Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-15 Thread Paul Rogers 
> Paul Rogers wrote:
> >> Well, except if the kernel breaks something, just remove the file and
> >> grub entry and then reboot. If a BIOS/UEFI update causes an issue, you
> >> get the pleasure of finding out whether there is a supported downgrade
> >> path. :-)
> > 
> > IF your system hasn't been "bricked".
> 
> If you are loading firmware via an initrd, how can the systemd be bricked? 
>   At every boot it reverts to the original firmware.
> 

Perhaps I misunderstood, I thought it was talking about a BIOS update with the 
new microcode embedded.

-- 
Paul Rogers
paulgrog...@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-15 Thread Pol Vangheluwe 
There is still life besides Intel and AMD:

More about Spectre and the PowerPC (or why you may want to dust that G3 off) 

pvg


> 
> -- 
> http://lists.linuxfromscratch.org/listinfo/lfs-support
> FAQ: http://www.linuxfromscratch.org/blfs/faq.html
> Unsubscribe: See the above information page
> 
> Do not top post on this list.
> 
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing in e-mail?
> 
> http://en.wikipedia.org/wiki/Posting_style

-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-15 Thread Thomas Seeling 
Hallo,

> Not all the microcode is to fix Spectre!
> 
> My experience is that intel microcode for older processors does not
> get changed, but they copy it into the latest tarball.  When I

I dowloaded the 2018 microcode package and to my big surprise I found
files for old CPUs where there was no microcode update before.
06-17-06
06-0f-0b (two variants of Core2 Duo)

Here's a little shell script to create initrd for microcode update early
loading like suggested in the BLFS book. It's simply the code from there
brushed up by looking up the CPU version. Change if you use AMD instead
of intel.
You need to add a line to /boot/grub/grub.cfg if it isn't there already.
The microcode file needs to be available in /sources.

menuentry "4.14.13-lfs-8.1" {
set root=(hd0,1)
linux /boot/vmlinuz-4.14.13-lfs-8.1 root=/dev/sda1 ro
initrd /boot/microcode.img
}

#!/bin/sh

cd /sources
mc=$(ls -1rt microcode*| tail -1)
test -z "${mc}" && exit 1

cpu=$(awk '/^cpu family.:/{family=$NF}
   /^model..:/{model=$NF}
   /^stepping.:/{stepping=$NF}
   END{printf"%02x-%02x-%02x",family,model,stepping}' /proc/cpuinfo)

tar xf "${mc}" intel-ucode/"${cpu}"
test -f intel-ucode/"${cpu}" || exit 1
echo "# found intel-ucode/${cpu}"
cp intel-ucode/"${cpu}" /lib/firmware/intel-ucode/

mkdir -p /boot/initrd /lib/firmware/intel-ucode
cd /boot/initrd
mkdir -p kernel/x86/microcode
cp -v /lib/firmware/intel-ucode/* kernel/x86/microcode/GenuineIntel.bin
find . | cpio -o -H newc > /boot/microcode.img


Tschau...Thomas
-- 
"Do you wanna be a legend or a passing footprint on the sands of time?"



signature.asc
Description: OpenPGP digital signature
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-14 Thread Bruce Dubbs 

Paul Rogers wrote:

Well, except if the kernel breaks something, just remove the file and
grub entry and then reboot. If a BIOS/UEFI update causes an issue, you
get the pleasure of finding out whether there is a supported downgrade
path. :-)


IF your system hasn't been "bricked".


If you are loading firmware via an initrd, how can the systemd be bricked? 
 At every boot it reverts to the original firmware.


  -- Bruce


--
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-14 Thread Paul Rogers 
> Well, except if the kernel breaks something, just remove the file and 
> grub entry and then reboot. If a BIOS/UEFI update causes an issue, you 
> get the pleasure of finding out whether there is a supported downgrade 
> path. :-)

IF your system hasn't been "bricked".

-- 
Paul Rogers
paulgrog...@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-14 Thread DJ Lucas 

On 01/13/2018 06:09 PM, Bruce Dubbs wrote:

Paul Rogers wrote:


Updating microcode can be a dangerous thing.  I've never found a need
to live on the bleeding edge of technology.


I agree about bleeding edge issues, but leading edge is OK.  My view is 
that rc releases and betas or earlier are bleeding edge and latest 
stable is leading edge.


I don't really think updating microcode is dangerous if you have 
control. After all, there is really no difference between firmware (aka 
BIOS or UEFI) loading microcode and the kernel doing it via an initrd.


Well, except if the kernel breaks something, just remove the file and 
grub entry and then reboot. If a BIOS/UEFI update causes an issue, you 
get the pleasure of finding out whether there is a supported downgrade 
path. :-)


--DJ

--
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-14 Thread Paul Rogers 
On Sat, Jan 13, 2018, at 4:09 PM, Bruce Dubbs wrote:
> Paul Rogers wrote:
> 
> > Updating microcode can be a dangerous thing.  I've never found a need
> > to live on the bleeding edge of technology.
> 
> I agree about bleeding edge issues, but leading edge is OK.  My view is 
> that rc releases and betas or earlier are bleeding edge and latest stable 
> is leading edge.
> 
> I don't really think updating microcode is dangerous if you have control. 
> After all, there is really no difference between firmware (aka BIOS or 
> UEFI) loading microcode and the kernel doing it via an initrd.
> 
>-- Bruce
> 

I agree, in principal, it's less dangerous than flashing a BIOS.  But as noted, 
the updates rushed out initially have caused new stability problems for certain 
CPUs.  Intel has had an imperious attitude about identifying the fixes for 
users like us.  I want some "transparency" from Intel.  I consider our 
ignorance as a "lack of control."  I just want to know if the microcode in the 
bundle for Conroes has actually been updated for Spectre--if I were to assume 
it has been, and it has not, nothing good can come from it.  One of the Conroes 
I have in service is a Quad-Extreme, two 2.93MHz chips in a MCM package, not 
quite the common thing and I think perhaps worthy of special attention.

-- 
Paul Rogers
paulgrog...@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-13 Thread Bruce Dubbs 

Paul Rogers wrote:


Updating microcode can be a dangerous thing.  I've never found a need
to live on the bleeding edge of technology.


I agree about bleeding edge issues, but leading edge is OK.  My view is 
that rc releases and betas or earlier are bleeding edge and latest stable 
is leading edge.


I don't really think updating microcode is dangerous if you have control. 
After all, there is really no difference between firmware (aka BIOS or 
UEFI) loading microcode and the kernel doing it via an initrd.


  -- Bruce

--
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-13 Thread Paul Rogers 
> I don't have any love for general initrds, but using an initrd for
> microcode allows early loading - for a few intel machines with buggy
> microcode, that is the only available method.

Sure, if it comes to that being necessary.  Otherwise, I'll opt for late 
loading whenever possible.  AFAICT, none of my machines are members of that 
"few".

> 
> But since you aren't going to load new microcode without knowing
> what it does (I suppose that means knowing what it claims to fix,
> otherwise you would not be looking at microcode at all), for your
> older machines I guess you will never apply any.
> 
> ĸen

I don't know.  I suspect there's a chance Intel *may* start publishing a 
Changelog.  It really need not be so detailed that it reveals "trade secrets".  
And I could make-do with a report that certain updates *do* mitigate Spectre.

Intel has withdrawn some of the updates because they caused new problems.  
Updating microcode can be a dangerous thing.  I've never found a need to live 
on the bleeding edge of technology.

-- 
Paul Rogers
paulgrog...@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-12 Thread Ken Moffat 
On Fri, Jan 12, 2018 at 02:31:27PM -0800, Paul Rogers wrote:

> > For matching filenames to hardware, I guess you mean the family -
> > - model - stepping part : I don't know of any way to convert that to
> > particular CPUs,
> 
> /proc/cpuinfo gives us that, plus the microcode level.
> 
No, it gives you that for the current CPU.  I thought you were
asking how to translate the file names in general.
> 
> I have avoided using initrds, and want to continue to do so.  I don't build 
> POD with the idea it will be thrown at arbitrary hardware.  Initial kernels 
> are built monolithically to boot on reasonably common hardware of a certain 
> vintage, but after booting the sysadmin is expected to soon build a 
> customized kernel, eliminating a lot of HD drivers, adding NIC, ALSA, 
> AGP/FB/DRI--none of which are *necessary* to boot.

I don't have any love for general initrds, but using an initrd for
microcode allows early loading - for a few intel machines with buggy
microcode, that is the only available method.

But since you aren't going to load new microcode without knowing
what it does (I suppose that means knowing what it claims to fix,
otherwise you would not be looking at microcode at all), for your
older machines I guess you will never apply any.

ĸen
-- 
Truth, in front of her huge walk-in wardrobe, selected black leather
boots with stiletto heels for such a barefaced truth.
 - Unseen Academicals
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-12 Thread Paul Rogers 
> 
> Not all the microcode is to fix Spectre!

True enough, but I don't feel an urgency to fix anything else.  ;-)

> 
> My experience is that intel microcode for older processors does not
> get changed, but they copy it into the latest tarball.  

Intel took some heat for their early attempts at deflection, which is why 
they've released this ancient microcode, I suppose.  The question remains 
whether it, say the P3 microcode, patches the Spectre flaw--if anybody still at 
Intel even knows the P3 microcode well enough to do it!

> 
> And no, I also don't think CPUs before the Pentium4 can have
> microcode updated at runtime.  But the P3 is apparently used in
> embedded products, perhaps manufacturers can use the microcode to
> refresh their bios.

Perhaps, but one sees little incentive for them.  I think we have to go 
straight for the CPU ourselves with the Linux kernel.

> 
> If you get microcode for an old Intel CPU, and load it, you should
> be able to see in dmesg the before/after versions, and the date.
> Alternatively, your motherboard may already be using that version.

/proc/cpuinfo says I've got microcode 0xcb on my twin Conroes.  I'm not even 
going to *try* to update the microcode unless and until I can establish it's 
going to mitigate Spectre.  Only one good thing can happen, many bad things. 

A couple years ago, when I backed up my i7-940 with an i7-870, I checked for 
microcode updates.  The 870 had one/some, the 940 did not.  Likewise, even if 
updates are published, I need to know what they do before I make a move.

> 
> For matching filenames to hardware, I guess you mean the family -
> - model - stepping part : I don't know of any way to convert that to
> particular CPUs,

/proc/cpuinfo gives us that, plus the microcode level.


> 
> If you still have a problem, please ask.

I'm not going to *create* a problem until I have some confidence it's worth the 
risk.  I'm certainly not going to take the risk, just to end up with the same 
microcode level.  I want to see something from Intel that details what 
microcode levels each of those files are at, and given the nature of things, 
that Spectre is or is not mitigated.

> 
> One further comment: although the debian microcode that I posted
> about last week does work as a (large) initrd to cover multiple
> machines (in early loading), I have no idea how to generate such a
> multi-machine initrd.  That is why near the top of the page I wrote:
> "Preparing firmware for multiple different machines, as a distro
> would do, is outside the scope of this book."
> 
> ĸen

I have avoided using initrds, and want to continue to do so.  I don't build POD 
with the idea it will be thrown at arbitrary hardware.  Initial kernels are 
built monolithically to boot on reasonably common hardware of a certain 
vintage, but after booting the sysadmin is expected to soon build a customized 
kernel, eliminating a lot of HD drivers, adding NIC, ALSA, AGP/FB/DRI--none of 
which are *necessary* to boot.

-- 
Paul Rogers
paulgrog...@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

Re: [lfs-support] Intel microcode updates adding confusion?

2018-01-12 Thread Ken Moffat 
On Fri, Jan 12, 2018 at 09:48:11AM -0800, Paul Rogers wrote:
> This morning I was referred to this site with microcode updates:
> https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
> 
> But it claims to have microcode updates going back to the venerable "P54" 
> Pentium-90 and "P55" Pentium-233 MMX.  I'm confused.  We're not told these 
> i586 CPUs, which don't do speculative execution, are susceptible to SPECTRE.  
> I don't recall reading microcode *could* be updated on them!  I was afraid 
> microcode for the Pentium-3 family, a few of which I *can* still run, would 
> be neglected, but I don't know what to make of all this.  Making sense of 
> Intel's file names as relates to particular hardware is also obscure to me.
> 

Not all the microcode is to fix Spectre!

My experience is that intel microcode for older processors does not
get changed, but they copy it into the latest tarball.  When I
looked at debian last week, the documentation suggested that old
microcode sometimes got removed, probably as a cleanup of the site.
I'm not sure if that still happens.

And no, I also don't think CPUs before the Pentium4 can have
microcode updated at runtime.  But the P3 is apparently used in
embedded products, perhaps manufacturers can use the microcode to
refresh their bios.

If you get microcode for an old Intel CPU, and load it, you should
be able to see in dmesg the before/after versions, and the date.
Alternatively, your motherboard may already be using that version.

For matching filenames to hardware, I guess you mean the family -
- model - stepping part : I don't know of any way to convert that to
particular CPUs, but if you read the current svn version of the BLFS
book it should tell you how to translate the values for your current
CPU.

http://www.linuxfromscratch.org/blfs/view/svn/postlfs/firmware.html

If you still have a problem, please ask.  I _think_ I got the Intel
part (including the late and early examples) consistent when I
updated it, but it's a very long and complicated page, things might
still be unclear to people who have never updated microcode before.

One further comment: although the debian microcode that I posted
about last week does work as a (large) initrd to cover multiple
machines (in early loading), I have no idea how to generate such a
multi-machine initrd.  That is why near the top of the page I wrote:
"Preparing firmware for multiple different machines, as a distro
would do, is outside the scope of this book."

ĸen
-- 
Truth, in front of her huge walk-in wardrobe, selected black leather
boots with stiletto heels for such a barefaced truth.
 - Unseen Academicals
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style

[lfs-support] Intel microcode updates adding confusion?

2018-01-12 Thread Paul Rogers 
This morning I was referred to this site with microcode updates:
https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File

But it claims to have microcode updates going back to the venerable "P54" 
Pentium-90 and "P55" Pentium-233 MMX.  I'm confused.  We're not told these i586 
CPUs, which don't do speculative execution, are susceptible to SPECTRE.  I 
don't recall reading microcode *could* be updated on them!  I was afraid 
microcode for the Pentium-3 family, a few of which I *can* still run, would be 
neglected, but I don't know what to make of all this.  Making sense of Intel's 
file names as relates to particular hardware is also obscure to me.

-- 
Paul Rogers
paulgrog...@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Do not top post on this list.

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

http://en.wikipedia.org/wiki/Posting_style