From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7BF65138334 for ; Sun, 14 Jul 2019 13:26:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BFA3AE082B; Sun, 14 Jul 2019 13:26:44 +0000 (UTC) Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 43A41E07DB for ; Sun, 14 Jul 2019 13:26:44 +0000 (UTC) Received: by mail-wr1-x443.google.com with SMTP id x4so14314442wrt.6 for ; Sun, 14 Jul 2019 06:26:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version; bh=SFex5rtd3zoi+kgB0lo/i/WBUqgVJG1zfnnjVcYu0RU=; b=la80Uwug8nvdVwWgE9uYc9pO75D1nc1tkp3Iz+DaOq7iwM9CUSFfg7Gd49a6An7qux frJ+yPVjq16jJZRtjOOoJ317+FvGIdxDf/+5nA3KtbHnVxAdCU+PuwbsoNm+bc8YnnlQ bpMSBOdtWpTI2situJ9yrLntRKBDPT2/sbShzjWobvUEEJmR2enXL09ALvZmE6nhDpMD f7FhPV9g+uGrNY6abbgrV8lLZ7lqODOSUI33UtuqtolJab1wekOCmqA0elHwJjtAxe4M DtHy6e5KvOSCdlWz54OcyBOgoKE2v1/7uxrNZ/5QONso9g/zPKYKxp7M/C4HlK5NdC2c qPAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version; bh=SFex5rtd3zoi+kgB0lo/i/WBUqgVJG1zfnnjVcYu0RU=; b=sFlWiz0ZAE1imdns/w69KTtmyOw9ZaDvLxL79flUOpcv15vBJMXT5afBMtGFnJCkMr 28Lgp+8ki4WKWGLCF0dNqDXI0f64Q3rq3cQ66yFlpPYv0pxpqFKkOnkvrdnV6BCF7Gum fNA6OGlDBqkspoBAF6WagcHN6Q+1/TX6W5mmywAj20v1XmYT7EJ+aI723ZKYBZIrDHUs /qdBAbOtsqWq6IGTVY8kouHch8W4SoK1JFsOJM3V/77frZMBK30FSpLHDMfVcykiocBF 1WMXymmQu9f0LPzR3wpCdisFl4Bog1wCEGA8TdISnCeGiTLbeNDmR6XZJrnelb91kOWV 3RFg== X-Gm-Message-State: APjAAAWBf8teIQ55puZ6i8kdWDawAMaaGJzkCKmNyqg4hs/fVcjJT7z0 L11ewTPtTV4bwuhVJJHZoRINk4yjybE= X-Google-Smtp-Source: APXvYqzjwf0NYE9wdcdp/Clf7tkpm4rZPQ75hu7M9al1C+aRE+nnqzKetxVU7pt/rBK3OivP1L2I5A== X-Received: by 2002:adf:ce03:: with SMTP id p3mr24999546wrn.94.1563110802693; Sun, 14 Jul 2019 06:26:42 -0700 (PDT) Received: from localhost.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by smtp.gmail.com with ESMTPSA id h16sm13700462wrv.88.2019.07.14.06.26.33 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Jul 2019 06:26:33 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] AMD microcode updates - where are they?! Date: Sun, 14 Jul 2019 14:26:24 +0100 Message-ID: <21714265.1ZXtKVbesA@localhost> In-Reply-To: <2279315.AUFcum9iNF@localhost> References: <2279315.AUFcum9iNF@localhost> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart9253569.fy2pcWxPdS"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-Archives-Salt: 5cdd0739-f4f2-4b85-8ac6-59f2fa60b4b7 X-Archives-Hash: 1ea522a03ac60cd1f1c56632d6c648dc --nextPart9253569.fy2pcWxPdS Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8" On Saturday, 13 July 2019 23:03:11 BST Mick wrote: > Unlike my old Intel which lights up like a christmas tree with "Vulnerable, > no microcode found" because Intel has thrown its users to the kerb, both > AMDs show "Not Vulnerable" and for some of the vulnerabilities it reports: > > (your CPU vendor reported your CPU model as not vulnerable) This last line made me think a bit more. Scratching around I see there are separate patch files with AMD microcode updates offered for the various CPU families. My simplistic assumption so far has been *all* CPUs of a certain family will apply the corresponding patch file microcode update, either via a new UEFI/BIOS firmware, or via the OS. Clearly this is not so. If I remove 'amd-ucode/microcode_amd_fam15h.bin' from my kernel firmware directive completely, or add amd-ucode/ patch files for every family, or even try to manually reload the microcode: echo 1 > /sys/devices/system/cpu/microcode/reload there is no change in dmesg. Clearly my CPU does not load any microcode update, other than what might be already available in the old UEFI MoBo firmware and this is loaded before the OS starts booting. Then I came across this old message regarding Piledriver CPUs: https://lists.debian.org/debian-security/2016/03/msg00084.html The post refers to model 2 of cpu family 21. Not all models in the same family, only model 2. So I am thinking although patch files are named per CPU family, whether they are applicable and applied as an update to the CPU is probably determined by the particular CPU *model*. Logically, errata in previous CPU revisions may have been fixed in later models of the same family and therefore such microcode updates would not be needed. When offered by the OS the CPU won't select to have them applied. This explains why my AMD models, which are later revisions of the same 15h family do not apply any microcode updates - they don't need them. Please share if you know differently and thank you all for your responses. -- Regards, Mick --nextPart9253569.fy2pcWxPdS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEt7MNaGaS6HvTUrEz6WnU8jC95dcFAl0rLYAACgkQ6WnU8jC9 5des7Q/5ASOIgogzVs404nyQn1sCnlN+plM3U6VY4VBUz2JJlOsqrCu5M89TNiYY /md7h9G00CjZRUcer2CsSWsF99csH8lqpDP6dzxaFERWsjdqDWu1XIe3/MSJjybg OyS4NUCGyscM42c9pUfaCyJvOu1Pvy+Xwo9SoK8C1iWhexlTKuRvMZx+1vjJAexF VSqyMAPURPYMB7bnnVbl5QFozU8Hdgfvwk1fSUDzaMOinvnUTl4ZHFmRYUceFPjU pqZr3+YJk6RE8Xu7FOrLiKU1chDsu4WEgpY2w8h5CarSCl6zu3MUohxoe3t+lLNJ SzULpa7Q0d5XVMLNCr89X0OPkVGjt28M33FPxM0a2audn2/fydfUfI92jKwG1YT/ zHBg8yhGWdVc52VAZe3IYsP89VI9x3L6R2SxMHZRnRGM3XKwMBH1yVf95kLAnUOB v5Mjv83isIitQpLGk9KkcWu2VX8qtnGNMn1xI0VGxL6XcQQ6KaduN1AhAxx7crgs xugImyQYSU1Pf6JmqJ73GCMTWP/VjFqwZqljX4qGr7k4nie1K2sLfQXotORCeZeM CIK5EmlC9xc/p34rxvAzllCGcksuieF+D6bJ6axUTF5egT0h+Nb9NhXo/rseEXD0 Fkq5wsB/Z1d9GarWyk6ox+/Cv/k2pdHqCa3jqaYirltl2gik9IM= =O07i -----END PGP SIGNATURE----- --nextPart9253569.fy2pcWxPdS--