ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

[thx-1138]

The big question is if it all goes wrong how does one revert to the original firmware?

To my knowledge, that's what might go wrong (& how it can be solved)...

Having said that though, personal opinion, until the things settle down with the last kernel updates & BIOS releases, i wouldn't update it just yet. Again, that's purely personal opinion...

[Laurent85]

Looking at the Mint 18.3 file structure it seems that the intel-ucode method may be best for Mint. Has anyone tried this?

Actually a microcode update alone does NOT fix Spectre flaws, also needs patching available kernels and those patches are still under development.

[xenopeek]

You can use https://github.com/speed47/spectre-meltdown-checker to check what your system still needs.

Here's the output on my Arch system from yesterday: https://i.imgur.com/OcC36ds.png

Basically Spectre requires multiple fixes in the kernel and a microcode fix. Meltdown requires just one fix in the kernel.

[Terryphi]

The big question is if it all goes wrong how does one revert to the original firmware?

To my knowledge, that's what might go wrong (& how it can be solved)...

Having said that though, personal opinion, until the things settle down with the last kernel updates & BIOS releases, i wouldn't update it just yet. Again, that's purely personal opinion...

Thanks thx-1138. I'll take your advice.

[ArtGirl]

Yes, Terryphi, I had the same question as yourself, about how to revert if needed. My system's Driver Manager is showing the present 20170707 microcode, and an option to turn off microcode updates. All I can think is that the update will show up in that section and there'll be the option to select it. If I remember rightly, that's how the upgrade to 20170707 happened. With this being a security update, I'd imagine it could come through soon.

Thanks for the link, thx-1138 ... confirms to be careful, and, yes, better to wait than have a potentially unnecessary mess to clean up.

[Spearmint2]

I'm completely lost with all this spectre/meltdown issue and the list of updates/patches that never ends .
Also I'm a complete LM newbie . Can anyone explain what I should install or keep my eye out for these 2 systems.

Not much to worry about right now, let cooler heads prevail. So far these are "potential" avenues of exploitation, and none are being used yet to target you or anyone else. If your CPU is AMD, even better, only have 1 Spectre variant as risk, and it's the most difficult to take advantage of. Microsoft pushed out their "fix" for Intel CPU's and AMD users starting having their computers stop booting. Microsoft has now quit sending that update to AMD computers after people screamed at them and accused them of doing it deliberately for "Wintel" reasons. Nobody yet is attacking computers using Meltdown and Spectre. There are two groups excessively interested in "patches" at the moment among desktop users; those who always go into "chicken little mode" when anything scares them, and those who are interested in testing the various fixes and patches just for fun, or wanting to do benchmarking of those. The cooler heads are sitting it out till things are more standardized, or until an actual threat appears. Right now the Meltdown and Spectre are ONLY concepts some hackers might in future use, so they are working to correct it now.

So, enjoy the show, take it easy, don't worry overmuch, you will have plenty of time to apply any fixes before any actual threat appears. There's a big difference between "potential" and "threat".

[michael louwe]

Will this Debian link for Intel microcodes be useful.? ... http://ftp.us.debian.org/debian/pool/no ... microcode/

[michael louwe]

Another way to install the Intel microcode is through Synaptic PM(= wait for the Ubuntu repositories to be updated) ... https://sites.google.com/site/easylinux ... /microcode

[michael louwe]

@ Terryphi, .......

...

.
https://access.redhat.com/articles/3311301 (how to use the Terminal to disable the KPTI/Meltdown and Spectre patches, if needed)

[ArtGirl]

Will this Debian link for Intel microcodes be useful.? ... http://ftp.us.debian.org/debian/pool/no ... microcode/

Thank you very much. Worked perfectly, and no performance drop at all. Much appreciate.

(Terryphi, ran the deb, rebooted, and then the Driver Manager shows that 20180108.1 is installed.)

[thx-1138]

Will this Debian link for Intel microcodes be useful.? ... http://ftp.us.debian.org/debian/pool/no ... microcode/

Yes

The reason i personally don't really suggest it for the time being, is because if stuff / apps somehow starts acting 'weirdo', it's easier to identify afterwards to know what caused the weirdness in the first place: was it the latest kernel from Canonical, was it the microcode, was it due to the bios update etc etc. One-step-at-a-time-logic if you will...

[now3by]

@all

now run

Code: Select all

dmesg | grep microcode

and see how old is your fresh updated 20180108 microcode

[Spearmint2]

The Jan 2018 news reports detailed Intel releasing BIOS firmware updates to the OEMs(eg Lenovo, Dell, etc) in stages, ie for Windows and MacOS, which are the majority OS in the world(= about 97%). Whereas, Linux microcode patches from Intel/AMD can be installed by the OS, eg through Driver Manager.

Consider 67% of servers are Linux based, and all 500 of the world's top computers are Linux based. I would believe that Intel is also aware of that and acted accordingly starting in June 2017. I doubt they would leave them "whistling past the graveyard".

[michael louwe]

https://askubuntu.com/questions/545925/ ... e-properly [How to verify if there's a new microcode update for your processor (Intel)]

"What Intel does is, they stick all microcode updates for all processors in a single file. This file, even the most recent one, does not contain a brand new microcode update for each and every processor. In the case of my Core 2 Duo, the most most recent file is from 2010, even if the microcode package is just weeks old.."

So, the Intel microcode 20180108 may not contain the Spectre patch for certain processors, eg those more than 5 years old. The microcode needs to be verified, as pointed out by "now3by".

[thx-1138]

...there is a quite interesting thread in reddit going-on:
https://www.reddit.com/r/linux/comments ... _download/
It certainly doesn't look like Intel will really bother much with older processors (not to say they've already decided such since quite some time)...

[xenopeek]

...there is a quite interesting thread in reddit going-on:
https://www.reddit.com/r/linux/comments ... _download/
It certainly doesn't look like Intel will really bother much with older processors (not to say they've already decided such since quite some time)...

I have a i5-2500k (Sandy Bridge) which is from 2011 and the microcode for it says (journalctl -b | grep microcode):
sig=0x206a7, pf=0x2, revision=0x29
That sig is not on the list at your link. Not sure if that means it is not getting patched.

[Laurent85]

sig=0x206a7, pf=0x2, revision=0x29
That sig is not on the list at your link. Not sure if that means it is not getting patched.

This cpu still did not receive a microcode update, from latest microcode.dat 20180108 available :

Code: Select all

iucode_tool -q -l microcode.dat | grep 206a7
136: sig 0x000206a7, pf mask 0x12, 2013-06-12, rev 0x0029, size 10240

Latest update from Intel was more than 4 years ago.

[now3by]

welcome to club:

Code: Select all

[    1.106415] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
[ 9292.885359] microcode: CPU0 microcode updated early to revision 0xe, date = 2013-06-26
[ 9292.989036] microcode: CPU2 microcode updated early to revision 0xe, date = 2013-06-26

[michael louwe]

According to this link ... https://tracker.debian.org/news/900514 , it seems the Intel microcode 20180108 only has the Spectre patch for 3rd-gen processors(= 2012) or higher.

Also, this Intel microcode update has to work in conjunction with an updated Linux kernel that has support for IBRS and IBPB. At present, Ubuntu has not yet released such an updated Linux kernel. Ubuntu has only just released new kernels for KPTI support for the Meltdown bug on 9 Jan 2018.
... OTOH, Red Hat Ent and Suse Ent already have both patches that mitigate against the Spectre bug.

Hopefully, both the Intel microcode and related Linux kernel patches for the Spectre bug will arrive at about the same time for LM users who have processors that are more than 5 years old.

[now3by]

and here you can find more info about microcode world:
https://github.com/platomav/CPUMicrocodes