, but > this isn't really one of them. And outside of x86/ARM I think almost > any other CPU choice is going to be a niche item. I've seen Linus making statements back in 2016 of the year of the ARM laptop being upon us (Chromebook anyone?) and I've seen the 10nm Qualcomm Snapdragon 835 ARM laptop by Asus featuring on CES 2018 with impressively long battery life, but I have no idea how it compares in performance terms with the equally vulnerable current x86 arch machines. That may be a different discussion anyway. Most vendors only sell Intel in their laptops. I could build a desktop I guess, but Ryzen is also affected by Spectre. With Intel's burning platform I want to jump off, but I'm not sure if spending money at this stage will materially improve my PC security ... or if it is wiser to wait for the next round of 'improved' CPUs. Are any of you planning to replace your Intel PCs and what are you considering as a replacement at present? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Thu, Jan 11, 2018 at 5:41 PM, Mick wrote: > > Most vendors only sell Intel in their laptops. I could build a desktop I > guess, but Ryzen is also affected by Spectre. With Intel's burning platform I > want to jump off, but I'm not sure if spending money at this stage will > materially improve my PC security ... or if it is wiser to wait for the next > round of 'improved' CPUs. > I wouldn't let Spectre drive you to hold off on buying a CPU. If you're happy with what you have stick with it. If not get what makes the most sense, which is probably Ryzen at this point unless your particular workload benefits from the marginal single-thread performance of Intel even after any Meltdown handicaps. IMO Spectre is going to drive some microcode updates for relatively recent CPUs, compiler improvements, and some hand-tuning of particularly critical code. -- Rich
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On 01/11/18 14:41, Mick wrote: Are any of you planning to replace your Intel PCs and what are you considering as a replacement at present? I was planning to replace two of my PCs with Ryzen, but that plan was in place before Meltdown happened. At least then I'll be able to get microcode/firmware updates, as pretty much everything I own now (well, besides my laptop) is between 5-11 years old. Dan
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On 01/11/2018 05:02 PM, Rich Freeman wrote: > On Thu, Jan 11, 2018 at 5:41 PM, Mick wrote: >> Most vendors only sell Intel in their laptops. I could build a desktop I >> guess, but Ryzen is also affected by Spectre. With Intel's burning platform >> I >> want to jump off, but I'm not sure if spending money at this stage will >> materially improve my PC security ... or if it is wiser to wait for the next >> round of 'improved' CPUs. >> > I wouldn't let Spectre drive you to hold off on buying a CPU. If > you're happy with what you have stick with it. If not get what makes > the most sense, which is probably Ryzen at this point unless your > particular workload benefits from the marginal single-thread > performance of Intel even after any Meltdown handicaps. > > IMO Spectre is going to drive some microcode updates for relatively > recent CPUs, compiler improvements, and some hand-tuning of > particularly critical code. > FYI : The microcode updates pushed out for AMD by Gentoo seem to be only for : Fam16h, Fam17h CPUs. Fam15h, Fam10h, no change. "dmesg" output unchanged, before and after updating. ( Yes, the firmware update is built-in to the kernel. ) [ 0.114108] smpboot: CPU0: AMD FX(tm)-9590 Eight-Core Processor (family: 0x15, model: 0x2, stepping: 0x0) [ 0.114113] Performance Events: Fam15h core perfctr, AMD PMU driver. [ 10.296207] microcode: microcode updated early to new patch_level=0x0600084f [ 10.296915] microcode: CPU0: patch_level=0x0600084f [ 10.297658] microcode: CPU1: patch_level=0x0600084f [ 10.298338] microcode: CPU2: patch_level=0x0600084f [ 10.299093] microcode: CPU3: patch_level=0x0600084f [ 10.299813] microcode: CPU4: patch_level=0x0600084f [ 10.300502] microcode: CPU5: patch_level=0x0600084f [ 10.301193] microcode: CPU6: patch_level=0x0600084f [ 10.301849] microcode: CPU7: patch_level=0x0600084f [ 10.302601] microcode: Microcode Update Driver: v2.01 , Peter Oruba
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
AMD says they are releasing microcode updates for their previous generation CPU's (Opteron, FX, etc) next week. So much better than intel throwing older CPU owners to the wolves. In terms of what CPU to get - I would get either an AMD G34/C32 Opteron (pre-PSP) with a compatible libre firmware board (KGPE-D16 or KCMA-D8) or if you can afford it a POWER9 system as IBM quickly released updates for POWER to solve this issue and if they ever stopped due to considering your system "too old" POWER9 is owner controlled and documented so the community could theoretically patch its own microcode. You can make a C32 libre firmware gaming system for around 500-700, so that is quite affordable.
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Fri, Jan 12, 2018 at 11:23 AM, Corbin Bird wrote: > > On 01/11/2018 05:02 PM, Rich Freeman wrote: >> >> IMO Spectre is going to drive some microcode updates for relatively >> recent CPUs, compiler improvements, and some hand-tuning of >> particularly critical code. >> > > The microcode updates pushed out for AMD by Gentoo seem to be only for : > Fam16h, Fam17h CPUs. > FWIW even the 17h microcode doesn't seem to be updating on my Ryzen: dmesg | grep microco [0.989279] microcode: CPU0: patch_level=0x08001129 [0.989421] microcode: CPU1: patch_level=0x08001129 [0.989565] microcode: CPU2: patch_level=0x08001129 [0.989708] microcode: CPU3: patch_level=0x08001129 [0.989857] microcode: CPU4: patch_level=0x08001129 [0.990001] microcode: CPU5: patch_level=0x08001129 [0.990183] microcode: CPU6: patch_level=0x08001129 [0.990332] microcode: CPU7: patch_level=0x08001129 [0.990475] microcode: CPU8: patch_level=0x08001129 [0.990619] microcode: CPU9: patch_level=0x08001129 [0.990764] microcode: CPU10: patch_level=0x08001129 [0.990905] microcode: CPU11: patch_level=0x08001129 [0.991095] microcode: Microcode Update Driver: v2.2. That said, there still isn't any AMD documentation around the microcode updates that I've been able to find, so I have no idea what the correct patch level is even supposed to be. I just know that I'm not getting a message about early updates. I do have linux 4.4.13 which includes the family 17h patch. The other odd thing is that a firmware update was released for my motherboard (ASRock AB350 Pro4) on the 10th, and if I flash it grub will no longer boot the linux kernel, and it is pretty slow overall, but it will still boot memtestx86 just fine. I figured I'd wait a few days and see if there is any further info on it. -- Rich
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Friday, 12 January 2018 17:47:46 GMT Rich Freeman wrote: > On Fri, Jan 12, 2018 at 11:23 AM, Corbin Bird wrote: > > On 01/11/2018 05:02 PM, Rich Freeman wrote: > >> IMO Spectre is going to drive some microcode updates for relatively > >> recent CPUs, compiler improvements, and some hand-tuning of > >> particularly critical code. > > > > The microcode updates pushed out for AMD by Gentoo seem to be only for : > > Fam16h, Fam17h CPUs. > > FWIW even the 17h microcode doesn't seem to be updating on my Ryzen: > > dmesg | grep microco > [0.989279] microcode: CPU0: patch_level=0x08001129 > [0.989421] microcode: CPU1: patch_level=0x08001129 > [0.989565] microcode: CPU2: patch_level=0x08001129 > [0.989708] microcode: CPU3: patch_level=0x08001129 > [0.989857] microcode: CPU4: patch_level=0x08001129 > [0.990001] microcode: CPU5: patch_level=0x08001129 > [0.990183] microcode: CPU6: patch_level=0x08001129 > [0.990332] microcode: CPU7: patch_level=0x08001129 > [0.990475] microcode: CPU8: patch_level=0x08001129 > [0.990619] microcode: CPU9: patch_level=0x08001129 > [0.990764] microcode: CPU10: patch_level=0x08001129 > [0.990905] microcode: CPU11: patch_level=0x08001129 > [0.991095] microcode: Microcode Update Driver: v2.2. My AMD: [0.025000] smpboot: CPU0: AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G (family: 0x15, model: 0x30, stepping: 0x1) is similarly failing to show signs of early microcode update, as it always did: $ dmesg | grep -i microcode [1.348991] microcode: CPU0: patch_level=0x06003106 [1.349718] microcode: CPU1: patch_level=0x06003106 [1.350434] microcode: CPU2: patch_level=0x06003106 [1.351158] microcode: CPU3: patch_level=0x06003106 [1.351879] microcode: Microcode Update Driver: v2.2. > That said, there still isn't any AMD documentation around the > microcode updates that I've been able to find, so I have no idea what > the correct patch level is even supposed to be. I just know that I'm > not getting a message about early updates. I do have linux 4.4.13 > which includes the family 17h patch. I'm on 4.14.12-gentoo now. > The other odd thing is that a firmware update was released for my > motherboard (ASRock AB350 Pro4) on the 10th, and if I flash it grub > will no longer boot the linux kernel, and it is pretty slow overall, > but it will still boot memtestx86 just fine. I figured I'd wait a few > days and see if there is any further info on it. No Asus MoBo firmware updates here ... but would they be even required/ necessary for the CPU bugs? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Fri, Jan 12, 2018 at 1:42 PM, Mick wrote: > On Friday, 12 January 2018 17:47:46 GMT Rich Freeman wrote: > >> The other odd thing is that a firmware update was released for my >> motherboard (ASRock AB350 Pro4) on the 10th, and if I flash it grub >> will no longer boot the linux kernel, and it is pretty slow overall, >> but it will still boot memtestx86 just fine. I figured I'd wait a few >> days and see if there is any further info on it. > > No Asus MoBo firmware updates here ... but would they be even required/ > necessary for the CPU bugs? It shouldn't be. I'm not sure if Ryzen has anything equivalent to the Intel Management Engine. Intel has been scrambling to patching the firmware for that (which basically gives a hardware-level rootkit to anybody who exploits it). The official docs just mentioned adding support for additional processors with an AGESA update. I wouldn't be surprised if at some point the motherboard vendors slip in the microcode updates there as well. When I was having issues getting linux to update the microcode I figured I'd check the firmware for updates. When it failed to boot I just rolled it back. They actually did 2 firmware releases, with one being used as a bridge to the other. That also makes me wonder if there is a microcode update of some kind in there. -- Rich
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On 01/12/2018 12:42 PM, Mick wrote: > On Friday, 12 January 2018 17:47:46 GMT Rich Freeman wrote: >> On Fri, Jan 12, 2018 at 11:23 AM, Corbin Bird > wrote: >>> On 01/11/2018 05:02 PM, Rich Freeman wrote: IMO Spectre is going to drive some microcode updates for relatively recent CPUs, compiler improvements, and some hand-tuning of particularly critical code. >>> The microcode updates pushed out for AMD by Gentoo seem to be only for : >>> Fam16h, Fam17h CPUs. >> FWIW even the 17h microcode doesn't seem to be updating on my Ryzen: >> >> dmesg | grep microco >> [0.989279] microcode: CPU0: patch_level=0x08001129 >> [0.989421] microcode: CPU1: patch_level=0x08001129 >> [0.989565] microcode: CPU2: patch_level=0x08001129 >> [0.989708] microcode: CPU3: patch_level=0x08001129 >> [0.989857] microcode: CPU4: patch_level=0x08001129 >> [0.990001] microcode: CPU5: patch_level=0x08001129 >> [0.990183] microcode: CPU6: patch_level=0x08001129 >> [0.990332] microcode: CPU7: patch_level=0x08001129 >> [0.990475] microcode: CPU8: patch_level=0x08001129 >> [0.990619] microcode: CPU9: patch_level=0x08001129 >> [0.990764] microcode: CPU10: patch_level=0x08001129 >> [0.990905] microcode: CPU11: patch_level=0x08001129 >> [0.991095] microcode: Microcode Update Driver: v2.2. > My AMD: > > [0.025000] smpboot: CPU0: AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G > (family: 0x15, model: 0x30, stepping: 0x1) > > is similarly failing to show signs of early microcode update, as it always > did: > > $ dmesg | grep -i microcode > [1.348991] microcode: CPU0: patch_level=0x06003106 > [1.349718] microcode: CPU1: patch_level=0x06003106 > [1.350434] microcode: CPU2: patch_level=0x06003106 > [1.351158] microcode: CPU3: patch_level=0x06003106 > [1.351879] microcode: Microcode Update Driver: v2.2. > > >> That said, there still isn't any AMD documentation around the >> microcode updates that I've been able to find, so I have no idea what >> the correct patch level is even supposed to be. I just know that I'm >> not getting a message about early updates. I do have linux 4.4.13 >> which includes the family 17h patch. > I'm on 4.14.12-gentoo now. > > >> The other odd thing is that a firmware update was released for my >> motherboard (ASRock AB350 Pro4) on the 10th, and if I flash it grub >> will no longer boot the linux kernel, and it is pretty slow overall, >> but it will still boot memtestx86 just fine. I figured I'd wait a few >> days and see if there is any further info on it. > No Asus MoBo firmware updates here ... but would they be even required/ > necessary for the CPU bugs? In the old days, Windows / DOS, did not have any "microcode update loader". For those old versions of Windows / DOS, an updated BIOS was the only way to update the CPU microcode. I have seen something calling itself the "microcode update loader" in Win 7 x64. Have no idea what it is really doing. --- The Fam16h and Fam17h microcode updates were new to Gentoo? I don't recall ever seeing them before. Corbin
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On Fri, Jan 12, 2018 at 2:58 PM, Corbin Bird wrote: > > The Fam16h and Fam17h microcode updates were new to Gentoo? > I don't recall ever seeing them before. > They're new in general - they first appeared last week and they're being treated as if they're related to Spectre. I've yet to see any kind of official release of them, but that seems to be par for the course for AMD the more I hunt around for documentation. It seems like Suse first released it, and claimed that it disabled branch prediction, whatever that means (certainly it can't completely disable it without tanking performance). I'm not sure if it has been merged upstream yet. The 17h loader updates were merged into linux 4.4.13 (Gentoo backported it as well), but I'm not sure about the microcode itself. Separately there are some lkml patches proposed by AMD to use an MSR setting to make LFENCE block speculative execution. It looks like the strategy is to enable that on amd64, and verify that the setting took (a guest VM wouldn't be able to set the MSR). If the setting isn't effective then it would fall back to Retpolines (which is the Intel fix for Spectre), which have more overhead (this is in addition to the much larger overhead for the meltdown fix on Intel). If somebody actually sees anything official from AMD clearly giving a checklist for Spectre remediation I'm all ears. To its credit, Intel at least published one of those (even if it amounts to "pound sand" for older CPUs). -- Rich
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On 01/12/2018 02:06 PM, Rich Freeman wrote: It shouldn't be. I'm not sure if Ryzen has anything equivalent to the Intel Management Engine. It does, it is called AMD PSP. Like ME it is closed source and it can't be disabled - no matter what people might claim.
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
> > If somebody actually sees anything official from AMD clearly giving a > checklist for Spectre remediation I'm all ears. To its credit, Intel > at least published one of those (even if it amounts to "pound sand" > for older CPUs). > AMD have revised their guidance on Variant 2 from "near zero risk" to "difficult" http://www.amd.com/en/corporate/speculative-execution
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
> They're new in general - they first appeared last week and they're > being treated as if they're related to Spectre. I've yet to see any > kind of official release of them, but that seems to be par for the > course for AMD the more I hunt around for documentation. It seems > like Suse first released it, and claimed that it disabled branch > prediction, whatever that means (certainly it can't completely disable > it without tanking performance). > From: https://www.phoronix.com/scan.php?page=news_item&px=AMD-Branch-Prediction-Still "I reached out to AMD and on Friday heard back. They wrote in an email to Phoronix that this Zen/17h microcode update does *not* disable branch prediction. They'll be working with SUSE to re-clarify this microcode update description"
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On 01/13/2018 12:50 PM, Mick wrote: Thank you Taiidan for taking time to respond. Always man! On Friday, 12 January 2018 17:21:19 GMT you wrote: AMD says they are releasing microcode updates for their previous generation CPU's (Opteron, FX, etc) next week. So much better than intel throwing older CPU owners to the wolves. Indeed, this is one more reason I will not look at Intel ever again! In terms of what CPU to get - I would get either an AMD G34/C32 Opteron (pre-PSP) with a compatible libre firmware board (KGPE-D16 or KCMA-D8) or if you can afford it a POWER9 system as IBM quickly released updates for POWER to solve this issue and if they ever stopped due to considering your system "too old" POWER9 is owner controlled and documented so the community could theoretically patch its own microcode. You can make a C32 libre firmware gaming system for around 500-700, so that is quite affordable. The problem with KGPE-D16 and KCMA-D8 is that I can't find these new in the UK. All I find is stripped down second hand MoBos in ebay from businesses shuttering and repossessions. Also, they do not appear to come with modern niceties for a desktop like HDMI or DP ports? You have to install a graphics card - like with any other server/workstation motherboard the onboard graphics are crappy. I would order one from the US if you can't find a UK retailer, these are the most easily obtainable and affordable owner controlled boards. Power9 appear to be quite new and again I can't find a place that sells them or provides a price for them ... https://raptorcs.com The TALOS 2 - made by the same folks who did the coreboot ports for the D8 and D16 boards It is pending RYF certification, is 100% owner controlled and it has libre firmware from the factory. POWER is the only owner controlled performance CPU out there, IBM publishes a lot of documentation and there is absolutely no hardware code signing enforcement not even for the microcode. Please note that 5K is an average price for server hardware in that performance class, there are a variety of lower end owner controlled options if that is too much/if you don't need something that fast. We don't do any gaming with our PCs. General office suite applications, heavy browsing/emails and some media transcoding. The market has been cornered by the near monopoly of Intel, especially on laptops. The last PC I built was a relatively cheap and cheerful AMD A10-7850K on an ASUS MoBo, which sadly comes loaded with its own hardwired PSP rootkit. :-( You can install a FM2 CPU on that, the plus has PSP the regular doesn't. Any ideas for places I could look for a power9 workstation - assuming it is affordable, or are there are any other CPU/MoBos I could look at? Define affordable? People have gotten used to intel's cheap CPU's that they don't really own - even just 15 years ago computers used to cost significantly more. I remember when the P4 was just released and crappy pre-builds were going for 2K+.
