# Intel Processors Microcode Datafile / Gentoo

## aCOSwt

Hello,

Is there a "good" reason why Intel does not list "Gentoo-Linux" in its rather huge list of linux distributions explicitely mentioned compatible with their microcode datafile ?

http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18148&ProdId=2558&lang=eng

In addition to this question, I would be happy to read from a member of this forum his own experience in replacing its microcode.Last edited by aCOSwt on Sun Dec 06, 2009 4:35 pm; edited 1 time in total

----------

## platojones

You'll have to ask them...but it works fine on Gentoo.

----------

## aCOSwt

Thank you platojones for your answer.

As I deduce from it that you did try, did you implement this facility of updating your microcode as a module or as a kernel built-in feature ?

Isn't there any potential security issue implementing this facility as a module ?

----------

## platojones

 *aCOSwt wrote:*   

> Thank you platojones for your answer.
> 
> As I deduce from it that you did try, did you implement this facility of updating your microcode as a module or as a kernel built-in feature ?
> 
> Isn't there any potential security issue implementing this facility as a module ?

 

Indeed, it's very simple...enable the feature in your kernel, then emerge these packages:

sys-apps/microcode-ctl

and 

sys-apps/microcode-data

Then add the microcode-ctl service to your boot level with rc-update.

I suppose there is always a potential security risk with kernel modules of any kind.  But I'm not aware of any specific attack vector for microcode updates.

UPDATE:  Sorry, I missed one of your questions.  I implemented it as a module.  But please note that the module is only loaded at boot time.  It is immediately unloaded as soon as the microcode update is complete.  So, the module does not stay resident.

----------

## aCOSwt

 *platojones wrote:*   

> I suppose there is always a potential security risk with kernel modules of any kind.  But I'm not aware of any specific attack vector for microcode updates.

 

I am not that much paranoid regarding security issues in general, but, in this particular case, I fear that the attack would have a potential huge impact and be almost untraceable.

I see on Intel's site about 6 months between the two latest versions.

How often do you perform the upgrade ?

Are there significant improvements between two releases ?

----------

## platojones

The microcode updates are very infrequent...actually, the last microcode update seems to be from 2007.  The benefits of doing this are probably negligible.  Intel doesn't say much about what is included in these updates and I haven't noticed any difference after installing the microcode update packages.  As far as getting them, the microcode-data package in portage takes care of that.  As long as you do your emerge updates on a fairly regular basis, you'll just pick them up when they appear in portage.  Here is my dmesg output showing the details of the update when I boot my machine, in case you are curious:

```

[   24.994016] microcode: CPU0 sig=0x10677, pf=0x10, revision=0x705                 

[   24.994019] platform microcode: firmware: requesting intel-ucode/06-17-07        

[   24.996325] microcode: CPU1 sig=0x10677, pf=0x10, revision=0x705                 

[   24.996327] platform microcode: firmware: requesting intel-ucode/06-17-07        

[   24.998494] microcode: CPU2 sig=0x10677, pf=0x10, revision=0x705                 

[   24.998497] platform microcode: firmware: requesting intel-ucode/06-17-07        

[   25.000733] microcode: CPU3 sig=0x10677, pf=0x10, revision=0x705                 

[   25.000736] platform microcode: firmware: requesting intel-ucode/06-17-07        

[   25.002973] Microcode Update Driver: v2.00 <tigran@aivazian.fsnet.co.uk>, Peter Oruba                                                                                

[   25.134528] Microcode Update Driver: v2.00 removed.                              

```

I guess my reasons for doing it were 1)  To see if there was any noticeable effects (answer: no) and 2)  If Intel does provide some significant microcode update, I have the mechanism in place to make use of it.

----------

## aCOSwt

 *platojones wrote:*   

> The microcode updates are very infrequent...actually, the last microcode update seems to be from 2007.

 

On Intel's site, last version is dated 9/27/2009... ???

http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18148&ProdId=2558&lang=eng

Maybe the update just consists in adding datas regarding new cpus or maybe portage is out of sync.

 *platojones wrote:*   

> I guess my reasons for doing it were 1)  To see if there was any noticeable effects (answer: no) and 2)  If Intel does provide some significant microcode update, I have the mechanism in place to make use of it.

 

 :Very Happy:  The same for me...

Thanks a lot for your feedback platojones.

----------

## platojones

You're welcome.

I should have been more specific....that is the version of the microcode bundle that is in portage.  So Gentoo is up to date.  I'm sure it depends on your specific CPU...last update for my CPU (Q9550), in the microcode bundle seems to be from 2007.

----------

## myceliv

If you are using these it's probably worth using the ~arch versions. The most recent 20090927 just got added to portage, although it's also possible to download them yourself and edit the/etc/init.d/microcode_ctl data to use e.g. /usr/local/lib/firmware/microcode.dat if you need them before they hit portage. 

I also use kernel module and boot level daemon and have noticed no practical differences on one box using them in comparison with an identical machine not using them. I'd hoped there might be slight improvements since they both use the old power hog core2 quads from just before the bump in fsb speeds and drop in power requirements, but have noticed no practical differences even though both machines are heavily loaded at all times.

----------

## aCOSwt

Well myceliv... within this area of software, this including things such as bios updates, I am never in the rush to be amongst the (un  :Evil or Very Mad:  )-happy-fews, number ones for upgrading. (H1N1 vaccine syndroma probably...  :Rolling Eyes: )...

For having worked with silicium compilers in the eighties... => hardcoded microcodes, the fact that this kind of thing can be downloaded represents an equivalent of a step on the moon...

Nevertheless, I get some Core II with L3 cache not enabled. Who knows... one day maybe... some microcode update will enable... its enabling...  :Rolling Eyes: 

Thank you myceliv for your feedback.

----------

## myceliv

 *aCOSwt wrote:*   

> Well myceliv... within this area of software, this including things such as bios updates, I am never in the rush to be amongst the (un  )-happy-fews, number ones for upgrading. (H1N1 vaccine syndroma probably... )...

 

Hehe, probably very wise, both regarding computers and life. The latest two BIOS for my fanciest mobos basically suck thoroughly while the third one back which by now is quite old works great. Actually now that you bring my attention to how little impact it seems to have had in my few benchmarks at least... I am probably going to stop using microcode updates in the future unless there is some specific fix that turns out to be needed.

----------

