Regarding a NOTE from your last message: > For microcode embedding in coreboot to work you must check > both the "generate microcode update from tree" option and the > "use non-free blob repo" option - > doing the first but not the second will result in a silent fail. It works for KGPE-D16 but doesn't work for G505S and maybe some other AMD boards. Currently the only working way for those "other boards" to get the latest microcodes is to " xxd -i -c 8 " a microcode binary and then put this array of hex values into their .c file containing a microcode ( path like [1] ) . Tired of doing this manually, yesterday I wrote these microcode updating scripts : https://review.coreboot.org/c/coreboot/+/28425 AMD microcodes: scripts for applying the unofficial (not-merged-yet) updates Put those 4 files to your freshly cloned coreboot directory, run ./get_ucode_patches.sh , ./check... and ./apply... , and your fresh coreboot now has the latest microcodes ;-) But thats only for those "other boards" like G505S. To get the latest microcode for your KGPE-D16, you may also need to patch its' microcode_amd_fam15h.bin with a new 2018 microcode which sadly is not merged yet neither to linux-firmware nor to coreboot
[1] example of a path to .c file with microcode - ./coreboot/src/vendorcode/amd/agesa/f16kb/Proc/CPU/Family/0x16/KB/F16KbId7001MicrocodePatch.c On Sat, Sep 1, 2018 at 10:41 PM [email protected] <[email protected]> wrote: > > I am making this due to seeing many mis-informed users that are engaging > in dangerous practices. > > Microcode updates should ALWAYS be installed unless you are an expert > user and have repeatedly verified that your CPU doesn't require them and > you are prepared for the risks which include for instance on the > piledriver CPU's (opteron 63xx/43xx and the G505S's laptop cpus) a > userland to root exploit, a broken IOMMU and a timer issue that means > games and certain applications don't work properly. > > > Unfortunately x86 is stuck with non owner controlled undocumented > proprietary microcode updates and in the case of intel they are > encrypted for some reason - AFAIK only POWER has owner controlled microcode. > > Despite this it is still a good idea to install them - I do on my > coreboot computers and thus I don't ruin my security for no good reason. > > > NOTE: > For microcode embedding in coreboot to work you must check both the > "generate microcode update from tree" option and the "use non-free blob > repo" option - doing the first but not the second will result in a > silent fail. > -- > coreboot mailing list: [email protected] > https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
