[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ANNOUNCEMENT: Intel processor microcode security update

On Sat, 07 Sep 2013, Nate Bargmann wrote:
> I have an older P4 system with hyperthreading and it seems the updated
> microcode was loaded when I installed the package:

It was loaded, but the messages you sent do not imply an update took place.
Check for microcode messages with "updated".  If you find none, then your
BIOS already has the latest version of the microcode.

The Intel microcode update kernel driver first tells you what microcode is
installed in the processor cores, THEN it tries to update them and outputs a
messages about it if, and only if, it manages to actually update a core.

Here's the /var/log/kern.log dump of a microcode update on a Xeon X5550 box:

Kernel 3.4.60 (standard initramfs microcode update mode):
kernel: microcode: CPU0 sig=0x106a5, pf=0x1, revision=0x16
kernel: microcode: CPU1 sig=0x106a5, pf=0x1, revision=0x16
kernel: microcode: CPU2 sig=0x106a5, pf=0x1, revision=0x16
kernel: microcode: CPU3 sig=0x106a5, pf=0x1, revision=0x16
kernel: microcode: CPU4 sig=0x106a5, pf=0x1, revision=0x16
kernel: microcode: CPU5 sig=0x106a5, pf=0x1, revision=0x16
kernel: microcode: CPU6 sig=0x106a5, pf=0x1, revision=0x16
kernel: microcode: CPU7 sig=0x106a5, pf=0x1, revision=0x16
kernel: microcode: Microcode Update Driver: v2.00 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
kernel: microcode: CPU0 updated to revision 0x19, date = 2013-06-21
kernel: microcode: CPU1 updated to revision 0x19, date = 2013-06-21
kernel: microcode: CPU2 updated to revision 0x19, date = 2013-06-21
kernel: microcode: CPU3 updated to revision 0x19, date = 2013-06-21
kernel: microcode: CPU4 updated to revision 0x19, date = 2013-06-21
kernel: microcode: CPU5 updated to revision 0x19, date = 2013-06-21
kernel: microcode: CPU6 updated to revision 0x19, date = 2013-06-21
kernel: microcode: CPU7 updated to revision 0x19, date = 2013-06-21

Output for Debian stable kernel 3.2 should be almost the same as for kernel
3.4 above.

Kernel 3.10 and later (early microcode update mode):
kernel: CPU0 microcode updated early to revision 0x19, date = 2013-06-21
kernel: CPU1 microcode updated early to revision 0x19, date = 2013-06-21
kernel: CPU2 microcode updated early to revision 0x19, date = 2013-06-21
kernel: CPU3 microcode updated early to revision 0x19, date = 2013-06-21


If you don't get any of the "updated" messages, your BIOS has the latest
available microcode already.  For a P4, which is extremely unlikely to get
any further microcode updates (unlikely but not impossible, as there are
"embedded" P4 parts that have a 10-year support life and might still get an
update for whatever reason), that would mean you don't need iucode-tool and
intel-microcode on that box.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
Reply to: