| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| spectre_and_meltdown_fixes_-_release_dates_for_linux_distros [09.04.2018 16:40] – [Understanding the release notes] Pascal Suter | spectre_and_meltdown_fixes_-_release_dates_for_linux_distros [10.04.2018 05:52] – [Understanding the microcode release notes] Pascal Suter |
|---|
| If you do worry about meltdown and want to upgrade the microcode through a new bios, you can find a list of the latest BIOS releases that contain Variant 2 fixes in their included microcode on this [[https://www.intel.com/content/www/us/en/support/articles/000026622/server-products.html|Intel-SA-00088 for Intel® Server Boards]] overview page. The list is updated as soon as new bioses become available. | If you do worry about meltdown and want to upgrade the microcode through a new bios, you can find a list of the latest BIOS releases that contain Variant 2 fixes in their included microcode on this [[https://www.intel.com/content/www/us/en/support/articles/000026622/server-products.html|Intel-SA-00088 for Intel® Server Boards]] overview page. The list is updated as soon as new bioses become available. |
| |
| ==== Understanding the release notes ==== | ===== Understanding the microcode release notes ===== |
| Intel's Microcode releasenotes are somewhat cryptic. Here is how to read the following lines of the current release notes: <code> | Intel's Microcode releasenotes are somewhat cryptic. Here is how to read the following lines of the current release notes: <code> |
| -- Updates upon 20171117 release -- | -- Updates upon 20171117 release -- |
| * ''06-4e-03'' is actually the most useful part, it tells you what cpu that is in cpu-family, model and stepping. you can get this information from ''/proc/cpuinfo'' with this command: <code> | * ''06-4e-03'' is actually the most useful part, it tells you what cpu that is in cpu-family, model and stepping. you can get this information from ''/proc/cpuinfo'' with this command: <code> |
| grep -P "^(cpu family)|(model\s*:)|(stepping)" /proc/cpuinfo | tail -3 | grep -P "^(cpu family)|(model\s*:)|(stepping)" /proc/cpuinfo | tail -3 |
| </code>. ''06'' is the family, ''4e'' is the stepping in HEX format (use google or a scientific calculator to convert if you are lazy :)) and ''03'' is the stepping. | </code>. ''06'' is the family, ''4e'' is the model in HEX format (use google or a scientific calculator to convert if you are lazy :)) and ''03'' is the stepping. |
| * the last part ''ba->c2'' is the relevant part of the version number that changed. For this specific Skylake CPU the Spectre Patch is supposed to be in releases ''0xc2'' or newer, so this one here contains the patch. Sadly the list with all these releases is under NDA, so i can't share it here. But in general you can expect everything that is released starting with the current package to have the fix in place. | * the last part ''ba->c2'' is the relevant part of the version number that changed. For this specific Skylake CPU the Spectre Patch is supposed to be in releases ''0xc2'' or newer, so this one here contains the patch. Sadly the list with all these releases is under NDA, so i can't share it here. But in general you can expect everything that is released starting with the current package to have the fix in place. |
| * by the way, ''06-4e-03'' is also the filename of that microcode. | * by the way, ''06-4e-03'' is also the filename of that microcode. |
| | * rather than browsing through the entire history of the release notes you can also check the version of a specific microcode file using this command: ''iucode_tool -l intel-ucode/06-4f-01'' |
| | |
| ===== Minimalistic Fix on CentOS 7.4 ===== | ===== Minimalistic Fix on CentOS 7.4 ===== |
| Should you, for some reason, not be able or willing to run a full update, I have here a minimalistic fix for your centos: | Should you, for some reason, not be able or willing to run a full update, I have here a minimalistic fix for your centos: |