You are not logged in.
- Topics: Active | Unanswered
#1 2018-01-10 17:50:04
- sarfaraz1989
- Member
- Registered: 2017-01-27
- Posts: 9
Intel's latest microcode does not get applied on boot.
I have a laptop that runs on intel core i3-2330M.
https://downloadcenter.intel.com/produc … e-2-20-GHz-
The page tells me latest microcode for this cpu was released on Jan08th.
This release link from Intel confirms the same .
https://downloadcenter.intel.com/downlo … duct=52214
Consequently, I installed the intel-ucode package currently in "testing" from https://www.archlinux.org/packages/test … tel-ucode/
Post install, I see that the file /boot/intel-ucode changed (the md5 checksums before and after the install were different)
but the microcode I see after reboot is still the older one.
ahmad@mymachine:~/Desktop/spectre-meltdown-checker $ dmesg |grep microcode
[ 0.000000] microcode: microcode updated early to revision 0x29, date = 2013-06-12
[ 0.617585] microcode: sig=0x206a7, pf=0x10, revision=0x29
[ 0.617862] microcode: Microcode Update Driver: v2.2.
I built one using the pkgbuild sources here. https://www.archlinux.org/packages/test … tel-ucode/
and still the same result.
Any ideas on how to proceed further ?
Here is /proc/cpuinfo if that helps (I don't see spec_ctrl instruction either )
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
stepping : 7
microcode : 0x29
cpu MHz : 2195.054
cache size : 3072 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 2
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer xsave avx lahf_lm epb pti tpr_shadow vnmi flexpriority ept vpid xsaveopt dtherm arat pln pts
bugs : cpu_insecure
bogomips : 4391.02
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
Regards,
Sarfaraz
Offline
#2 2018-01-10 18:03:42
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,327
Re: Intel's latest microcode does not get applied on boot.
Please use code tags for commands and their outputs
$ bsdtar -Oxf /boot/intel-ucode.img | iucode_tool -tb -ls0x206a7 -
selected microcodes:
001: sig 0x000206a7, pf mask 0x12, 2013-06-12, rev 0x0029, size 10240It would appear there is not actually a new update for that processor in the latest microcode update.
Edit:
New updates for this package
$ bsdtar -Oxf /boot/intel-ucode.img | iucode_tool -tb -l --date-after=2017-11-17 -
selected microcodes:
001: sig 0x000306c3, pf mask 0x32, 2017-11-20, rev 0x0023, size 23552
002: sig 0x000306e4, pf mask 0xed, 2017-12-01, rev 0x042a, size 15360
003: sig 0x00040651, pf mask 0x72, 2017-11-20, rev 0x0021, size 22528
004: sig 0x00040661, pf mask 0x32, 2017-11-20, rev 0x0018, size 25600
005: sig 0x00050654, pf mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
006: sig 0x00050662, pf mask 0x10, 2017-12-16, rev 0x0014, size 31744
007: sig 0x00050663, pf mask 0x10, 2017-12-16, rev 0x7000011, size 22528
008: sig 0x000706a1, pf mask 0x01, 2017-12-26, rev 0x0022, size 73728
009: sig 0x000806e9, pf mask 0xc0, 2018-01-04, rev 0x0080, size 98304
010: sig 0x000806ea, pf mask 0xc0, 2018-01-04, rev 0x0080, size 98304
011: sig 0x000906e9, pf mask 0x2a, 2018-01-04, rev 0x0080, size 98304
012: sig 0x000906ea, pf mask 0x22, 2018-01-04, rev 0x0080, size 97280
013: sig 0x000906eb, pf mask 0x02, 2018-01-04, rev 0x0080, size 98304Last edited by loqs (2018-01-10 18:07:21)
Offline
#3 2018-01-10 18:13:27
- sarfaraz1989
- Member
- Registered: 2017-01-27
- Posts: 9
Re: Intel's latest microcode does not get applied on boot.
Thank you. I was almost getting to the same conclusion. Bad post by Intel. I will use tags further ahead when posting commands and outputs
Offline
#4 2018-01-10 18:16:53
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,327
Re: Intel's latest microcode does not get applied on boot.
I can only suggest you contact Intel and see if the release notes for the microcode update contain an error with respect to your CPU.
Offline
#5 2018-01-10 18:25:24
- ua4000
- Member
- Registered: 2015-10-14
- Posts: 419
Re: Intel's latest microcode does not get applied on boot.
According to ark.intel.com your i3-2330M is from 2011.
https://www.heise.de/newsticker/meldung … 36956.html states, intel will patch only >2013 so far...
Offline
#6 2018-01-10 18:44:06
- sarfaraz1989
- Member
- Registered: 2017-01-27
- Posts: 9
Re: Intel's latest microcode does not get applied on boot.
Yeah on similar lines i read somewhere that. This week Intel would patch microcodes for last 5 years and the rest in a month or so. That post from Intel though is misleading whoever put up that page didn't do a good job I guess.
Offline
#7 2018-01-10 18:45:48
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,544
Re: Intel's latest microcode does not get applied on boot.
I don't see how it's misleading. There was a new microcode bundle release, doesn't mean there's a new microcode for you processor.
Offline
#8 2018-01-10 20:06:25
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,327
Re: Intel's latest microcode does not get applied on boot.
I don't see spec_ctrl instruction either
Would that be displayed even if the microcode was updated without the kernel patch adding X86_FEATURE_SPEC_CTRL?
edit:
https://patchwork.kernel.org/patch/10153849/ patch X86_FEATURE_SPEC_CTRL this patch does not enable use of IBRS.
Last edited by loqs (2018-01-10 20:18:19)
Offline
#9 2018-01-11 08:47:26
- sarfaraz1989
- Member
- Registered: 2017-01-27
- Posts: 9
Re: Intel's latest microcode does not get applied on boot.
sarfaraz1989 wrote:I don't see spec_ctrl instruction either
Would that be displayed even if the microcode was updated without the kernel patch adding X86_FEATURE_SPEC_CTRL?
edit:
https://patchwork.kernel.org/patch/10153849/ patch X86_FEATURE_SPEC_CTRL this patch does not enable use of IBRS.
Thanks ! I guess cpu flags for spectre will not show up in /proc/cpuinfo unless that patch is included/applied.
Offline
#10 2018-01-11 12:51:06
- Fuxino
- Member
- From: Slovakia
- Registered: 2014-09-26
- Posts: 178
Re: Intel's latest microcode does not get applied on boot.
I have the same problem. I have an Intel i7-5500U processor (released in 2015), which is listed here under "This download is valid for the product(s) listed below".
$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 61
model name : Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
stepping : 4
microcode : 0x28
cpu MHz : 2899.951
cache size : 4096 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 2
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 20
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb invpcid_single intel_pt kaiser tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid rdseed adx smap xsaveopt dtherm ida arat pln pts
bugs :
bogomips : 4788.80
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:$ dmesg | grep microcode
[ 0.000000] microcode: microcode updated early to revision 0x28, date = 2017-11-17
[ 0.572164] microcode: sig=0x306d4, pf=0x40, revision=0x28
[ 0.572318] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter OrubaOffline
#11 2018-01-11 16:06:36
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,544
Re: Intel's latest microcode does not get applied on boot.
Everything looks fine there.
Offline
#12 2018-01-11 17:24:35
- Fuxino
- Member
- From: Slovakia
- Registered: 2014-09-26
- Posts: 178
Re: Intel's latest microcode does not get applied on boot.
Isn't the date supposed to be the one of the last microcode update (2018-01-08)?
Offline
#13 2018-01-11 17:26:21
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,544
Re: Intel's latest microcode does not get applied on boot.
No
Offline
#14 2018-01-11 17:27:16
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 21,673
Re: Intel's latest microcode does not get applied on boot.
No, the date of the microcode update package refers to the date when a new package containing all of the microcode updates for all of the processors has been bundled. The exact date for when a specific CPU has gotten a microcode update can differ.
Last edited by V1del (2018-01-11 17:28:23)
Online
#15 2018-01-11 20:07:17
- Batou
- Member
- Registered: 2017-01-03
- Posts: 259
Re: Intel's latest microcode does not get applied on boot.
My Ivy Bridge i7 got no love from Intel.
microcode: microcode updated early to revision 0x1c, date = 2015-02-26 I'm so happy that I didn't upgrade my mobo + CPU this past year. I'm gonna stick with my current setup for another year or until they finally fix Meltdown/Spectre. No point in buying defective CPUs now.
Edit: from reading what others are saying, this ucode fixes some of the Spectre CVEs but it comes with another performance hit. That's now a bunch of stacked perf hits: KPTI, ucode, browser site isolation... all introduce their own perf hits.
Last edited by Batou (2018-01-11 20:27:53)
Please vote for all the AUR packages you're using. You can mass-vote for all of them by doing: "pacman -Qqm | xargs aurvote -v" (make sure to run "aurvote --configure" first)
Offline
#16 2018-01-11 20:40:02
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,327
Re: Intel's latest microcode does not get applied on boot.
from reading what others are saying, this ucode fixes some of the Spectre CVEs but it comes with another performance hit. That's now a bunch of stacked perf hits: KPTI, ucode, browser site isolation... all introduce their own perf hits.
My understanding is the microcode update would allow software mitigations in the kernel etc taking advantage of newly exposed functionality [1] but the current mainline / stable kernel does not contain patches supporting that yet.
[1] https://access.redhat.com/articles/3311 … defaults-9
Offline
#17 2018-01-11 21:21:32
- sl1pkn07
- Member
- From: Spanishtán
- Registered: 2010-03-30
- Posts: 371
Re: Intel's latest microcode does not get applied on boot.
in my case, the early load not work
└───╼ LC_ALL=C pacman -Qi intel-ucode
Name : intel-ucode
Version : 20180108-1
Description : Microcode update files for Intel CPUs
Architecture : any
URL : https://downloadcenter.intel.com/SearchResult.aspx?lang=eng&keyword=processor%20microcode%20data%20file
Licenses : custom
Groups : None
Provides : None
Depends On : None
Optional Deps : None
Required By : None
Optional For : None
Conflicts With : None
Replaces : microcode_ctl
Installed Size : 1584.00 KiB
Packager : Christian Hesse <arch@eworm.de>
Build Date : Wed Jan 10 09:53:21 2018
Install Date : Wed Jan 10 15:44:02 2018
Install Reason : Explicitly installed
Install Script : Yes
Validated By : Signature
└───╼ LC_ALL=C pacman -Qkk intel-ucode
intel-ucode: 8 total files, 0 altered files
└───╼ sudo cat /boot/grub/grub.cfg | grep intel
linux /boot/vmlinuz-linux-lts root=UUID=1b76a96e-0c70-49c5-a90b-c5308f969a2f rw init=/usr/lib/systemd/systemd intel_iommu=on iommu=pt isolcpus=9-12,22-25 nohz_full=9-12,22-25 rcu_nocbs=9-12,25
initrd /boot/intel-ucode.img /boot/initramfs-linux-lts.img
linux /boot/vmlinuz-linux-lts root=UUID=1b76a96e-0c70-49c5-a90b-c5308f969a2f rw init=/usr/lib/systemd/systemd intel_iommu=on iommu=pt isolcpus=9-12,22-25 nohz_full=9-12,22-25 rcu_nocbs=9-12,25
initrd /boot/intel-ucode.img /boot/initramfs-linux-lts-fallback.img
linux /boot/vmlinuz-linux root=UUID=1b76a96e-0c70-49c5-a90b-c5308f969a2f rw init=/usr/lib/systemd/systemd intel_iommu=on iommu=pt isolcpus=9-12,22-25 nohz_full=9-12,22-25 rcu_nocbs=9-12,25
initrd /boot/intel-ucode.img /boot/initramfs-linux.img
linux /boot/vmlinuz-linux root=UUID=1b76a96e-0c70-49c5-a90b-c5308f969a2f rw init=/usr/lib/systemd/systemd intel_iommu=on iommu=pt isolcpus=9-12,22-25 nohz_full=9-12,22-25 rcu_nocbs=9-12,25
initrd /boot/intel-ucode.img /boot/initramfs-linux-fallback.imgbut after reboot:
└───╼ dmesg | grep micro
[ 0.000000] [Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode to version: 0xb000020 (or later)
[ 3.154857] microcode: sig=0x406f0, pf=0x1, revision=0x14
[ 3.156852] microcode: Microcode Update Driver: v2.2.
[ 14.767733] microcode: late loading on model 79 is disabled.but the iucode_tool say exist new microcode for my micro (E5-2650-V4 ES)
└───╼ bsdtar -Oxf /boot/intel-ucode.img | iucode_tool -tb -lS -
iucode_tool: system has processor(s) with signature 0x000406f0
microcode bundle 1: (stdin)
selected microcodes:
001/139: sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624 what happen and how can force the microcode update?
is because by mi micros is Engineering Sample units?
is my last shot for this: https://bbs.archlinux.org/viewtopic.php?id=232732
i brought a new unit and have the same symptom :S
the older version of the microcode have the same problem
greetings
Last edited by sl1pkn07 (2018-01-11 21:24:24)
Offline
#18 2018-01-11 21:29:48
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,327
Re: Intel's latest microcode does not get applied on boot.
@sl1pkn07 https://git.kernel.org/pub/scm/linux/ke … 0dd8cfc0f7 you could revert that. If your systems ends up damaged as a result that is your choice.
Offline
#19 2018-01-11 22:39:45
- sl1pkn07
- Member
- From: Spanishtán
- Registered: 2010-03-30
- Posts: 371
Re: Intel's latest microcode does not get applied on boot.
i found the problem:
iucode_tool: system has processor(s) with signature 0x000406f>>0<<but only exist update for:
001/139: sig 0x000406f>>1<<, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624 FFFFFFFFFfff.....
Last edited by sl1pkn07 (2018-01-11 22:40:00)
Offline
#20 2018-01-11 22:45:35
- GSF1200S
- Member
- Registered: 2008-12-24
- Posts: 474
Re: Intel's latest microcode does not get applied on boot.
Doesn't work for me either:
[ 0.532614] microcode: sig=0x306a9, pf=0x10, revision=0x1c
[ 0.532867] microcode: Microcode Update Driver: v2.2.I don't even get the early revision warning. Its clearly on my grub.cfg- I even went into edit mode during grub and made sure. Doesn't the microcode image need to rewrite whatever on each boot? I thought only UEFI updates containing microcode updates (e.g. from a vendor) did this automatically.
Offline
#21 2018-01-11 22:47:01
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,544
Re: Intel's latest microcode does not get applied on boot.
GSF1200S, that is the latest microcode available already.
% bsdtar -Oxf /boot/intel-ucode.img | iucode_tool -tb -l -s 0x306a9 -
microcode bundle 1: (stdin)
selected microcodes:
001/138: sig 0x000306a9, pf_mask 0x12, 2015-02-26, rev 0x001c, size 12288Last edited by Scimmia (2018-01-11 22:53:22)
Offline
#22 2018-01-11 22:51:33
- Slithery
- Administrator
- From: Norfolk, UK
- Registered: 2013-12-01
- Posts: 5,776
Offline
#23 2018-01-11 23:00:33
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,327
Re: Intel's latest microcode does not get applied on boot.
@slithery 306a9 is Ivy Bridge.
Offline
#24 2018-01-11 23:10:38
- MrWeatherbee
- Member
- Registered: 2007-08-01
- Posts: 277
Re: Intel's latest microcode does not get applied on boot.
* Reminder to self: take a deep breath and turn off throttle Meltdown / Spectre rant mode 
*
Based on the information I could get simply by observing the data on my own computers, it was clear that the installed microcode date does not match the date of the package (as previously stated in this thread). Here are two of my computers showing the package dates and revision dates for the previous and current microcode packages:
Intel® Core™ i5-4690K Processor - package date = 20171117 | microcode date = 2017-01-27 (revision 0x22)
Intel® Core™ i5-4690K Processor - package date = 20180108 | microcode date = 2017-11-20 (revision 0x23)
----
Intel® Core™ i5-7600K Processor - package date = 20171117 | microcode date = 2017-04-06 (revision 0x5e)
Intel® Core™ i5-7600K Processor - package date = 20180108 | microcode date = 2018-01-04 (revision 0x80)
----
My more granular question is: how do we know that the microcode, referenced by date (or revision number), actually has anything to do with mitigation (as a standalone fix or a fix in conjunction with kernel patches) of the Meltdown or Spectre issues?
The 2018-01-04 date for the 7600k looks somewhat reassuring considering the timing of events; the 2017-11-20 date for the 4690k much less so (even considering that Intel was officially informed of the issues back on June 1, 2017).
Adding to the muddle is the inclusion of a massive list of processors in Intel's documentation on the 20180108 package that apparently do not actually get updates (cases in point: Sarfaraz's i3-2330M and my laptop's i5-3210M).
To help answer the question, I found this:
https://news.ycombinator.com/item?id=16111433
And more specifically, these two posts within the above thread:
https://news.ycombinator.com/item?id=16112166
https://news.ycombinator.com/item?id=16117978
both of which attempt to explain the relationship between date, revision number and associated CPU, but they do not, and cannot, tell you if the update actually did anything to mitigate the current issues. Why? Because Intel does not provide that specific information and because the microcode is closed / encrypted.
Finally, ending on a "good news / bad news" note: I did find this script which attempts to summarize the Meltdown/Spectre-status of our computers (the good news):
https://www.cyberciti.biz/faq/check-lin … erability/
https://github.com/speed47/spectre-meltdown-checker
but you won't like the output on your Arch machine* (which, of course, is the bad news part ... but we already knew that).
------------
* PS - I've seen the script output from Centos and Redhat machines that show much more progress in mitigating the Spectre-part of this debacle, so what are they doing that other distros are not doing?
------------
edit: added link to 'spectre-meltdown-checker.sh' at GitHub.
Last edited by MrWeatherbee (2018-01-11 23:21:25)
Offline
#25 2018-01-11 23:28:50
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,327
Re: Intel's latest microcode does not get applied on boot.
Centos / Redhat are using out patch sets upstream has not accepted you could file a feature request and ask for those patch sets to be applied to the arch kernels or build a kernel yourself with those patch sets applied.
Offline