Re: [gentoo-user] AMD microcode updates - where are they?!
> > Hmm ... My last line looks the same like Rich's, but different to yours: > > # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 > Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling > > I don't have IBPB mentioned in there at all. I'm on > gentoo-sources-4.19.57. > Are you running a later kernel? > > According to this article a microcode update seems to be necessary, but > I'm > not sure if this statement only applies to Intel CPUs: > > > https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10 > > My piledriver output from an old 4.19 has IBPB, so given that redhat info, it looks like you do have old microcode. I don't pass anything via the kernel command line, as I assume the defaults are good. $ cat kern-4.19.7-vuln.txt /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling FWIW $ md5sum /lib/firmware/amd-ucode/microcode_amd_fam15h.bin 3bdedb4466186a79c469f62120f6d7bb /lib/firmware/amd-ucode/microcode_amd_fam15h.bin
Re: [gentoo-user] AMD microcode updates - where are they?!
On 7/17/19 5:58 AM, Mick wrote: > Hmm ... My last line looks the same like Rich's, but different to yours: > > # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 > Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling > > I don't have IBPB mentioned in there at all. I'm on gentoo-sources-4.19.57. > Are you running a later kernel? > > According to this article a microcode update seems to be necessary, but I'm > not sure if this statement only applies to Intel CPUs: > > https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10 > -- My kernel version : 4.19.59 Please note that I am using the "experimental" USE FLAG for "sys-kernel/gentoo-sources". CPU selected is "AMD Piledriver" Also, I am using the latest firmware for "sys-kernel/linux-firmware" ( 20190712:0 ). Kernel command line parameters on boot : "spectre_v2=on spectre_v2_user=on spec_store_bypass_disable=on" Corbin
Re: [gentoo-user] AMD microcode updates - where are they?!
On Wednesday, 17 July 2019 04:21:07 BST Corbin wrote: > On 7/14/19 8:26 AM, Mick wrote: > > Then I came across this old message regarding Piledriver CPUs: > > https://lists.debian.org/debian-security/2016/03/msg00084.html The > > post refers to model 2 of cpu family 21. Not all models in the same > > family, only model 2. So I am thinking although patch files are named > > per CPU family, whether they are applicable and applied as an update > > to the CPU is probably determined by the particular CPU *model*. > > Logically, errata in previous CPU revisions may have been fixed in > > later models of the same family and therefore such microcode updates > > would not be needed. When offered by the OS the CPU won't select to > > have them applied. This explains why my AMD models, which are later > > revisions of the same 15h family do not apply any microcode updates - > > they don't need them. Please share if you know differently and thank > > you all for your responses. > > Remember a while back when I mentioned that "lwp" had disappeared from > my /proc/cpuinfo? > > They restored "lwp" with this commit : > > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.gi > > t/commit/?id=7518922bd5b98b137af7aaf3c836f5a498e91609 > So it stands to reason that the microcode only applies specific patches > to specific problems per CPU. > > Reference : > > Darkstar ~ # cat /proc/cpuinfo > > processor: 0 > > vendor_id: AuthenticAMD > > cpu family: 21 > > model: 2 > > model name: AMD FX(tm)-9590 Eight-Core Processor > > stepping: 0 > > microcode: 0x6000852 > > cpu MHz: 4685.390 > > cache size: 2048 KB > > Output of /sys/devices/system/cpu/vulnerabilities : > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/l1tf > > Not affected > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/mds > > Not affected > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/meltdown > > Not affected > > Darkstar ~ # cat > > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass > > Mitigation: Speculative Store Bypass disabled > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 > > Mitigation: __user pointer sanitization > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 > > Mitigation: Full AMD retpoline, IBPB: always-on, STIBP: disabled, RSB > > filling > > Corbin Hmm ... My last line looks the same like Rich's, but different to yours: # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling I don't have IBPB mentioned in there at all. I'm on gentoo-sources-4.19.57. Are you running a later kernel? According to this article a microcode update seems to be necessary, but I'm not sure if this statement only applies to Intel CPUs: https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10 -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] AMD microcode updates - where are they?!
On 7/14/19 8:26 AM, Mick wrote: > Then I came across this old message regarding Piledriver CPUs: > https://lists.debian.org/debian-security/2016/03/msg00084.html The > post refers to model 2 of cpu family 21. Not all models in the same > family, only model 2. So I am thinking although patch files are named > per CPU family, whether they are applicable and applied as an update > to the CPU is probably determined by the particular CPU *model*. > Logically, errata in previous CPU revisions may have been fixed in > later models of the same family and therefore such microcode updates > would not be needed. When offered by the OS the CPU won't select to > have them applied. This explains why my AMD models, which are later > revisions of the same 15h family do not apply any microcode updates - > they don't need them. Please share if you know differently and thank > you all for your responses. Remember a while back when I mentioned that "lwp" had disappeared from my /proc/cpuinfo? They restored "lwp" with this commit : > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=7518922bd5b98b137af7aaf3c836f5a498e91609 So it stands to reason that the microcode only applies specific patches to specific problems per CPU. Reference : > Darkstar ~ # cat /proc/cpuinfo > processor : 0 > vendor_id : AuthenticAMD > cpu family : 21 > model : 2 > model name : AMD FX(tm)-9590 Eight-Core Processor > stepping : 0 > microcode : 0x6000852 > cpu MHz : 4685.390 > cache size : 2048 KB Output of /sys/devices/system/cpu/vulnerabilities : > > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/l1tf > Not affected > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/mds > Not affected > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/meltdown > Not affected > Darkstar ~ # cat > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass > Mitigation: Speculative Store Bypass disabled > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 > Mitigation: __user pointer sanitization > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 > Mitigation: Full AMD retpoline, IBPB: always-on, STIBP: disabled, RSB > filling Corbin
Re: [gentoo-user] AMD microcode updates - where are they?!
On Sat, 13 Jul 2019 18:18:35 +0100, Mick wrote: > Anyway, if you want to look at the initramfs contents manually, I > suppose you will need to decompress your initramfs in a temporary > directory to see its contents. First find what archive format has been > used. > > file /boot/EFI/... initramfs-XXX.img > > will output gzip, bzip2, lzma or similar archive type. Then create a > temporary directory to work in and use the corresponding compression > type: > > mkdir ~/tmp_initramfs > cd ~/tmp_initramfs > > zcat /boot/EFI/... initramfs-XXX.img | cpio -idmv Did you build the initramfs with genkernel or dracut? If the latter, just run lsinitrd, which lists the contents of the current kernel's initramfs. You can also inspect individual files within the initramfs. -- Neil Bothwick Your lack of organisation does not represent an emergency in my world. pgpSJyHJfLhKm.pgp Description: OpenPGP digital signature
Re: [gentoo-user] AMD microcode updates - where are they?!
On Sun, Jul 14, 2019 at 4:06 AM Mick wrote: > On Saturday, 13 July 2019 18:42:27 BST Jack wrote: > > > > If linux-firmware is emerged with the savedconfig use flag, then only > > the firmware not deleted from the config file is left. > > Yes. I used to do this, but gave up after a while. Kernel 5.3 is getting the ability to load .xz compressed firmware, so /lib/firmware goes from 460MB to under 80MB.
Re: [gentoo-user] AMD microcode updates - where are they?!
> Then I came across this old message regarding Piledriver CPUs: > > https://lists.debian.org/debian-security/2016/03/msg00084.html > > The post refers to model 2 of cpu family 21. Not all models in the same > family, only model 2. So I am thinking although patch files are named per > CPU > family, whether they are applicable and applied as an update to the CPU is > probably determined by the particular CPU *model*. Logically, errata in > previous CPU revisions may have been fixed in later models of the same > family > and therefore such microcode updates would not be needed. When offered by > the > OS the CPU won't select to have them applied. > > This explains why my AMD models, which are later revisions of the same 15h > family do not apply any microcode updates - they don't need them. > > Please share if you know differently and thank you all for your responses. Sounds reasonable, but the 15h code was updated mid 2018, so unless the cpu or BIOS update is from after then, i would be concerned. If your APUs return similar to this then then there's nothing to worry about # grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected /sys/devices/system/cpu/vulnerabilities/mds:Not affected /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling
Re: [gentoo-user] AMD microcode updates - where are they?!
On Saturday, 13 July 2019 23:03:11 BST Mick wrote: > Unlike my old Intel which lights up like a christmas tree with "Vulnerable, > no microcode found" because Intel has thrown its users to the kerb, both > AMDs show "Not Vulnerable" and for some of the vulnerabilities it reports: > > (your CPU vendor reported your CPU model as not vulnerable) This last line made me think a bit more. Scratching around I see there are separate patch files with AMD microcode updates offered for the various CPU families. My simplistic assumption so far has been *all* CPUs of a certain family will apply the corresponding patch file microcode update, either via a new UEFI/BIOS firmware, or via the OS. Clearly this is not so. If I remove 'amd-ucode/microcode_amd_fam15h.bin' from my kernel firmware directive completely, or add amd-ucode/ patch files for every family, or even try to manually reload the microcode: echo 1 > /sys/devices/system/cpu/microcode/reload there is no change in dmesg. Clearly my CPU does not load any microcode update, other than what might be already available in the old UEFI MoBo firmware and this is loaded before the OS starts booting. Then I came across this old message regarding Piledriver CPUs: https://lists.debian.org/debian-security/2016/03/msg00084.html The post refers to model 2 of cpu family 21. Not all models in the same family, only model 2. So I am thinking although patch files are named per CPU family, whether they are applicable and applied as an update to the CPU is probably determined by the particular CPU *model*. Logically, errata in previous CPU revisions may have been fixed in later models of the same family and therefore such microcode updates would not be needed. When offered by the OS the CPU won't select to have them applied. This explains why my AMD models, which are later revisions of the same 15h family do not apply any microcode updates - they don't need them. Please share if you know differently and thank you all for your responses. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] AMD microcode updates - where are they?!
On Saturday, 13 July 2019 22:01:02 BST Rich Freeman wrote: > On Sat, Jul 13, 2019 at 4:16 PM Wols Lists wrote: > > On 13/07/19 20:23, Mick wrote: > > > Thanks Corbin, I wonder if despite articles about microcode patch > > > releases to deal with spectre and what not, there are just no patches > > > made available for my aging AMD CPUs. > > > > Or Spectre and what not are Intel specific ... > > > > I know a lot of the reports said many of the exploits don't work on AMD. > > It's something to do with the way Intel has implemented speculative > > execution, and AMD doesn't use that technique. > > Some spectre-related vulnerabilities apply to AMD, and some do not. > Most of the REALLY bad ones do not, but I believe that some of the AMD > ones still require microcode updates to be mitigated in the most > efficient way. Yes, the A10 is vulnerable to: CVE-2017-5753 (Spectre Variant 1, bounds check bypass) CVE-2017-5715 (Spectre Variant 2, branch target injection) > Take a look in /sys/devices/system/cpu/vulnerabilities on your system > for the kernel's assessment of what vulnerabilities apply, and how > they are being mitigated. What you want to see is every single one > either saying "Not affected" or they start with "Mitigation:" If you > see one starting with something like Partial Mitigation or Vulnerable > you should Google if there is something you can do to improve this. > > Note that this assumes you have a current kernel. The kernel can only > report the vulnerabilities it knows about, so if you're running some > kernel from 9 months ago it won't know about everything. > > For reference, on my Ryzen 5 1600 I get: > for x in * ; do echo -n "$x: " ; cat $x ; done > > l1tf: Not affected > mds: Not affected > meltdown: Not affected > spec_store_bypass: Mitigation: Speculative Store Bypass disabled via > prctl and seccomp > spectre_v1: Mitigation: __user pointer sanitization > spectre_v2: Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling I get the same output on both AMD systems running gentoo-sources-4.19.57. I've also used this script for some more detailed checking and testing: https://github.com/speed47/spectre-meltdown-checker Unlike my old Intel which lights up like a christmas tree with "Vulnerable, no microcode found" because Intel has thrown its users to the kerb, both AMDs show "Not Vulnerable" and for some of the vulnerabilities it reports: (your CPU vendor reported your CPU model as not vulnerable) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] AMD microcode updates - where are they?!
On Sat, Jul 13, 2019 at 4:16 PM Wols Lists wrote: > > On 13/07/19 20:23, Mick wrote: > > Thanks Corbin, I wonder if despite articles about microcode patch releases > > to > > deal with spectre and what not, there are just no patches made available for > > my aging AMD CPUs. > > Or Spectre and what not are Intel specific ... > > I know a lot of the reports said many of the exploits don't work on AMD. > It's something to do with the way Intel has implemented speculative > execution, and AMD doesn't use that technique. Some spectre-related vulnerabilities apply to AMD, and some do not. Most of the REALLY bad ones do not, but I believe that some of the AMD ones still require microcode updates to be mitigated in the most efficient way. Take a look in /sys/devices/system/cpu/vulnerabilities on your system for the kernel's assessment of what vulnerabilities apply, and how they are being mitigated. What you want to see is every single one either saying "Not affected" or they start with "Mitigation:" If you see one starting with something like Partial Mitigation or Vulnerable you should Google if there is something you can do to improve this. Note that this assumes you have a current kernel. The kernel can only report the vulnerabilities it knows about, so if you're running some kernel from 9 months ago it won't know about everything. For reference, on my Ryzen 5 1600 I get: for x in * ; do echo -n "$x: " ; cat $x ; done l1tf: Not affected mds: Not affected meltdown: Not affected spec_store_bypass: Mitigation: Speculative Store Bypass disabled via prctl and seccomp spectre_v1: Mitigation: __user pointer sanitization spectre_v2: Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling -- Rich
Re: [gentoo-user] AMD microcode updates - where are they?!
On 13/07/19 20:23, Mick wrote: > Thanks Corbin, I wonder if despite articles about microcode patch releases to > deal with spectre and what not, there are just no patches made available for > my aging AMD CPUs. Or Spectre and what not are Intel specific ... I know a lot of the reports said many of the exploits don't work on AMD. It's something to do with the way Intel has implemented speculative execution, and AMD doesn't use that technique. Cheers, Wol
Re: [gentoo-user] AMD microcode updates - where are they?!
On Saturday, 13 July 2019 19:16:18 BST Corbin wrote: > For reference, the .config file for the kernel should have something > > along the lines of this: > > # > > # Firmware loader > > # > > CONFIG_FW_LOADER=y > > CONFIG_EXTRA_FIRMWARE="amd-ucode/microcode_amd.bin > > amd-ucode/microcode_amd_fam15h.bin amdgpu/polaris10_ce.bin > > amdgpu/polaris10_ce_2.bin amdgpu/polaris10_k_smc.bin > > amdgpu/polaris10_mc.bin amdgpu/polaris10_me.bin > > amdgpu/polaris10_me_2.bin amdgpu/polaris10_mec.bin > > amdgpu/polaris10_mec2.bin amdgpu/polaris10_mec2_2.bin > > amdgpu/polaris10_pfp.bin amdgpu/polaris10_pfp_2.bin > > amdgpu/polaris10_rlc.bin amdgpu/polaris10_sdma.bin > > amdgpu/polaris10_sdma1.bin amdgpu/polaris10_smc.bin > > amdgpu/polaris10_smc_sk.bin amdgpu/polaris10_uvd.bin > > amdgpu/polaris10_vce.bin" > > CONFIG_EXTRA_FIRMWARE_DIR="/lib/firmware/" > > CONFIG_FW_LOADER_USER_HELPER=y As I understand it the CONFIG_FW_LOADER_USER_HELPER has some edge use cases, but is not needed for our hardware/firmware. > CPU is a AMD FX-9590 ( Fam15h ) > > Video is a RX480 ( Polaris 10 ) > > And, yes, both microcode updates ( Fam10h / Fam15h ) need to be builtin. Are you sure about this? I added 'amd-ucode/microcode_amd.bin' for Fam10h, rebooted and nothing changed here as far as microcode patches is concerned. I am not using savedconfig on this PC, so all amd-ucode binaries are available to be loaded from the filesystem. > Previous generation CPU updates will be builtin, even if you try to > exclude them. Fine, so following the wiki page and ONLY adding the microcode specific to the CPU family should still work. > Corbin Thanks Corbin, I wonder if despite articles about microcode patch releases to deal with spectre and what not, there are just no patches made available for my aging AMD CPUs. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] AMD microcode updates - where are they?!
For reference, the .config file for the kernel should have something along the lines of this: > # > # Firmware loader > # > CONFIG_FW_LOADER=y > CONFIG_EXTRA_FIRMWARE="amd-ucode/microcode_amd.bin > amd-ucode/microcode_amd_fam15h.bin amdgpu/polaris10_ce.bin > amdgpu/polaris10_ce_2.bin amdgpu/polaris10_k_smc.bin > amdgpu/polaris10_mc.bin amdgpu/polaris10_me.bin > amdgpu/polaris10_me_2.bin amdgpu/polaris10_mec.bin > amdgpu/polaris10_mec2.bin amdgpu/polaris10_mec2_2.bin > amdgpu/polaris10_pfp.bin amdgpu/polaris10_pfp_2.bin > amdgpu/polaris10_rlc.bin amdgpu/polaris10_sdma.bin > amdgpu/polaris10_sdma1.bin amdgpu/polaris10_smc.bin > amdgpu/polaris10_smc_sk.bin amdgpu/polaris10_uvd.bin > amdgpu/polaris10_vce.bin" > CONFIG_EXTRA_FIRMWARE_DIR="/lib/firmware/" > CONFIG_FW_LOADER_USER_HELPER=y CPU is a AMD FX-9590 ( Fam15h ) Video is a RX480 ( Polaris 10 ) And, yes, both microcode updates ( Fam10h / Fam15h ) need to be builtin. Previous generation CPU updates will be builtin, even if you try to exclude them. Corbin
Re: [gentoo-user] AMD microcode updates - where are they?!
On Saturday, 13 July 2019 18:42:27 BST Jack wrote: > > If linux-firmware is emerged with the savedconfig use flag, then only > the firmware not deleted from the config file is left. Yes. I used to do this, but gave up after a while. > I did find a > few extras based on the "failed to load..." messages after my initial > overzealous trimming of that config file. My current concern is indeed > with the microcode, about which no complaint. Looking at the link > below shows me I am missing the files for my 17h family Ryzen CPU. It > will be a bit before I can reboot to see if it does load them once I > re-emerge linux-firmware to get them. Make sure the corresponding AMDGPU driver settings are built in the kernel, not as modules. Ryzen CPUs are new(ish) and the MoBo OEMs should still be releasing UEFI/BIOS firmware updates, which will contain any needed microcode patches. You'll obtain these next time you flash your BIOS with the latest release, if/when there is one available. Your 'dmesg | grep micro' patch number will change as a result, but there will be no 'early microcode update ...' message since the OS will not be applying any microcode patches itself. It is older CPUs which need the patches, since OEMs usually abandon any intention to support their hardware beyond the nominal warranty period. > I'll update again once I've done that. > > Jack Cool, thanks for your input. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] AMD microcode updates - where are they?!
On 2019.07.13 13:18, Mick wrote: On Saturday, 13 July 2019 17:21:40 BST Jack wrote: > On 2019.07.12 08:18, Mick wrote: [snip] And, one question - if I have linux-firmware emerged with savedconfig use flag set, what's the best/easiest way to hunt through the actually available firmware, to check if I might have missed something relevant. So far, I've just searched the git repository for the package. I suppose I could have kept a copy of the manifest from the initial emerge (without savedconfig) but I didn't think of it at the time. Look under your /lib/firmware/ directory for the file you want to use, or the file dmesg complains is missing. For microcode there will be no complaining, but for other hardware there usually is something along the lines: "failed to load blah-blah.bin, file not found." If linux-firmware is emerged with the savedconfig use flag, then only the firmware not deleted from the config file is left. I did find a few extras based on the "failed to load..." messages after my initial overzealous trimming of that config file. My current concern is indeed with the microcode, about which no complaint. Looking at the link below shows me I am missing the files for my 17h family Ryzen CPU. It will be a bit before I can reboot to see if it does load them once I re-emerge linux-firmware to get them. I'll update again once I've done that. Jack
Re: [gentoo-user] AMD microcode updates - where are they?!
On Saturday, 13 July 2019 18:18:35 BST Mick wrote: > or > > xv -dc < /boot/EFI/... initramfs-XXX.img | cpio -idmv Oops! Typo alert! xv should of course be 'xz'. I think you can also use lzcat. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] AMD microcode updates - where are they?!
On Saturday, 13 July 2019 17:21:40 BST Jack wrote: > On 2019.07.12 08:18, Mick wrote: > > https://www.bleepingcomputer.com/news/hardware/amd-releases-spectre-v2-mic > > rocode-updates-for-cpus-going-back-to-2011/ > I have not yet done any further searching or digging, but that link > seems to only talk specifically about Windows updates, not generic > firmware updates. Yes, but any microcode releases are/should be CPU specific. If they're released for applying via one OS, they should be available to others too. Of course, if microcode has only been released to MoBo OEM's, then we're in the mercy of OEM commercial interests. I'm sure when asked for an update they will try to sell to us all the latest models they have recently launched. :p > I have three different AMD based PCs, and so far, I don't see anything > different from Mick. However, on two Artix linux systems, I'm still > not quite sure whether the microcode is in the initramfs or not. I > hate to admit I'm also not sure on my Gentoo box, having so far made > only minor changes to the kernel from the June stage 3 tarball, and > used genkernel to compile both kernel and initramfs. I'm working on > configuring 5.2.0, but it will take me a while to get through the > complete configuration (starting from scratch.) I'm not familiar with dracut to know what it uses as a default archiving engine and if you can run it to inspect directly the contents of an already created initramfs. I know it can output on the console what it is including in initramfs at the time of creation. Anyway, if you want to look at the initramfs contents manually, I suppose you will need to decompress your initramfs in a temporary directory to see its contents. First find what archive format has been used. file /boot/EFI/... initramfs-XXX.img will output gzip, bzip2, lzma or similar archive type. Then create a temporary directory to work in and use the corresponding compression type: mkdir ~/tmp_initramfs cd ~/tmp_initramfs zcat /boot/EFI/... initramfs-XXX.img | cpio -idmv or bzcat /boot/EFI/... initramfs-XXX.img | cpio -idmv or xv -dc < /boot/EFI/... initramfs-XXX.img | cpio -idmv Something like the above ought to do the job. > One suggestion - don't just grep for microcode, also check for > "firmware" for which I use 'dmesg | egrep -i "firmware|microcode"'. Well, 'firmware' will capture other firmware files, like graphics card, WiFi, BT, etc. rather than the CPU microcode. > And, one question - if I have linux-firmware emerged with savedconfig > use flag set, what's the best/easiest way to hunt through the actually > available firmware, to check if I might have missed something > relevant. So far, I've just searched the git repository for the > package. I suppose I could have kept a copy of the manifest from the > initial emerge (without savedconfig) but I didn't think of it at the > time. > > Jack Look under your /lib/firmware/ directory for the file you want to use, or the file dmesg complains is missing. For microcode there will be no complaining, but for other hardware there usually is something along the lines: "failed to load blah-blah.bin, file not found." The appropriate microcode file for your AMD CPUs can be deduced from the table here: https://wiki.gentoo.org/wiki/AMD_microcode and it should be stored under your: /lib/firmware/amd-ucode/ after you install linux-firmware. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] AMD microcode updates - where are they?!
On 2019.07.12 08:18, Mick wrote: I'm looking at dmesg output which on my Intel CPUS of various vintages shows "microcode updated early ..." but two different AMD APUs of mine do not show the same, despite AMD apparently releasing microcode updates going back to 2011: https://www.bleepingcomputer.com/news/hardware/amd-releases-spectre-v2-microcode-updates-for-cpus-going-back-to-2011/ I have not yet done any further searching or digging, but that link seems to only talk specifically about Windows updates, not generic firmware updates. I have three different AMD based PCs, and so far, I don't see anything different from Mick. However, on two Artix linux systems, I'm still not quite sure whether the microcode is in the initramfs or not. I hate to admit I'm also not sure on my Gentoo box, having so far made only minor changes to the kernel from the June stage 3 tarball, and used genkernel to compile both kernel and initramfs. I'm working on configuring 5.2.0, but it will take me a while to get through the complete configuration (starting from scratch.) One suggestion - don't just grep for microcode, also check for "firmware" for which I use 'dmesg | egrep -i "firmware|microcode"'. And, one question - if I have linux-firmware emerged with savedconfig use flag set, what's the best/easiest way to hunt through the actually available firmware, to check if I might have missed something relevant. So far, I've just searched the git repository for the package. I suppose I could have kept a copy of the manifest from the initial emerge (without savedconfig) but I didn't think of it at the time. Jack
[gentoo-user] AMD microcode updates - where are they?!
I'm looking at dmesg output which on my Intel CPUS of various vintages shows "microcode updated early ..." but two different AMD APUs of mine do not show the same, despite AMD apparently releasing microcode updates going back to 2011: https://www.bleepingcomputer.com/news/hardware/amd-releases-spectre-v2-microcode-updates-for-cpus-going-back-to-2011/ I have observed OEMs for laptop MoBos rarely if ever bother to release a UEFI/ BIOS firmware update past 1-2 years from launch of their products, while desktop OEMs may keep releasing updates for 3-5 years. Since there are no OEM MoBo firmware releases and I see no "microcode updated early ..." message in dmesg, I thought of checking with other Gentoo users if I'm doing something wrong, or if this is a common observation for AMD CPU/ APUs? PS. I include the microcode in the kernel, for both my Intel and AMD systems, rather than use an initramfs; e.g. CONFIG_EXTRA_FIRMWARE="amd-ucode/microcode_amd_fam15h.bin ..." PPS. This is all shown on one of the AMD APUs, way down during the booting process: $ dmesg | grep -i micro [0.622441] [drm] Loading ARUBA Microcode [5.763242] [drm] Loading hainan Microcode [6.653025] microcode: CPU0: patch_level=0x06001119 [6.657962] microcode: CPU1: patch_level=0x06001119 [6.658890] microcode: CPU2: patch_level=0x06001119 [6.659881] microcode: CPU3: patch_level=0x06001119 [6.661136] microcode: Microcode Update Driver: v2.2. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
