BIOS updates for 11G-14G servers are available again. http://www.dell.com/support/article/us/en/19/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en
> On Jan 12, 2018, at 8:48 PM, Patrick Boutilier <[email protected]> wrote: > > I see 2.7.0 for 13G servers has been pulled from > http://www.dell.com/support/article/us/en/19/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en > > Most likely related to the reboot issues on Broadwell and Haswell CPUs > > > > On 01/12/2018 12:22 PM, Daniele Viganò wrote: >> s/meltdown/spectre/ aka CVE-2017-5715 >> On Fri, Jan 12, 2018 at 5:21 PM, Daniele Viganò >> <[email protected] >> <mailto:[email protected]>> wrote: >> A quick follow-up: microcode package release 20171117 did not >> include mitigation to Meltdown, but 20180108 >> >> (https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t >> >> <https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t>) >> does. By the way it seems it could cause random reboots on Broadwell >> and Haswell CPUs (see >> >> https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/ >> >> <https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/>). >> I think that, having such CPU models, is more safe to update the >> firmware via microcode_ctl (and thus the OS) before flashing a new >> BIOS with the new microcode update in it; this should make possible >> to test the new microcode and easily revert to the previous version >> in case of issues without the need to perform a firmware downgrade, >> at least until the situation becomes more clear. >> Cheers, >> Daniele >> On Sat, Jan 6, 2018 at 5:23 PM, Daniele Viganò >> <[email protected] >> <mailto:[email protected]>> wrote: >> A temporary solution could be manually updating the content of >> /lib/firmware/intel-ucode/, getting the ucode bins directly from >> the Intel website: >> >> https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File?product=873 >> >> <https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File?product=873> >> intel-ucode dirctory contains binary microcode files named in >> family-model-stepping pattern. The file is supported in most >> modern Linux >> distributions. It's generally located in the /lib/firmware >> directory, >> and can be updated throught the microcode reload interface. >> To update the intel-ucode package to the system, one need: >> 1. Ensure the existence of >> /sys/devices/system/cpu/microcode/reload >> 2. Copy intel-ucode directory to /lib/firmware, overwrite >> the files in >> /lib/firmware/intel-ucode/ >> 3. Write the reload interface to 1 to reload the microcode >> files, e.g. >> echo 1 > /sys/devices/system/cpu/microcode/reload >> This should contains _all_ latest available microcodes, >> including pieces not shipped by microcode_ctl-2.1-22.2 (and in >> fact the Intel package has more bin files in it). Not sure if >> this is enough. >> Cheers, >> Daniele >> -- *DANIELE VIGANÒ*| System Administrator | *Skype* dennyv85 >> |_+39-0382-5169882 <tel:+39%200382%20516%209882>_ >> *GLOBAL EARTHQUAKE MODEL *| working together to assess risk >> *GEM -* globalquakemodel.org >> <http://www.globalquakemodel.org/>**|*T -* @GEMwrld >> <http://twitter.com/GEMwrld>**|*F -* GEMwrld >> <http://www.facebook.com/GEMwrld> >> -- *DANIELE VIGANÒ*| System Administrator | *Skype* dennyv85 >> |_+39-0382-5169882 <tel:+39%200382%20516%209882>_ >> *GLOBAL EARTHQUAKE MODEL *| working together to assess risk >> *GEM -* globalquakemodel.org <http://www.globalquakemodel.org/>**|*T >> -* @GEMwrld <http://twitter.com/GEMwrld>**|*F -* GEMwrld >> <http://www.facebook.com/GEMwrld> >> -- >> *DANIELE VIGANÒ*| System Administrator | *Skype* dennyv85 |_+39-0382-5169882_ >> *GLOBAL EARTHQUAKE MODEL *| working together to assess risk >> *GEM -* globalquakemodel.org <http://www.globalquakemodel.org/>**|*T -* >> @GEMwrld <http://twitter.com/GEMwrld>**|*F -* GEMwrld >> <http://www.facebook.com/GEMwrld> >> _______________________________________________ >> Linux-PowerEdge mailing list >> [email protected] >> https://lists.us.dell.com/mailman/listinfo/linux-poweredge > > <boutilpj.vcf>_______________________________________________ > Linux-PowerEdge mailing list > [email protected] > https://lists.us.dell.com/mailman/listinfo/linux-poweredge ________________________________ NOTICE OF CONFIDENTIALITY: This communication may contain privileged and confidential information, or may otherwise be protected from disclosure, and is intended solely for use of the intended recipient(s). If you are not the intended recipient of this communication, please notify the sender that you have received this communication in error and delete and destroy all copies in your possession. _______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
