I've placed patch to /etc/firmware as recommended on intel webpage and rebooted. How can I verify that patch installation has succeded ?
I've placed patch to /etc/firmware as recommended on intel webpage and rebooted. How can I verify that patch installation has succeded ?
Try dmesg
Code:dmesg |grep patch [ 1.407995] microcode: microcode updated early to new patch_level=0x0600084f [ 1.408020] microcode: CPU0: patch_level=0x0600084f [ 1.408023] microcode: CPU1: patch_level=0x0600084f [ 1.408031] microcode: CPU2: patch_level=0x0600084f [ 1.408037] microcode: CPU3: patch_level=0x0600084f [ 1.408044] microcode: CPU4: patch_level=0x0600084f [ 1.408052] microcode: CPU5: patch_level=0x0600084f [ 1.408059] microcode: CPU6: patch_level=0x0600084f [ 1.408065] microcode: CPU7: patch_level=0x0600084f
P.S Installation is bad wording, loaded would be a better description.
Thank you.
It seems that patch isn't loaded:
Code:[u@fedora ~]$ dmesg | grep patch [u@fedora ~]$ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x1c, date = 2015-02-26 [ 1.580344] microcode: sig=0x306a9, pf=0x10, revision=0x1c [ 1.580697] microcode: Microcode Update Driver: v2.2. [u@fedora ~]$
microcode is loaded early by initramfs so you will probably need to rebuild it.
You should see it listed in the build logCode:sudo dracut -f -vvv
The other possibility is that CPU is not supported anymore. Like Ivy Bridge/Sandy Bridge.
Download, Install and Share Fedora - Official ISO Torrents | Live ISO Respins containing post-release updates
Not sure about official status, unofficially there weren't a microcode update for these CPU architectures for almost 3 years. What is boycottsystemd seeing is what I am seeing as well. Although I am on Fedora 25 where there are not upgrades anymore, I don't expect one.
In order to not all stay just on words.
After a reboot:Code:$ sudo dnf --releasever 26 --disablerepo \* --enablerepo updates-testing upgrade microcode_ctl $ rpm -q microcode_ctl microcode_ctl-2.1-20.fc26.x86_64 $ sudo dracut -vf --kver $(uname -r) dracut: Executing: /usr/bin/dracut -vf --kver 4.13.16-100.fc25.x86_64 dracut: dracut module 'busybox' will not be installed, because command 'busybox' could not be found! dracut: dracut module 'biosdevname' will not be installed, because command 'biosdevname' could not be found! dracut: dracut module 'busybox' will not be installed, because command 'busybox' could not be found! dracut: *** Including module: bash *** dracut: *** Including module: systemd *** dracut: *** Including module: systemd-initrd *** dracut: *** Including module: nss-softokn *** dracut: *** Including module: i18n *** dracut: *** Including module: network *** dracut: *** Including module: ifcfg *** dracut: *** Including module: drm *** dracut: *** Including module: plymouth *** dracut: *** Including module: kernel-modules *** dracut: *** Including module: kernel-network-modules *** dracut: *** Including module: rootfs-block *** dracut: *** Including module: terminfo *** dracut: *** Including module: udev-rules *** dracut: Skipping udev rule: 40-redhat.rules dracut: Skipping udev rule: 50-firmware.rules dracut: Skipping udev rule: 50-udev.rules dracut: Skipping udev rule: 91-permissions.rules dracut: Skipping udev rule: 80-drivers-modprobe.rules dracut: *** Including module: dracut-systemd *** dracut: *** Including module: usrmount *** dracut: *** Including module: base *** dracut: *** Including module: fs-lib *** dracut: *** Including module: shutdown *** dracut: *** Including modules done *** dracut: *** Installing kernel module dependencies *** dracut: *** Installing kernel module dependencies done *** dracut: *** Resolving executable dependencies *** dracut: *** Resolving executable dependencies done*** dracut: *** Hardlinking files *** dracut: *** Hardlinking files done *** dracut: *** Stripping files *** dracut: *** Stripping files done *** dracut: *** Generating early-microcode cpio image *** dracut: *** Constructing GenuineIntel.bin **** dracut: *** Store current command line parameters *** dracut: *** Creating image file '/boot/initramfs-4.13.16-100.fc25.x86_64.img' *** dracut: *** Creating initramfs image file '/boot/initramfs-4.13.16-100.fc25.x86_64.img' done *** $ ls -l /boot/initramfs-$(uname -r).img -rw-------. 1 root root 19028265 Jan 12 10:22 /boot/initramfs-4.13.16-100.fc25.x86_64.img
Code:$ uname -r 4.13.16-100.fc25.x86_64 $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x1c, date = 2015-02-26 [ 0.682853] microcode: sig=0x306a9, pf=0x2, revision=0x1c [ 0.683623] microcode: Microcode Update Driver: v2.2.
what is concerning is that Intel are now aware of a bug in the microcode update that needs addressing. I guess it's what comes from knee-jerk patching without sufficient internal development and testing.
Source: https://newsroom.intel.com/news/inte...reboot-issues/As Intel CEO Brian Krzanich emphasized in his Security-First Pledge, Intel is committed to transparency in reporting progress in handling the Google Project Zero exploits.
We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue.
End-users should continue to apply updates recommended by their system and operating system providers.
Download, Install and Share Fedora - Official ISO Torrents | Live ISO Respins containing post-release updates
I am afraid that are just words to silence the masses, there are no intentions to support it anymore. But that is alright, developers with work around these issues in software.
I've tried it and there was some error:
Code:# rpm -q microcode_ctl microcode_ctl-2.1-19.fc26.x86_64 # dracut -vf --kver $(uname -r) dracut: Executing: /usr/bin/dracut -vf --kver 4.14.11-200.fc26.x86_64 dracut: dracut module 'busybox' will not be installed, because command 'busybox' could not be found! dracut: dracut module 'busybox' will not be installed, because command 'busybox' could not be found! dracut: *** Including module: bash *** dracut: *** Including module: systemd *** dracut: *** Including module: systemd-initrd *** dracut: *** Including module: nss-softokn *** dracut: *** Including module: i18n *** dracut: *** Including module: network *** dracut: *** Including module: ifcfg *** dracut: *** Including module: drm *** dracut: *** Including module: plymouth *** dracut: *** Including module: kernel-modules *** dracut: *** Including module: kernel-network-modules *** dracut: *** Including module: rootfs-block *** dracut: *** Including module: terminfo *** dracut: *** Including module: udev-rules *** dracut: Skipping udev rule: 40-redhat.rules dracut: Skipping udev rule: 50-firmware.rules dracut: Skipping udev rule: 50-udev.rules dracut: Skipping udev rule: 91-permissions.rules dracut: Skipping udev rule: 80-drivers-modprobe.rules dracut: *** Including module: biosdevname *** dracut: *** Including module: dracut-systemd *** dracut: *** Including module: usrmount *** dracut: *** Including module: base *** dracut: *** Including module: fs-lib *** dracut: *** Including module: shutdown *** dracut: *** Including modules done *** dracut: *** Installing kernel module dependencies *** dracut: *** Installing kernel module dependencies done *** dracut: *** Resolving executable dependencies *** dracut: *** Resolving executable dependencies done*** dracut: *** Hardlinking files *** dracut: *** Hardlinking files done *** dracut: *** Stripping files *** dracut: *** Stripping files done *** dracut: *** Generating early-microcode cpio image *** dracut: *** Constructing GenuineIntel.bin **** dracut: *** Store current command line parameters *** dracut: *** Creating image file '/boot/initramfs-4.14.11-200.fc26.x86_64.img' *** cat: write error: Broken pipe dracut: *** Creating initramfs image file '/boot/initramfs-4.14.11-200.fc26.x86_64.img' done *** # ls -l /boot/initramfs-$(uname -r).img -rw------- 1 root root 21059908 12 Jan 11:56 /boot/initramfs-4.14.11-200.fc26.x86_64.img
After reboot:
Code:$ uname -a Linux fedora 4.14.11-200.fc26.x86_64 #1 SMP Wed Jan 3 13:58:53 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x1c, date = 2015-02-26 [ 1.572208] microcode: sig=0x306a9, pf=0x10, revision=0x1c [ 1.572558] microcode: Microcode Update Driver: v2.2.
Does this microcode update also patch Meltdown?
Seitensprung
Last edited by Texas; 27th February 2018 at 11:29 AM.
No, Meltdown is not possible to fix without redesigning CPU architecture entirely it seems. It might take a while before it is fixed even with new CPUs. There was a workaround merged to kernel 4.14.11. What it does is basically flushes cache every time so that there is nothing to read from it which affects performance in some scenarios.
the patch is for meltdown but so far only applies to a limited set of processors. more will be patched in the coming weeks.
https://www.wired.com/story/meltdown...erability-fix/
Download, Install and Share Fedora - Official ISO Torrents | Live ISO Respins containing post-release updates