Microcode Updates

Help for Current Versions of MX
When asking for help, use Quick System Info from MX Tools. It will be properly formatted using the following steps.
1. Click on Quick System Info in MX Tools
2. Right click in your post and paste.
Forum rules
Post Reply
Message
Author
User avatar
Zikk
Posts: 3
Joined: Sat Sep 17, 2022 12:07 pm

Microcode Updates

#1 Post by Zikk »

Mx Linux already has latest database.And not just that, intel's official github page now has limited files.
But the problem is,MX has the older version (dated 2010). https://github.com/platomav/CPUMicrocodes has the latest released (dated 2015) (and much more)
how can i add this bin formatted microcode file to Mx?
Last edited by Zikk on Mon Sep 26, 2022 7:33 am, edited 1 time in total.
Top
User avatar
Stevo
Developer
Posts: 12843
Joined: Fri Dec 15, 2006 8:07 pm

Re: Microcode Update

#2 Post by Stevo »

What the... ??????

I think you are somewhat confused. Please tell us what version of "intel-microcode" you have in whatever mystery version of MX you're running, such as running

Code: Select all

apt policy intel-microcode
MX includes the latest version from Debian by default, BTW.

MCE firmware is not really CPU firmware, to be pedantic.
Top
User avatar
Adrian
Developer
Posts: 8270
Joined: Wed Jul 12, 2006 1:42 am

Re: Microcode Update

#3 Post by Adrian »

Also, as mentioned on that site "Latest is not always better or tested."
Do you try to fix something? People should not really be concerned with firmware unless there's something not working OK.
Top
User avatar
Stevo
Developer
Posts: 12843
Joined: Fri Dec 15, 2006 8:07 pm

Re: Microcode Update

#4 Post by Stevo »

Well, the CPU microcode is actually supposed to fix bugs or security holes like Meltdown or Spectre.

The "linux-firmware" package we port over from Ubuntu actually also includes the AMD and the Intel microcode, so it conflicts with those packages. You have to choose which you want to go with. We're shipping AHS with the ported package.
Last edited by Stevo on Sat Sep 24, 2022 2:56 pm, edited 1 time in total.
Top
User avatar
oops
Posts: 1620
Joined: Tue Apr 10, 2018 5:07 pm

Re: Microcode Update

#5 Post by oops »

Well the new upgrade is better for me (from MXPI: intel-microcode 3.20220809.1~mx19+1)
So thank you for the upgrade Stevo.
https://forum.mxlinux.org/viewtopic.php ... 04#p696604
Fri Sep 23, 2022 12:08 am
Updated amd64-microcode, intel-microcode packages from Debian testing, port over firmware-sof-signed from Ubuntu Kinetic--Ubuntu updated theirs a bit more that Debian upstream, plus they allow for any "linux-firmware" conflicts.
The old one:

Code: Select all

dpkg -l *microcode*
ii  intel-microcode 3.20220510.1~deb11u1 amd64        Processor microcode firmware for Intel CPUs

spectre-meltdown-checker --batch text
CVE-2017-5753: OK (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
CVE-2017-5715: OK (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754: OK (Mitigation: PTI)
CVE-2018-3640: VULN (an up-to-date CPU microcode is needed to mitigate this vulnerability)
CVE-2018-3639: OK (Mitigation: Speculative Store Bypass disabled via prctl)
CVE-2018-3615: VULN (your CPU supports SGX and the microcode is not up to date)
CVE-2018-3620: OK (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
CVE-2018-3646: OK (this system is not running a hypervisor)
CVE-2018-12126: OK (Mitigation: Clear CPU buffers)
CVE-2018-12130: OK (Mitigation: Clear CPU buffers)
CVE-2018-12127: OK (Mitigation: Clear CPU buffers)
CVE-2019-11091: OK (Mitigation: Clear CPU buffers)
CVE-2019-11135: OK (Not affected)
CVE-2018-12207: OK (this system is not running a hypervisor)
CVE-2020-0543: OK (your CPU vendor reported your CPU model as not affected)
The new one:

Code: Select all

dpkg -l *microcode*
ii  amd64-microcode 3.20220411.1~mx19+1 amd64        Processor microcode firmware for AMD CPUs
ii  intel-microcode 3.20220809.1~mx19+1 amd64        Processor microcode firmware for Intel CPUs

spectre-meltdown-checker --batch text
CVE-2017-5753: OK (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
CVE-2017-5715: OK (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754: OK (Mitigation: PTI)
CVE-2018-3640: OK (your CPU microcode mitigates the vulnerability)
CVE-2018-3639: OK (Mitigation: Speculative Store Bypass disabled via prctl)
CVE-2018-3615: OK (your CPU vendor reported your CPU model as not affected)
CVE-2018-3620: OK (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
CVE-2018-3646: OK (this system is not running a hypervisor)
CVE-2018-12126: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12130: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12127: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11091: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11135: OK (your CPU vendor reported your CPU model as not affected)
CVE-2018-12207: OK (this system is not running a hypervisor)
CVE-2020-0543: OK (your CPU vendor reported your CPU model as not affected)
Pour les nouveaux utilisateurs: Alt+F1 pour le manuel, ou FAQS, MX MANUEL, et Conseils Debian - Info. système “quick-system-info-mx” (QSI) ... Ici: System: MX-19_x64 & antiX19_x32
Top
User avatar
Zikk
Posts: 3
Joined: Sat Sep 17, 2022 12:07 pm

Re: Microcode Update

#6 Post by Zikk »

true.newest (latest) may not be always the "better" or "faster" but they are more "secure" or may have a "new feature" .so microcode updates,like all updates,are being released for a reason.

https://ibb.co/mbpMJpz old one. Mx has this
(datebase:20220510 - microcode updated early to revision=0xa0b, date=2010-09-28)

https://ibb.co/Yh59kgr new one. the mentioned github repo has this
(datebase:20220510 - revision=0xa0e)
Last edited by Zikk on Sun Sep 25, 2022 7:01 am, edited 1 time in total.
Top
User avatar
Stevo
Developer
Posts: 12843
Joined: Fri Dec 15, 2006 8:07 pm

Re: Microcode Update

#7 Post by Stevo »

Interestingly, repology has the 20220809 as the current release

https://repology.org/project/intel-microcode/versions

and no distro, even the dangerously bleeding-edge ones, have that github version that you linked. Methinks that that source needs more investigation.
Top
User avatar
figueroa
Posts: 1053
Joined: Fri Dec 21, 2018 12:20 am

Re: Microcode Update

#8 Post by figueroa »

3.20220809.1~mx21+1 is in the MX Test Repo for the nervous. It's considered stable by Intel, and I'm using it in my stable Gentoo desktop. The current MX-21 version is 3.20220510.1~deb11u1. Unless someone knows the Test Repo version fixes a problem they are having or an actual vulnerability in their use case, one should stick with the normal MX update process. Deviate from normal at your own risk.
Andy Figueroa
Using Unix from 1984; GNU/Linux from 1993
Top
User avatar
Zikk
Posts: 3
Joined: Sat Sep 17, 2022 12:07 pm

Re: Microcode Update

#9 Post by Zikk »

repo is legit and go-to place for bios modders.and not only it has recent devices (cpu-wise),it also has ancient ones as well (from via to xeon etc)
the file already recognized as higher version (recent) by system (iucode_tool)
all distros are using intel's official releases or betas so you will not find any difference there.maybe intel dropped the ball with its archieve here,or simply didnt care.cant say for sure.

Microsoft did (does) a better job at patching these (especially for old cpus that i have tested) on Windows 10. meaning this microcode is already included.
seee, KB4589212 and for more;
https://support.microsoft.com/en-gb/top ... 6e4d8637c4

And gentlemen (and/or ladies) we are talking about something released in 2010 and 2015. not cutting-edge,nor untested.

While i am writing this intel's official stable release version is indeed 20220809 (we havent received it yet)
https://github.com/intel/Intel-Linux-Pr ... Data-Files
Top
Post Reply

Return to “MX Help”