[gentoo-user] Microcode updates for "old" Intel CPU's

[gentoo-user] Microcode updates for "old" Intel CPU's

[Taiidan]

I have several sandy/ivybridge CPU's and I was wondering if anyone knows 
as to if intel is releasing microcode updates for them.

It sure would be funny if intel wanted you to buy a new CPU to fix a 
problem that was their fault to begin with.

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Peter Humphrey]

On Sunday, 7 January 2018 20:46:52 GMT Taiidan@gmx.com wrote:
> I have several sandy/ivybridge CPU's and I was wondering if anyone knows
> as to if intel is releasing microcode updates for them.
> 
> It sure would be funny if intel wanted you to buy a new CPU to fix a
> problem that was their fault to begin with.

Welcome to unbridled capitalism, USA-style.

-- 
Regards,
Peter.

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[R0b0t1]

On Sunday, 7 January 2018 20:46:52 GMT Taiidan@gmx.com wrote:
> I have several sandy/ivybridge CPU's and I was wondering if anyone knows
> as to if intel is releasing microcode updates for them.
>
> It sure would be funny if intel wanted you to buy a new CPU to fix a
> problem that was their fault to begin with.

As I found explained elsewhere, what can be done with microcode
updates is actually very limited. It was claimed that most often Intel
would use updates to disable features, permanently, and could not do
much more with microcode. This agrees with my understanding of
electronics, though I originally did think that slightly more was
possible. Perhaps they could disable some cache functionality or
speculative execution, but you would still be left with the
performance penalties of most of the code-based fixes.

In any case, using my original expectations, I would not expect them
to be able to modify the behavior of the execution units in such a
fundamental way. If great changes are possible with microcode then
Intel's processors are actually closer to FPGAs, which I do not think
is likely, as FPGAs are very power and space inefficient.


On Sun, Jan 7, 2018 at 6:00 PM, Peter Humphrey <peter@prh.myzen.co.uk> wrote:
> Welcome to unbridled capitalism, USA-style.
>

I have a mobile device that I noticed had a severe reduction in
battery life mid-November, about the time the patches were rolled out
by Microsoft. I may have to look at legal action in this regard, as
now the device is unusable. I assumed it was compromised anyway and
would prefer the performance back.

Cheers,
     R0b0t1

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 715 bytes --]

On Mon, Jan 8, 2018 at 7:46 AM, Taiidan@gmx.com <Taiidan@gmx.com> wrote:

> I have several sandy/ivybridge CPU's and I was wondering if anyone knows
> as to if intel is releasing microcode updates for them.
>

Its been reported they said they will "provide firmware updates by the end
of next week for 90% of all CPU models it released in the past five years"
and i think that referred to last week. For ~amd64 this came through on
Friday. I guess an md5sum of the relevant file before and after this update
may provide some indication.
Fri Jan  5 20:22:21 2018 >>> sys-firmware/intel-microcode-20171117_p20171215

Sound like Spectre fixes will involve a combination of new CPU microcode
and software code updates.

[-- Attachment #2: Type: text/html, Size: 1246 bytes --]

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Corbin Bird]

On 01/07/2018 02:46 PM, Taiidan@gmx.com wrote:
> I have several sandy/ivybridge CPU's and I was wondering if anyone
> knows as to if intel is releasing microcode updates for them.
>
> It sure would be funny if intel wanted you to buy a new CPU to fix a
> problem that was their fault to begin with.
>
>
Do you remember the x87 bugs discovered in the original i586 Pentiums?
Never fixed.
Still built into every Intel CPU.
Intel does NOT replace "defective-by-design" hardware.
Instead, every OS is required to "software emulate" the FPU.

Search for "errata-not-bug".
Intel's term for their screw-ups in their CPUs.

Intel is only releasing patch code for the last five years of products.

And ... if you read up on the "e-mails" being posted ...
... It looks as if Intel is NOT going to fix this in future CPUs either.
Instead, every OS will be required to "work-around-this".

Perhaps the reason "someone" tried to implicate this effects ALL CPU
architectures?
( IBM RISC 6000, PowerPC, DEC Alpha, IBM System/390, Sun SPARC64, for
example )

Intel did try to make their "patch" mandatory for AMD CPUs ( with NO
disable switch ).
Why?
Think about it.

Corbin

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1407 bytes --]

On Monday, 8 January 2018 17:47:03 GMT Corbin Bird wrote:
> On 01/07/2018 02:46 PM, Taiidan@gmx.com wrote:
> > I have several sandy/ivybridge CPU's and I was wondering if anyone
> > knows as to if intel is releasing microcode updates for them.
> > 
> > It sure would be funny if intel wanted you to buy a new CPU to fix a
> > problem that was their fault to begin with.
> 
> Do you remember the x87 bugs discovered in the original i586 Pentiums?
> Never fixed.
> Still built into every Intel CPU.
> Intel does NOT replace "defective-by-design" hardware.
> Instead, every OS is required to "software emulate" the FPU.
> 
> Search for "errata-not-bug".
> Intel's term for their screw-ups in their CPUs.
> 
> Intel is only releasing patch code for the last five years of products.
> 
> And ... if you read up on the "e-mails" being posted ...
> ... It looks as if Intel is NOT going to fix this in future CPUs either.
> Instead, every OS will be required to "work-around-this".
> 
> Perhaps the reason "someone" tried to implicate this effects ALL CPU
> architectures?
> ( IBM RISC 6000, PowerPC, DEC Alpha, IBM System/390, Sun SPARC64, for
> example )
> 
> Intel did try to make their "patch" mandatory for AMD CPUs ( with NO
> disable switch ).
> Why?
> Think about it.
> 
> Corbin

So what affordable and available CPUs should one be looking into for a new 
desktop build?

Also, laptops?

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Luigi Mantellini]

[-- Attachment #1: Type: text/plain, Size: 1185 bytes --]

I have a less-two-old N3700 CPU on a Asrock N3700-ITX board that (was)is
perfect for my NAS, but without pcid instruction that mitigates the last
pti patches slowdown.
Asrock said nothing about the microcode/bios update and I asked for
warranty return because I consider a factory defect but I think that I will
fight with the seller.
BTW, the European Community Law requires at least 2 years of warranty
coverage on factory defects... Proud to be European.

ciao

luigi



On Mon, Jan 8, 2018 at 1:00 AM, Peter Humphrey <peter@prh.myzen.co.uk>
wrote:

> On Sunday, 7 January 2018 20:46:52 GMT Taiidan@gmx.com wrote:
> > I have several sandy/ivybridge CPU's and I was wondering if anyone knows
> > as to if intel is releasing microcode updates for them.
> >
> > It sure would be funny if intel wanted you to buy a new CPU to fix a
> > problem that was their fault to begin with.
>
> Welcome to unbridled capitalism, USA-style.
>
> --
> Regards,
> Peter.
>
>
>


-- 
Luigi 'Comio' Mantellini
R&D - Software
Industrie Dial Face S.p.A.
Via Canzo, 4
20068 Peschiera Borromeo (MI), Italy

Tel.: +39 02 5167 2813
Fax: +39 02 5167 2459
web: www.idf-hit.com
mail: luigi.mantellini@idf-hit.com

[-- Attachment #2: Type: text/html, Size: 2050 bytes --]

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Corbin Bird]

[-- Attachment #1: Type: text/plain, Size: 2636 bytes --]



On 01/09/2018 01:56 AM, Mick wrote:
> On Monday, 8 January 2018 17:47:03 GMT Corbin Bird wrote:
>> On 01/07/2018 02:46 PM, Taiidan@gmx.com wrote:
>>> I have several sandy/ivybridge CPU's and I was wondering if anyone
>>> knows as to if intel is releasing microcode updates for them.
>>>
>>> It sure would be funny if intel wanted you to buy a new CPU to fix a
>>> problem that was their fault to begin with.
>> Do you remember the x87 bugs discovered in the original i586 Pentiums?
>> Never fixed.
>> Still built into every Intel CPU.
>> Intel does NOT replace "defective-by-design" hardware.
>> Instead, every OS is required to "software emulate" the FPU.
>>
>> Search for "errata-not-bug".
>> Intel's term for their screw-ups in their CPUs.
>>
>> Intel is only releasing patch code for the last five years of products.
>>
>> And ... if you read up on the "e-mails" being posted ...
>> ... It looks as if Intel is NOT going to fix this in future CPUs either.
>> Instead, every OS will be required to "work-around-this".
>>
>> Perhaps the reason "someone" tried to implicate this effects ALL CPU
>> architectures?
>> ( IBM RISC 6000, PowerPC, DEC Alpha, IBM System/390, Sun SPARC64, for
>> example )
>>
>> Intel did try to make their "patch" mandatory for AMD CPUs ( with NO
>> disable switch ).
>> Why?
>> Think about it.
>>
>> Corbin
> So what affordable and available CPUs should one be looking into for a new 
> desktop build?
>
> Also, laptops?
>

At this point, the only sure bet, is a non x86, x86_64, ARM, ARM64 CPU.

Don't know enough to make a recommendation on a particular CPU arch at
this point.

Try asking Taiidan@gmx.com  or Ian Zimmerman ( both on gentoo-users
mailing list ) about PPC/PPC64.

Re-post of saved e-mail :
> On 12/25/2017 06:33 PM, Ian Zimmerman wrote:
>
>> On 2017-12-24 14:44, Taiidan@gmx.com wrote:
>>
>>> POWER 9: TALOS 2 (server/workstation, brand new and very high
>>> performance - the only brand new hardware that is legitimately libre)
>> This is interesting, but can it run gentoo?  There's a handbook edition
>> for PPC64, but that's not quite the same, is it?
> It is.
> PPC64 is big endian, PPC64LE is little endian.
>
> POWER8/9 are Bi-Endian so you can use both (most linux distros only
> support little)
>
> PPC64 compile covers PowerPC and POWER.
>
>
> TALOS 2 is an end user obtainable derivative of the Romulus POWER 9
> development board, there are a variety of modifications and it is more
> open source than Romulus - you can also pay for it with bitcoin.
> It supports dual sforza CPU's which have up to 24 cores per socket
> with SMT4 (4 threads at the same time per core) 




[-- Attachment #2: Type: text/html, Size: 3900 bytes --]

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Rich Freeman]

On Tue, Jan 9, 2018 at 8:33 PM, Corbin Bird <corbinbird@charter.net> wrote:
>
> On 01/09/2018 01:56 AM, Mick wrote:
>
> At this point, the only sure bet, is a non x86, x86_64, ARM, ARM64 CPU.
>
> Don't know enough to make a recommendation on a particular CPU arch at this
> point.
>

Good luck with that...

If you aren't hearing about Spectre fixes for a CPU it is most likely
because it is so obscure that nobody has bothered to check whether it
is vulnerable.

Sure, there are some CPUs that have been tested and found to be ok.
However, almost anything modern is vulnerable to spectre.  I just
wasn't something that was on anybody's radar.  New CPUs are likely to
be resistant to these types of attacks regardless of vendor.

Sure, if I was about to place an order for 1000 CPUs tomorrow I'd
probably pick AMD over Intel to avoid the PTI overhead, but that is
about as far as I'd let these vulnerabilities affect purchase
decisions.  There are lots of good reasons to go with ARM vs x86, but
this isn't really one of them.  And outside of x86/ARM I think almost
any other CPU choice is going to be a niche item.

-- 
Rich

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Mick]

[-- Attachment #1: Type: text/plain, Size: 2414 bytes --]

On Wednesday, 10 January 2018 01:46:08 GMT Rich Freeman wrote:
> On Tue, Jan 9, 2018 at 8:33 PM, Corbin Bird <corbinbird@charter.net> wrote:
> > On 01/09/2018 01:56 AM, Mick wrote:
> > 
> > At this point, the only sure bet, is a non x86, x86_64, ARM, ARM64 CPU.
> > 
> > Don't know enough to make a recommendation on a particular CPU arch at
> > this
> > point.
> 
> Good luck with that...
> 
> If you aren't hearing about Spectre fixes for a CPU it is most likely
> because it is so obscure that nobody has bothered to check whether it
> is vulnerable.
> 
> Sure, there are some CPUs that have been tested and found to be ok.
> However, almost anything modern is vulnerable to spectre.  I just
> wasn't something that was on anybody's radar.  New CPUs are likely to
> be resistant to these types of attacks regardless of vendor.

Yes, but I would be surprised if new 'fixed' CPUs land anytime before 2019 ... 
if not 2020.  I'd rather not be running an old Intel i7 which has not had its 
microcode patched all the way until then - if the complimentary microcode 
patch is *also* improving security besides speed, after the consequential 
kernel patches.


> Sure, if I was about to place an order for 1000 CPUs tomorrow I'd
> probably pick AMD over Intel to avoid the PTI overhead, but that is
> about as far as I'd let these vulnerabilities affect purchase
> decisions.  There are lots of good reasons to go with ARM vs x86, but
> this isn't really one of them.  And outside of x86/ARM I think almost
> any other CPU choice is going to be a niche item.

I've seen Linus making statements back in 2016 of the year of the ARM laptop 
being upon us (Chromebook anyone?) and I've seen the 10nm Qualcomm Snapdragon 
835 ARM laptop by Asus featuring on CES 2018 with impressively long battery 
life, but I have no idea how it compares in performance terms with the equally 
vulnerable current x86 arch machines.  That may be a different discussion 
anyway.

Most vendors only sell Intel in their laptops.  I could build a desktop I 
guess, but Ryzen is also affected by Spectre.  With Intel's burning platform I 
want to jump off, but I'm not sure if spending money at this stage will 
materially improve my PC security ... or if it is wiser to wait for the next 
round of 'improved' CPUs.

Are any of you planning to replace your Intel PCs and what are you considering 
as a replacement at present?
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Rich Freeman]

On Thu, Jan 11, 2018 at 5:41 PM, Mick <michaelkintzios@gmail.com> wrote:
>
> Most vendors only sell Intel in their laptops.  I could build a desktop I
> guess, but Ryzen is also affected by Spectre.  With Intel's burning platform I
> want to jump off, but I'm not sure if spending money at this stage will
> materially improve my PC security ... or if it is wiser to wait for the next
> round of 'improved' CPUs.
>

I wouldn't let Spectre drive you to hold off on buying a CPU.  If
you're happy with what you have stick with it.  If not get what makes
the most sense, which is probably Ryzen at this point unless your
particular workload benefits from the marginal single-thread
performance of Intel even after any Meltdown handicaps.

IMO Spectre is going to drive some microcode updates for relatively
recent CPUs, compiler improvements, and some hand-tuning of
particularly critical code.

-- 
Rich

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Corbin Bird]

On 01/11/2018 05:02 PM, Rich Freeman wrote:
> On Thu, Jan 11, 2018 at 5:41 PM, Mick <michaelkintzios@gmail.com> wrote:
>> Most vendors only sell Intel in their laptops.  I could build a desktop I
>> guess, but Ryzen is also affected by Spectre.  With Intel's burning platform I
>> want to jump off, but I'm not sure if spending money at this stage will
>> materially improve my PC security ... or if it is wiser to wait for the next
>> round of 'improved' CPUs.
>>
> I wouldn't let Spectre drive you to hold off on buying a CPU.  If
> you're happy with what you have stick with it.  If not get what makes
> the most sense, which is probably Ryzen at this point unless your
> particular workload benefits from the marginal single-thread
> performance of Intel even after any Meltdown handicaps.
>
> IMO Spectre is going to drive some microcode updates for relatively
> recent CPUs, compiler improvements, and some hand-tuning of
> particularly critical code.
>

FYI :

The microcode updates pushed out for AMD by Gentoo seem to be only for :
Fam16h, Fam17h CPUs.

Fam15h, Fam10h, no change.
"dmesg" output unchanged, before and after updating.
( Yes, the firmware update is built-in to the kernel. )

[    0.114108] smpboot: CPU0: AMD FX(tm)-9590 Eight-Core Processor
(family: 0x15, model: 0x2, stepping: 0x0)
[    0.114113] Performance Events: Fam15h core perfctr, AMD PMU driver.

[   10.296207] microcode: microcode updated early to new
patch_level=0x0600084f
[   10.296915] microcode: CPU0: patch_level=0x0600084f
[   10.297658] microcode: CPU1: patch_level=0x0600084f
[   10.298338] microcode: CPU2: patch_level=0x0600084f
[   10.299093] microcode: CPU3: patch_level=0x0600084f
[   10.299813] microcode: CPU4: patch_level=0x0600084f
[   10.300502] microcode: CPU5: patch_level=0x0600084f
[   10.301193] microcode: CPU6: patch_level=0x0600084f
[   10.301849] microcode: CPU7: patch_level=0x0600084f
[   10.302601] microcode: Microcode Update Driver: v2.01
<tigran@aivazian.fsnet.co.uk>, Peter Oruba

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Daniel Frey]

On 01/11/18 14:41, Mick wrote:
> 
> Are any of you planning to replace your Intel PCs and what are you considering
> as a replacement at present?
> 

I was planning to replace two of my PCs with Ryzen, but that plan was in 
place before Meltdown happened. At least then I'll be able to get 
microcode/firmware updates, as pretty much everything I own now (well, 
besides my laptop) is between 5-11 years old.

Dan

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Taiidan]

AMD says they are releasing microcode updates for their previous 
generation CPU's (Opteron, FX, etc) next week.
So much better than intel throwing older CPU owners to the wolves.

In terms of what CPU to get - I would get either an AMD G34/C32 Opteron 
(pre-PSP) with a compatible libre firmware board (KGPE-D16 or KCMA-D8) 
or if you can afford it a POWER9 system as IBM quickly released updates 
for POWER to solve this issue and if they ever stopped due to 
considering your system "too old" POWER9 is owner controlled and 
documented so the community could theoretically patch its own microcode.

You can make a C32 libre firmware gaming system for around 500-700, so 
that is quite affordable.

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Rich Freeman]

On Fri, Jan 12, 2018 at 11:23 AM, Corbin Bird <corbinbird@charter.net> wrote:
>
> On 01/11/2018 05:02 PM, Rich Freeman wrote:
>>
>> IMO Spectre is going to drive some microcode updates for relatively
>> recent CPUs, compiler improvements, and some hand-tuning of
>> particularly critical code.
>>
>
> The microcode updates pushed out for AMD by Gentoo seem to be only for :
> Fam16h, Fam17h CPUs.
>

FWIW even the 17h microcode doesn't seem to be updating on my Ryzen:

dmesg | grep microco
[    0.989279] microcode: CPU0: patch_level=0x08001129
[    0.989421] microcode: CPU1: patch_level=0x08001129
[    0.989565] microcode: CPU2: patch_level=0x08001129
[    0.989708] microcode: CPU3: patch_level=0x08001129
[    0.989857] microcode: CPU4: patch_level=0x08001129
[    0.990001] microcode: CPU5: patch_level=0x08001129
[    0.990183] microcode: CPU6: patch_level=0x08001129
[    0.990332] microcode: CPU7: patch_level=0x08001129
[    0.990475] microcode: CPU8: patch_level=0x08001129
[    0.990619] microcode: CPU9: patch_level=0x08001129
[    0.990764] microcode: CPU10: patch_level=0x08001129
[    0.990905] microcode: CPU11: patch_level=0x08001129
[    0.991095] microcode: Microcode Update Driver: v2.2.

That said, there still isn't any AMD documentation around the
microcode updates that I've been able to find, so I have no idea what
the correct patch level is even supposed to be.  I just know that I'm
not getting a message about early updates.  I do have linux 4.4.13
which includes the family 17h patch.

The other odd thing is that a firmware update was released for my
motherboard (ASRock AB350 Pro4) on the 10th, and if I flash it grub
will no longer boot the linux kernel, and it is pretty slow overall,
but it will still boot memtestx86 just fine.  I figured I'd wait a few
days and see if there is any further info on it.

-- 
Rich

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Mick]

[-- Attachment #1: Type: text/plain, Size: 2631 bytes --]

On Friday, 12 January 2018 17:47:46 GMT Rich Freeman wrote:
> On Fri, Jan 12, 2018 at 11:23 AM, Corbin Bird <corbinbird@charter.net> 
wrote:
> > On 01/11/2018 05:02 PM, Rich Freeman wrote:
> >> IMO Spectre is going to drive some microcode updates for relatively
> >> recent CPUs, compiler improvements, and some hand-tuning of
> >> particularly critical code.
> > 
> > The microcode updates pushed out for AMD by Gentoo seem to be only for :
> > Fam16h, Fam17h CPUs.
> 
> FWIW even the 17h microcode doesn't seem to be updating on my Ryzen:
> 
> dmesg | grep microco
> [    0.989279] microcode: CPU0: patch_level=0x08001129
> [    0.989421] microcode: CPU1: patch_level=0x08001129
> [    0.989565] microcode: CPU2: patch_level=0x08001129
> [    0.989708] microcode: CPU3: patch_level=0x08001129
> [    0.989857] microcode: CPU4: patch_level=0x08001129
> [    0.990001] microcode: CPU5: patch_level=0x08001129
> [    0.990183] microcode: CPU6: patch_level=0x08001129
> [    0.990332] microcode: CPU7: patch_level=0x08001129
> [    0.990475] microcode: CPU8: patch_level=0x08001129
> [    0.990619] microcode: CPU9: patch_level=0x08001129
> [    0.990764] microcode: CPU10: patch_level=0x08001129
> [    0.990905] microcode: CPU11: patch_level=0x08001129
> [    0.991095] microcode: Microcode Update Driver: v2.2.

My AMD:

[    0.025000] smpboot: CPU0: AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G 
(family: 0x15, model: 0x30, stepping: 0x1)

is similarly failing to show signs of early microcode update, as it always 
did:

$ dmesg | grep -i microcode
[    1.348991] microcode: CPU0: patch_level=0x06003106
[    1.349718] microcode: CPU1: patch_level=0x06003106
[    1.350434] microcode: CPU2: patch_level=0x06003106
[    1.351158] microcode: CPU3: patch_level=0x06003106
[    1.351879] microcode: Microcode Update Driver: v2.2.


> That said, there still isn't any AMD documentation around the
> microcode updates that I've been able to find, so I have no idea what
> the correct patch level is even supposed to be.  I just know that I'm
> not getting a message about early updates.  I do have linux 4.4.13
> which includes the family 17h patch.

I'm on 4.14.12-gentoo now.


> The other odd thing is that a firmware update was released for my
> motherboard (ASRock AB350 Pro4) on the 10th, and if I flash it grub
> will no longer boot the linux kernel, and it is pretty slow overall,
> but it will still boot memtestx86 just fine.  I figured I'd wait a few
> days and see if there is any further info on it.

No Asus MoBo firmware updates here ... but would they be even required/
necessary for the CPU bugs?
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Rich Freeman]

On Fri, Jan 12, 2018 at 1:42 PM, Mick <michaelkintzios@gmail.com> wrote:
> On Friday, 12 January 2018 17:47:46 GMT Rich Freeman wrote:
>
>> The other odd thing is that a firmware update was released for my
>> motherboard (ASRock AB350 Pro4) on the 10th, and if I flash it grub
>> will no longer boot the linux kernel, and it is pretty slow overall,
>> but it will still boot memtestx86 just fine.  I figured I'd wait a few
>> days and see if there is any further info on it.
>
> No Asus MoBo firmware updates here ... but would they be even required/
> necessary for the CPU bugs?

It shouldn't be.  I'm not sure if Ryzen has anything equivalent to the
Intel Management Engine.  Intel has been scrambling to patching the
firmware for that (which basically gives a hardware-level rootkit to
anybody who exploits it).

The official docs just mentioned adding support for additional
processors with an AGESA update.  I wouldn't be surprised if at some
point the motherboard vendors slip in the microcode updates there as
well.  When I was having issues getting linux to update the microcode
I figured I'd check the firmware for updates.  When it failed to boot
I just rolled it back.  They actually did 2 firmware releases, with
one being used as a bridge to the other.  That also makes me wonder if
there is a microcode update of some kind in there.

-- 
Rich

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Corbin Bird]

On 01/12/2018 12:42 PM, Mick wrote:
> On Friday, 12 January 2018 17:47:46 GMT Rich Freeman wrote:
>> On Fri, Jan 12, 2018 at 11:23 AM, Corbin Bird <corbinbird@charter.net> 
> wrote:
>>> On 01/11/2018 05:02 PM, Rich Freeman wrote:
>>>> IMO Spectre is going to drive some microcode updates for relatively
>>>> recent CPUs, compiler improvements, and some hand-tuning of
>>>> particularly critical code.
>>> The microcode updates pushed out for AMD by Gentoo seem to be only for :
>>> Fam16h, Fam17h CPUs.
>> FWIW even the 17h microcode doesn't seem to be updating on my Ryzen:
>>
>> dmesg | grep microco
>> [    0.989279] microcode: CPU0: patch_level=0x08001129
>> [    0.989421] microcode: CPU1: patch_level=0x08001129
>> [    0.989565] microcode: CPU2: patch_level=0x08001129
>> [    0.989708] microcode: CPU3: patch_level=0x08001129
>> [    0.989857] microcode: CPU4: patch_level=0x08001129
>> [    0.990001] microcode: CPU5: patch_level=0x08001129
>> [    0.990183] microcode: CPU6: patch_level=0x08001129
>> [    0.990332] microcode: CPU7: patch_level=0x08001129
>> [    0.990475] microcode: CPU8: patch_level=0x08001129
>> [    0.990619] microcode: CPU9: patch_level=0x08001129
>> [    0.990764] microcode: CPU10: patch_level=0x08001129
>> [    0.990905] microcode: CPU11: patch_level=0x08001129
>> [    0.991095] microcode: Microcode Update Driver: v2.2.
> My AMD:
>
> [    0.025000] smpboot: CPU0: AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G 
> (family: 0x15, model: 0x30, stepping: 0x1)
>
> is similarly failing to show signs of early microcode update, as it always 
> did:
>
> $ dmesg | grep -i microcode
> [    1.348991] microcode: CPU0: patch_level=0x06003106
> [    1.349718] microcode: CPU1: patch_level=0x06003106
> [    1.350434] microcode: CPU2: patch_level=0x06003106
> [    1.351158] microcode: CPU3: patch_level=0x06003106
> [    1.351879] microcode: Microcode Update Driver: v2.2.
>
>
>> That said, there still isn't any AMD documentation around the
>> microcode updates that I've been able to find, so I have no idea what
>> the correct patch level is even supposed to be.  I just know that I'm
>> not getting a message about early updates.  I do have linux 4.4.13
>> which includes the family 17h patch.
> I'm on 4.14.12-gentoo now.
>
>
>> The other odd thing is that a firmware update was released for my
>> motherboard (ASRock AB350 Pro4) on the 10th, and if I flash it grub
>> will no longer boot the linux kernel, and it is pretty slow overall,
>> but it will still boot memtestx86 just fine.  I figured I'd wait a few
>> days and see if there is any further info on it.
> No Asus MoBo firmware updates here ... but would they be even required/
> necessary for the CPU bugs?

In the old days, Windows / DOS, did not have any "microcode update
loader". For those old versions of Windows / DOS, an updated BIOS was
the only way to update the CPU microcode.

I have seen something calling itself the "microcode update loader" in
Win 7 x64. Have no idea what it is really doing.

-------

The Fam16h and Fam17h microcode updates were new to Gentoo?
I don't recall ever seeing them before.

Corbin

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Rich Freeman]

On Fri, Jan 12, 2018 at 2:58 PM, Corbin Bird <corbinbird@charter.net> wrote:
>
> The Fam16h and Fam17h microcode updates were new to Gentoo?
> I don't recall ever seeing them before.
>

They're new in general - they first appeared last week and they're
being treated as if they're related to Spectre.  I've yet to see any
kind of official release of them, but that seems to be par for the
course for AMD the more I hunt around for documentation.  It seems
like Suse first released it, and claimed that it disabled branch
prediction, whatever that means (certainly it can't completely disable
it without tanking performance).

I'm not sure if it has been merged upstream yet.  The 17h loader
updates were merged into linux 4.4.13 (Gentoo backported it as well),
but I'm not sure about the microcode itself.

Separately there are some lkml patches proposed by AMD to use an MSR
setting to make LFENCE block speculative execution.  It looks like the
strategy is to enable that on amd64, and verify that the setting took
(a guest VM wouldn't be able to set the MSR).  If the setting isn't
effective then it would fall back to Retpolines (which is the Intel
fix for Spectre), which have more overhead (this is in addition to the
much larger overhead for the meltdown fix on Intel).

If somebody actually sees anything official from AMD clearly giving a
checklist for Spectre remediation I'm all ears.  To its credit, Intel
at least published one of those (even if it amounts to "pound sand"
for older CPUs).

-- 
Rich

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Taiidan]

On 01/12/2018 02:06 PM, Rich Freeman wrote:

>
> It shouldn't be.  I'm not sure if Ryzen has anything equivalent to the
> Intel Management Engine.
It does, it is called AMD PSP.

Like ME it is closed source and it can't be disabled - no matter what 
people might claim.

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 375 bytes --]

>
> If somebody actually sees anything official from AMD clearly giving a
> checklist for Spectre remediation I'm all ears.  To its credit, Intel
> at least published one of those (even if it amounts to "pound sand"
> for older CPUs).
>

AMD have revised their guidance on Variant 2 from "near zero risk" to
"difficult"

http://www.amd.com/en/corporate/speculative-execution

[-- Attachment #2: Type: text/html, Size: 871 bytes --]

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 777 bytes --]

> They're new in general - they first appeared last week and they're
> being treated as if they're related to Spectre.  I've yet to see any
> kind of official release of them, but that seems to be par for the
> course for AMD the more I hunt around for documentation.  It seems
> like Suse first released it, and claimed that it disabled branch
> prediction, whatever that means (certainly it can't completely disable
> it without tanking performance).
>

From:
https://www.phoronix.com/scan.php?page=news_item&px=AMD-Branch-Prediction-Still

"I reached out to AMD and on Friday heard back. They wrote in an email to
Phoronix that this Zen/17h microcode update does *not* disable branch
prediction. They'll be working with SUSE to re-clarify this microcode
update description"

[-- Attachment #2: Type: text/html, Size: 1314 bytes --]

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

[Taiidan]

On 01/13/2018 12:50 PM, Mick wrote:

> Thank you Taiidan for taking time to respond.
Always man!
> On Friday, 12 January 2018 17:21:19 GMT you wrote:
>> AMD says they are releasing microcode updates for their previous
>> generation CPU's (Opteron, FX, etc) next week.
>> So much better than intel throwing older CPU owners to the wolves.
> Indeed, this is one more reason I will not look at Intel ever again!
>
>
>> In terms of what CPU to get - I would get either an AMD G34/C32 Opteron
>> (pre-PSP) with a compatible libre firmware board (KGPE-D16 or KCMA-D8)
>> or if you can afford it a POWER9 system as IBM quickly released updates
>> for POWER to solve this issue and if they ever stopped due to
>> considering your system "too old" POWER9 is owner controlled and
>> documented so the community could theoretically patch its own microcode.
>>
>> You can make a C32 libre firmware gaming system for around 500-700, so
>> that is quite affordable.
> The problem with KGPE-D16 and KCMA-D8 is that I can't find these new in the
> UK.  All I find is stripped down second hand MoBos in ebay from businesses
> shuttering and repossessions.  Also, they do not appear to come with modern
> niceties for a desktop like HDMI or DP ports?
You have to install a graphics card - like with any other 
server/workstation motherboard the onboard graphics are crappy.

I would order one from the US if you can't find a UK retailer, these are 
the most easily obtainable and affordable owner controlled boards.
> Power9 appear to be quite new and again I can't find a place that sells them
> or provides a price for them ...
https://raptorcs.com
The TALOS 2 - made by the same folks who did the coreboot ports for the 
D8 and D16 boards
It is pending RYF certification, is 100% owner controlled and it has 
libre firmware from the factory.
POWER is the only owner controlled performance CPU out there, IBM 
publishes a lot of documentation and there is absolutely no hardware 
code signing enforcement not even for the microcode.

Please note that 5K is an average price for server hardware in that 
performance class, there are a variety of lower end owner controlled 
options if that is too much/if you don't need something that fast.
> We don't do any gaming with our PCs.  General office suite applications, heavy
> browsing/emails and some media transcoding.
>
> The market has been cornered by the near monopoly of Intel, especially on
> laptops.  The last PC I built was a relatively cheap and cheerful AMD
> A10-7850K on an ASUS MoBo, which sadly comes loaded with its own hardwired PSP
> rootkit.  :-(
You can install a FM2 CPU on that, the plus has PSP the regular doesn't.
> Any ideas for places I could look for a power9 workstation - assuming it is
> affordable, or are there are any other CPU/MoBos I could look at?
Define affordable?
People have gotten used to intel's cheap CPU's that they don't really 
own - even just 15 years ago computers used to cost significantly more.
I remember when the P4 was just released and crappy pre-builds were 
going for 2K+.