On 25.04.2018 00:18, taii...@gmx.com wrote: > On 04/17/2018 03:30 AM, Rudolf Marek wrote: > >> Hi, >> >> I found new microcode here [1], I used >> cpu00610F01_ver0600111F_2018-03-05_AC55EB96.bin as a microcode for my >> Trinity family15h CPU. >> I hacked together a new microcode header which contains the equivalence >> table etc to be able to load this microcode into the CPU from Linux. >> >> dd if=/lib/firmware/amd-ucode/microcode_amd_fam15h.bin bs=1 count=84 >> of=header.bin >> cat header.bin cpu00610F01_ver0600111F_2018-03-05_AC55EB96.bin > >> microcode_amd_fam15h.bin >> >> copy the file to same location and trigger update: >> >> echo 1 > /sys/devices/system/cpu/microcode/reload >> >> [ 6032.948243] microcode: CPU0: new patch_level=0x0600111f >> [ 6032.964913] microcode: CPU2: new patch_level=0x0600111f >> >> Please note that the header.bin does contain a size of the microcode blob, >> but it happens to be the same, so it works. Normally the container >> may contain more microcode blobs. But in my case I use just "right" one for >> my CPU. >> >> The new microcode seems to be adding the IBPB feature. >> >> Thanks >> Rudolf >> >> >> [1] https://github.com/platomav/CPUMicrocodes > This didn't work on my piledriver CPU's :[ > > When I try to "reload" nothing happens not even an error in dmesg....the > reload command has never worked for me no matter what system I use intel > or amd. > > Thanks for helping. > I can't believe everyone else is so nonchalant about all this > considering how important it is I still haven't figured out how to > update the microcode on any of my computers - no guides I have found > actually work and no distros have the new microcode for intel or amd > despite it having been months.
I can't believe everybody is so nonchalant about Rowhammer but many people make a big thing out of the comparatively tiny Spectre problem. > > For the best security one should have both the new microcode and the > lfence msr? Not for the best but for any security, you have to understand first that both options only change something if your software is prepared to uti- lize them. First update your software, then check what it needs / what the developers expect (the new microcode I'd guess). Nico -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot