You are not logged in.

Pages: 1

#1 2026-01-02 12:54:48

vxvwxv
Member
Registered: 2025-06-17
Posts: 7

[SOLVED] Unified Kernel Image does not load embedded microcode

I have set up a UKI using the following configuration:

$ cat /etc/mkinitcpio.d/linux.preset 
# mkinitcpio preset file for the 'linux' package

#ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz-linux"
#ALL_kerneldest="/boot/vmlinuz-linux"

PRESETS=('default')

#default_config="/etc/mkinitcpio.conf"
#default_image="/boot/initramfs-linux.img"
default_uki="/boot/EFI/BOOT/grubx64.efi"
default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp"
$ cat /etc/mkinitcpio.conf
MODULES=()
BINARIES=()
FILES=()
HOOKS=(base systemd microcode autodetect modconf kms keyboard sd-vconsole sd-encrypt block lvm2 filesystems fsck)
$ cat /etc/kernel/cmdline 
rd.luks.name=abcd-efgh-ijkl-mnop-qrst=root root=/dev/mapper/root rw rootfstype=ext4 zswap.enabled=0 rd.shell=0 rd.emergency=reboot intel_iommu=on

To create UKI, systemd-ukify is used with the following config:

$ cat /etc/kernel/uki.conf 
[UKI]
OSRelease=@/etc/os-release
PCRBanks=sha256

SecureBootPrivateKey=/etc/kernel/MOK.key
SecureBootCertificate=/etc/kernel/MOK.crt
SignKernel=yes
SecureBootSigningTool=systemd-sbsign

Microcode=/boot/intel-ucode.img

[PCRSignature:initrd]
Phases=enter-initrd
PCRPrivateKey=/etc/kernel/pcr-initrd.key.pem
PCRPublicKey=/etc/kernel/pcr-initrd.pub.pem

Installed kernel, microcode, ukify and mkinitcpio versions:

$ pacman -Q linux intel-ucode mkinitcpio systemd-ukify
linux 6.18.2.arch2-1
intel-ucode 20251111-1
mkinitcpio 40-4
systemd-ukify 259-1

I have generated the UKI using mkinitcpio -P after configuring it. The UKI contains .ucode section:

$ run0 ukify inspect /boot/EFI/BOOT/grubx64.efi
.sbat:
  size: 323 bytes
  sha256: 601e3b08d9eb980074838d217dfbb3840f1f2561584007e9f020bc24bcf20e2b
  text:
    sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
    systemd-stub,1,The systemd Developers,systemd,259,https://systemd.io/
    systemd-stub.arch,1,Arch Linux,systemd,259,https://archlinux.org/packages/core/x86_64/systemd/
    uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/
.osrel:
  size: 408 bytes
  sha256: 3e08c22c65ed1762f34a8e65a888b4c000fca3bd50c19e214c9a52e4f33369fc
  text:
    VERSION_ID=6.18.2-arch2-1
    NAME="Arch Linux"
    PRETTY_NAME="Arch Linux"
.cmdline:
.uname:
  size: 14 bytes
  text:
    6.18.2-arch2-1
.splash:
  size: 378226 bytes
.pcrpkey:
  size: 451 bytes
.linux:
  size: 16606816 bytes
.initrd:
  size: 47355486 bytes
.ucode:
  size: 14934016 bytes
  sha256: 1b3b4004ad12e62d6757e87ae08c058def66832e5cd1d37c97a948f8a31f99f5
.pcrsig:
  size: 534 bytes

My CPU is Intel(R) Core(TM) Ultra 7 255U (which belongs to Core Ultra Processor (Series 2) product collection). According to github, the old version for my processor should be 00000119 and the new one is 0000011a.

The output from journal and cpuinfo shows that microcode is outdated (see microcode-20250512 release on github):

$ journalctl -k --grep microcode
jan 02 10:00:51 archlinux kernel: microcode: Current revision: 0x0000000a
jan 02 10:00:51 archlinux kernel: microcode: Updated early from: 0x00000009
$grep microcode /proc/cpuinfo
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa
microcode       : 0xa

The microcode is specified in mkinitcpio configuration as well as in uki.conf, the .ucode section is also present in the UKI. Despite all of that, it seems that initial microcode (from UEFI?) is loaded. What am I doing wrong?

Last edited by vxvwxv (2026-01-02 13:36:50)

Offline

#2 2026-01-02 13:10:53

Scimmia
Fellow
Registered: 2012-09-01
Posts: 13,593

Re: [SOLVED] Unified Kernel Image does not load embedded microcode

See where it says "Updated early from"? That means that is *is* loading the microcode in the UKI.
https://wiki.archlinux.org/title/Microc … ode_update

Offline

#3 2026-01-02 13:29:23

vxvwxv
Member
Registered: 2025-06-17
Posts: 7

Re: [SOLVED] Unified Kernel Image does not load embedded microcode

Scimmia wrote:

See where it says "Updated early from"? That means that is *is* loading the microcode in the UKI.
https://wiki.archlinux.org/title/Microc … ode_update

Thanks for your answer. Here is the output, but I am a bit confused by If an update is available, it should show up below selected microcodes. I have a line after selected microcodes, but not sure how to "read" it (do I have an update available? how do I get it then? etc).

$ iucode_tool -lS /usr/lib/firmware/intel-ucode/
iucode_tool: system has processor(s) with signature 0x000b0650
microcode bundle 1: /usr/lib/firmware/intel-ucode/06-5c-09
microcode bundle 2: /usr/lib/firmware/intel-ucode/06-9e-09
microcode bundle 3: /usr/lib/firmware/intel-ucode/0f-06-02
microcode bundle 4: /usr/lib/firmware/intel-ucode/06-1a-04
microcode bundle 5: /usr/lib/firmware/intel-ucode/06-07-02
microcode bundle 6: /usr/lib/firmware/intel-ucode/06-1c-02
microcode bundle 7: /usr/lib/firmware/intel-ucode/06-0a-01
microcode bundle 8: /usr/lib/firmware/intel-ucode/06-8e-0c
microcode bundle 9: /usr/lib/firmware/intel-ucode/06-a6-01
microcode bundle 10: /usr/lib/firmware/intel-ucode/06-07-03
microcode bundle 11: /usr/lib/firmware/intel-ucode/06-47-01
microcode bundle 12: /usr/lib/firmware/intel-ucode/06-8c-02
microcode bundle 13: /usr/lib/firmware/intel-ucode/06-6a-05
microcode bundle 14: /usr/lib/firmware/intel-ucode/0f-06-04
microcode bundle 15: /usr/lib/firmware/intel-ucode/06-9e-0b
microcode bundle 16: /usr/lib/firmware/intel-ucode/0f-04-01
microcode bundle 17: /usr/lib/firmware/intel-ucode/06-9e-0d
microcode bundle 18: /usr/lib/firmware/intel-ucode/06-8e-09
microcode bundle 19: /usr/lib/firmware/intel-ucode/06-5f-01
microcode bundle 20: /usr/lib/firmware/intel-ucode/06-aa-04
microcode bundle 21: /usr/lib/firmware/intel-ucode/06-0e-08
microcode bundle 22: /usr/lib/firmware/intel-ucode/06-b7-01
microcode bundle 23: /usr/lib/firmware/intel-ucode/06-4e-03
microcode bundle 24: /usr/lib/firmware/intel-ucode/06-bf-05
microcode bundle 25: /usr/lib/firmware/intel-ucode/06-66-03
microcode bundle 26: /usr/lib/firmware/intel-ucode/06-09-05
microcode bundle 27: /usr/lib/firmware/intel-ucode/0f-00-07
microcode bundle 28: /usr/lib/firmware/intel-ucode/06-06-00
microcode bundle 29: /usr/lib/firmware/intel-ucode/06-1d-01
microcode bundle 30: /usr/lib/firmware/intel-ucode/06-3f-02
microcode bundle 31: /usr/lib/firmware/intel-ucode/06-16-01
microcode bundle 32: /usr/lib/firmware/intel-ucode/06-0f-06
microcode bundle 33: /usr/lib/firmware/intel-ucode/06-25-02
microcode bundle 34: /usr/lib/firmware/intel-ucode/0f-06-08
microcode bundle 35: /usr/lib/firmware/intel-ucode/06-ba-03
microcode bundle 36: /usr/lib/firmware/intel-ucode/0f-04-04
microcode bundle 37: /usr/lib/firmware/intel-ucode/06-9e-0c
microcode bundle 38: /usr/lib/firmware/intel-ucode/06-9a-04
microcode bundle 39: /usr/lib/firmware/intel-ucode/0f-02-09
microcode bundle 40: /usr/lib/firmware/intel-ucode/0f-06-05
microcode bundle 41: /usr/lib/firmware/intel-ucode/06-55-03
microcode bundle 42: /usr/lib/firmware/intel-ucode/06-af-03
microcode bundle 43: /usr/lib/firmware/intel-ucode/06-bf-02
microcode bundle 44: /usr/lib/firmware/intel-ucode/0f-04-07
microcode bundle 45: /usr/lib/firmware/intel-ucode/06-56-03
microcode bundle 46: /usr/lib/firmware/intel-ucode/06-0b-01
microcode bundle 47: /usr/lib/firmware/intel-ucode/06-3e-07
microcode bundle 48: /usr/lib/firmware/intel-ucode/06-97-05
microcode bundle 49: /usr/lib/firmware/intel-ucode/06-2d-07
microcode bundle 50: /usr/lib/firmware/intel-ucode/06-06-05
microcode bundle 51: /usr/lib/firmware/intel-ucode/06-06-0d
microcode bundle 52: /usr/lib/firmware/intel-ucode/06-08-06
microcode bundle 53: /usr/lib/firmware/intel-ucode/0f-04-08
microcode bundle 54: /usr/lib/firmware/intel-ucode/06-3e-06
microcode bundle 55: /usr/lib/firmware/intel-ucode/06-8c-01
microcode bundle 56: /usr/lib/firmware/intel-ucode/06-1a-05
microcode bundle 57: /usr/lib/firmware/intel-ucode/06-cf-02
microcode bundle 58: /usr/lib/firmware/intel-ucode/06-0f-0b
microcode bundle 59: /usr/lib/firmware/intel-ucode/06-7e-05
microcode bundle 60: /usr/lib/firmware/intel-ucode/06-05-02
microcode bundle 61: /usr/lib/firmware/intel-ucode/06-0a-00
microcode bundle 62: /usr/lib/firmware/intel-ucode/06-ae-01
microcode bundle 63: /usr/lib/firmware/intel-ucode/06-07-01
microcode bundle 64: /usr/lib/firmware/intel-ucode/0f-04-03
microcode bundle 65: /usr/lib/firmware/intel-ucode/0f-02-04
microcode bundle 66: /usr/lib/firmware/intel-ucode/0f-04-09
microcode bundle 67: /usr/lib/firmware/intel-ucode/06-55-0b
microcode bundle 68: /usr/lib/firmware/intel-ucode/06-c6-02
microcode bundle 69: /usr/lib/firmware/intel-ucode/06-0b-04
microcode bundle 70: /usr/lib/firmware/intel-ucode/0f-03-02
microcode bundle 71: /usr/lib/firmware/intel-ucode/06-2a-07
microcode bundle 72: /usr/lib/firmware/intel-ucode/06-26-01
microcode bundle 73: /usr/lib/firmware/intel-ucode/06-3d-04
microcode bundle 74: /usr/lib/firmware/intel-ucode/06-17-0a
microcode bundle 75: /usr/lib/firmware/intel-ucode/06-2f-02
microcode bundle 76: /usr/lib/firmware/intel-ucode/06-05-01
microcode bundle 77: /usr/lib/firmware/intel-ucode/06-5c-02
microcode bundle 78: /usr/lib/firmware/intel-ucode/06-0e-0c
microcode bundle 79: /usr/lib/firmware/intel-ucode/06-a7-01
microcode bundle 80: /usr/lib/firmware/intel-ucode/06-55-07
microcode bundle 81: /usr/lib/firmware/intel-ucode/06-05-00
microcode bundle 82: /usr/lib/firmware/intel-ucode/06-05-03
microcode bundle 83: /usr/lib/firmware/intel-ucode/0f-00-0a
microcode bundle 84: /usr/lib/firmware/intel-ucode/06-5c-0a
microcode bundle 85: /usr/lib/firmware/intel-ucode/06-8f-07
microcode bundle 86: /usr/lib/firmware/intel-ucode/06-06-0a
microcode bundle 87: /usr/lib/firmware/intel-ucode/06-0f-02
microcode bundle 88: /usr/lib/firmware/intel-ucode/0f-02-05
microcode bundle 89: /usr/lib/firmware/intel-ucode/06-17-07
microcode bundle 90: /usr/lib/firmware/intel-ucode/06-9a-03
microcode bundle 91: /usr/lib/firmware/intel-ucode/06-17-06
microcode bundle 92: /usr/lib/firmware/intel-ucode/0f-02-07
microcode bundle 93: /usr/lib/firmware/intel-ucode/06-6a-06
microcode bundle 94: /usr/lib/firmware/intel-ucode/06-56-04
microcode bundle 95: /usr/lib/firmware/intel-ucode/06-55-05
microcode bundle 96: /usr/lib/firmware/intel-ucode/06-8e-0a
microcode bundle 97: /usr/lib/firmware/intel-ucode/06-8a-01
microcode bundle 98: /usr/lib/firmware/intel-ucode/06-96-01
microcode bundle 99: /usr/lib/firmware/intel-ucode/06-a5-05
microcode bundle 100: /usr/lib/firmware/intel-ucode/06-0d-06
microcode bundle 101: /usr/lib/firmware/intel-ucode/06-6c-01
microcode bundle 102: /usr/lib/firmware/intel-ucode/06-97-02
microcode bundle 103: /usr/lib/firmware/intel-ucode/06-ad-01
microcode bundle 104: /usr/lib/firmware/intel-ucode/06-1e-05
microcode bundle 105: /usr/lib/firmware/intel-ucode/06-8d-01
microcode bundle 106: /usr/lib/firmware/intel-ucode/06-0f-0d
microcode bundle 107: /usr/lib/firmware/intel-ucode/06-4c-03
microcode bundle 108: /usr/lib/firmware/intel-ucode/06-a5-02
microcode bundle 109: /usr/lib/firmware/intel-ucode/06-0f-0a
microcode bundle 110: /usr/lib/firmware/intel-ucode/06-ba-02
microcode bundle 111: /usr/lib/firmware/intel-ucode/06-08-03
microcode bundle 112: /usr/lib/firmware/intel-ucode/0f-01-02
microcode bundle 113: /usr/lib/firmware/intel-ucode/06-be-00
microcode bundle 114: /usr/lib/firmware/intel-ucode/06-56-02
microcode bundle 115: /usr/lib/firmware/intel-ucode/06-0f-07
microcode bundle 116: /usr/lib/firmware/intel-ucode/06-08-01
microcode bundle 117: /usr/lib/firmware/intel-ucode/06-45-01
microcode bundle 118: /usr/lib/firmware/intel-ucode/06-4c-04
microcode bundle 119: /usr/lib/firmware/intel-ucode/06-bd-01
microcode bundle 120: /usr/lib/firmware/intel-ucode/06-3f-04
microcode bundle 121: /usr/lib/firmware/intel-ucode/0f-04-0a
microcode bundle 122: /usr/lib/firmware/intel-ucode/06-4d-08
microcode bundle 123: /usr/lib/firmware/intel-ucode/06-3c-03
microcode bundle 124: /usr/lib/firmware/intel-ucode/06-c5-02
microcode bundle 125: /usr/lib/firmware/intel-ucode/06-7a-08
microcode bundle 126: /usr/lib/firmware/intel-ucode/06-2d-06
microcode bundle 127: /usr/lib/firmware/intel-ucode/06-8f-08
microcode bundle 128: /usr/lib/firmware/intel-ucode/0f-02-06
microcode bundle 129: /usr/lib/firmware/intel-ucode/06-55-04
microcode bundle 130: /usr/lib/firmware/intel-ucode/06-9e-0a
microcode bundle 131: /usr/lib/firmware/intel-ucode/06-2c-02
microcode bundle 132: /usr/lib/firmware/intel-ucode/06-56-05
microcode bundle 133: /usr/lib/firmware/intel-ucode/06-a6-00
microcode bundle 134: /usr/lib/firmware/intel-ucode/06-03-02
microcode bundle 135: /usr/lib/firmware/intel-ucode/06-25-05
microcode bundle 136: /usr/lib/firmware/intel-ucode/06-a5-03
microcode bundle 137: /usr/lib/firmware/intel-ucode/0f-03-03
microcode bundle 138: /usr/lib/firmware/intel-ucode/06-1c-0a
microcode bundle 139: /usr/lib/firmware/intel-ucode/06-37-09
microcode bundle 140: /usr/lib/firmware/intel-ucode/06-8e-0b
microcode bundle 141: /usr/lib/firmware/intel-ucode/06-46-01
microcode bundle 142: /usr/lib/firmware/intel-ucode/06-5e-03
microcode bundle 143: /usr/lib/firmware/intel-ucode/06-b5-00
microcode bundle 144: /usr/lib/firmware/intel-ucode/06-3a-09
microcode bundle 145: /usr/lib/firmware/intel-ucode/06-3e-04
microcode bundle 146: /usr/lib/firmware/intel-ucode/06-9c-00
microcode bundle 147: /usr/lib/firmware/intel-ucode/06-7a-01
microcode bundle 148: /usr/lib/firmware/intel-ucode/06-37-08
microcode bundle 149: /usr/lib/firmware/intel-ucode/06-2e-06
microcode bundle 150: /usr/lib/firmware/intel-ucode/06-08-0a
microcode bundle 151: /usr/lib/firmware/intel-ucode/0f-03-04
selected microcodes:
  143/001: sig 0x000b0650, pf_mask 0x80, 2025-03-18, rev 0x000a, size 136192

Last edited by vxvwxv (2026-01-02 13:31:16)

Offline

#4 2026-01-02 13:32:58

Scimmia
Fellow
Registered: 2012-09-01
Posts: 13,593

Re: [SOLVED] Unified Kernel Image does not load embedded microcode

It's saying that that's the version available for your specific processor. "rev 0x000a"

Offline

#5 2026-01-02 13:36:19

vxvwxv
Member
Registered: 2025-06-17
Posts: 7

Re: [SOLVED] Unified Kernel Image does not load embedded microcode

Scimmia wrote:

It's saying that that's the version available for your specific processor. "rev 0x000a"

Alright, now I got it. Thanks for help.

Offline

#6 2026-01-17 19:57:51

benjarobin
Member
Registered: 2009-09-04
Posts: 20

Re: [SOLVED] Unified Kernel Image does not load embedded microcode

For information, the /etc/kernel/uki.conf of the first post is "wrong" and will introduce bugs. See https://github.com/systemd/systemd/issu … 3764207106
You should not set Phases= only to enter-initrd. You should have a at least a PCRSignature section with the others phases. Or simply do not set Phases=, in this case proper default is going to be used.

Offline

Pages: 1

Board footer

Powered by FluxBB