problem updating Intel microcode
836 views
Skip to first unread message
Paul Dufresne
Jan 11, 2018, 11:52:58 PM1/11/18
to nix-devel
[I have no clue why Google think this message is from tig...@aivazian.fsnet.co.uk, this is not my email address, and I have no idea where it is coming from]
I was happy to see that we have a new package for the newly release Intel microcode:
https://nixos.org/nixos/packages.html#microcode
Now looking at it, I have the strange feeling something is wrong.
When I look at https://github.com/NixOS/nixpkgs/blob/360089b3521af0c69a5167870c80851dedf19d76/pkgs/os-specific/linux/microcode/intel.nix#L17
it seems to think that the Intel .tgz file contains the ./intel-microcode2ucode.c but I see no such file in the archive.
I might very well be wrong on the origin of this file, I am just beginning to read .nix files.
My particular computer is a Dell Optiplex 745 with a E6300 Duo processor running at 1.8 GHz:
root@pnixos:/home/paul/Downloads]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
stepping : 6
microcode : 0x44
cpu MHz : 1600.000
cache size : 2048 KB
I searched and believe code name for this was Conroe.
Now, I have seen that my BIOS is an old 2006 version, and a newer version of 2014 is available.
I guess it does not matter too much.
I believe my processor is listed on the release page:
https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File
Now the microcode version have stay the same before and after I installed the package (I tried both nixenv -iA and in /etc/nixos/configuration.nix file, and rebooted.
The dmesg is unclear about the date of the microcode:
[paul@pnixos:~]$ dmesg | grep microcode
[ 0.579871] microcode: sig=0x6f6, pf=0x1, revision=0x44
[ 0.579928] microcode: Microcode Update Driver: v2.01 <tig...@aivazian.fsnet.co.uk>, Peter Oruba
[ 2388.581922] microcode: error! Bad data in microcode data file
[ 2434.072790] microcode: error! Bad data in microcode data file
[ 2449.721974] microcode: error! Bad data in microcode data file
[ 3160.548751] microcode: error! Bad data in microcode data file
[ 3223.125768] microcode: error! Bad data in microcode data file
[ 5146.113251] microcode: error! Bad data in microcode data file
Now the error! Bad data in microcode data file are each instance of me trying to install the microcode with the old way:
[root@pnixos:/home/paul/Downloads/microcode]# dd if=microcode.dat of=/dev/cpu/microcode bs=1M
dd: erreur d'écriture dans '/dev/cpu/microcode': Invalid argument
1+0 enregistrements lus
0+0 enregistrements écrits
0 bytes copied, 0,00498447 s, 0,0 kB/s
[root@pnixos:/home/paul/Downloads/microcode]# ls
intel-ucode microcode-20180108.tgz microcode.dat releasenote
[root@pnixos:/home/paul/Downloads/microcode]# ls intel-ucode/
06-03-02 06-06-0a 06-08-06 06-0d-06 06-0f-0b 06-1a-05 06-26-01 06-3d-04 06-46-01 06-56-04 06-9e-0a 0f-02-06 0f-04-03 0f-06-04
06-05-00 06-06-0d 06-08-0a 06-0e-08 06-0f-0d 06-1c-02 06-2a-07 06-3e-04 06-47-01 06-5c-09 06-9e-0b 0f-02-07 0f-04-04 0f-06-05
06-05-01 06-07-01 06-09-05 06-0e-0c 06-16-01 06-1c-0a 06-2d-06 06-3e-06 06-4e-03 06-5e-03 0f-00-07 0f-02-09 0f-04-07 0f-06-08
06-05-02 06-07-02 06-0a-00 06-0f-02 06-17-06 06-1d-01 06-2d-07 06-3e-07 06-4f-01 06-7a-01 0f-00-0a 0f-03-02 0f-04-08
06-05-03 06-07-03 06-0a-01 06-0f-06 06-17-07 06-1e-05 06-2f-02 06-3f-02 06-55-04 06-8e-09 0f-01-02 0f-03-03 0f-04-09
06-06-00 06-08-01 06-0b-01 06-0f-07 06-17-0a 06-25-02 06-3a-09 06-3f-04 06-56-02 06-8e-0a 0f-02-04 0f-03-04 0f-04-0a
06-06-05 06-08-03 06-0b-04 06-0f-0a 06-1a-04 06-25-05 06-3c-03 06-45-01 06-56-03 06-9e-09 0f-02-05 0f-04-01 0f-06-02
I seems to be unable to confirm that revision=0x44 is an old version.
I have seen that there is a tool that can help know if you need the update or not:
https://gitlab.com/iucode-tool/iucode-tool
but I think we do not have a nix file for that.
[root@pnixos:/home/paul/Downloads/microcode]# ls -lh /nix/store/*microcode*/
total 1,6M
-r--r--r-- 1 root root 1,6M 31 déc 1969 intel-ucode.img
hum... date seems wrong.
He... someone have an idea what I need to do?
I was happy to see that we have a new package for the newly release Intel microcode:
https://nixos.org/nixos/packages.html#microcode
Now looking at it, I have the strange feeling something is wrong.
When I look at https://github.com/NixOS/nixpkgs/blob/360089b3521af0c69a5167870c80851dedf19d76/pkgs/os-specific/linux/microcode/intel.nix#L17
it seems to think that the Intel .tgz file contains the ./intel-microcode2ucode.c but I see no such file in the archive.
I might very well be wrong on the origin of this file, I am just beginning to read .nix files.
My particular computer is a Dell Optiplex 745 with a E6300 Duo processor running at 1.8 GHz:
root@pnixos:/home/paul/Downloads]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
stepping : 6
microcode : 0x44
cpu MHz : 1600.000
cache size : 2048 KB
I searched and believe code name for this was Conroe.
Now, I have seen that my BIOS is an old 2006 version, and a newer version of 2014 is available.
I guess it does not matter too much.
I believe my processor is listed on the release page:
https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File
Now the microcode version have stay the same before and after I installed the package (I tried both nixenv -iA and in /etc/nixos/configuration.nix file, and rebooted.
The dmesg is unclear about the date of the microcode:
[paul@pnixos:~]$ dmesg | grep microcode
[ 0.579871] microcode: sig=0x6f6, pf=0x1, revision=0x44
[ 0.579928] microcode: Microcode Update Driver: v2.01 <tig...@aivazian.fsnet.co.uk>, Peter Oruba
[ 2388.581922] microcode: error! Bad data in microcode data file
[ 2434.072790] microcode: error! Bad data in microcode data file
[ 2449.721974] microcode: error! Bad data in microcode data file
[ 3160.548751] microcode: error! Bad data in microcode data file
[ 3223.125768] microcode: error! Bad data in microcode data file
[ 5146.113251] microcode: error! Bad data in microcode data file
Now the error! Bad data in microcode data file are each instance of me trying to install the microcode with the old way:
[root@pnixos:/home/paul/Downloads/microcode]# dd if=microcode.dat of=/dev/cpu/microcode bs=1M
dd: erreur d'écriture dans '/dev/cpu/microcode': Invalid argument
1+0 enregistrements lus
0+0 enregistrements écrits
0 bytes copied, 0,00498447 s, 0,0 kB/s
[root@pnixos:/home/paul/Downloads/microcode]# ls
intel-ucode microcode-20180108.tgz microcode.dat releasenote
[root@pnixos:/home/paul/Downloads/microcode]# ls intel-ucode/
06-03-02 06-06-0a 06-08-06 06-0d-06 06-0f-0b 06-1a-05 06-26-01 06-3d-04 06-46-01 06-56-04 06-9e-0a 0f-02-06 0f-04-03 0f-06-04
06-05-00 06-06-0d 06-08-0a 06-0e-08 06-0f-0d 06-1c-02 06-2a-07 06-3e-04 06-47-01 06-5c-09 06-9e-0b 0f-02-07 0f-04-04 0f-06-05
06-05-01 06-07-01 06-09-05 06-0e-0c 06-16-01 06-1c-0a 06-2d-06 06-3e-06 06-4e-03 06-5e-03 0f-00-07 0f-02-09 0f-04-07 0f-06-08
06-05-02 06-07-02 06-0a-00 06-0f-02 06-17-06 06-1d-01 06-2d-07 06-3e-07 06-4f-01 06-7a-01 0f-00-0a 0f-03-02 0f-04-08
06-05-03 06-07-03 06-0a-01 06-0f-06 06-17-07 06-1e-05 06-2f-02 06-3f-02 06-55-04 06-8e-09 0f-01-02 0f-03-03 0f-04-09
06-06-00 06-08-01 06-0b-01 06-0f-07 06-17-0a 06-25-02 06-3a-09 06-3f-04 06-56-02 06-8e-0a 0f-02-04 0f-03-04 0f-04-0a
06-06-05 06-08-03 06-0b-04 06-0f-0a 06-1a-04 06-25-05 06-3c-03 06-45-01 06-56-03 06-9e-09 0f-02-05 0f-04-01 0f-06-02
I seems to be unable to confirm that revision=0x44 is an old version.
I have seen that there is a tool that can help know if you need the update or not:
https://gitlab.com/iucode-tool/iucode-tool
but I think we do not have a nix file for that.
[root@pnixos:/home/paul/Downloads/microcode]# ls -lh /nix/store/*microcode*/
total 1,6M
-r--r--r-- 1 root root 1,6M 31 déc 1969 intel-ucode.img
hum... date seems wrong.
He... someone have an idea what I need to do?
Paul Dufresne
Jan 11, 2018, 11:56:42 PM1/11/18
to nix-devel
[root@pnixos:/home/paul/Downloads/microcode]# zcat /proc/config.gz|grep MICROCODE
CONFIG_MICROCODE=y
CONFIG_MICROCODE_INTEL=y
CONFIG_MICROCODE_AMD=y
CONFIG_MICROCODE_OLD_INTERFACE=y
[root@pnixos:/home/paul/Downloads/microcode]# ls -lh /dev/cpu/microcode
crw------- 1 root root 10, 184 11 jan 21:46 /dev/cpu/microcode
And now I see the email was from the guy who made Microcode Update Driver: v2.01.
CONFIG_MICROCODE=y
CONFIG_MICROCODE_INTEL=y
CONFIG_MICROCODE_AMD=y
CONFIG_MICROCODE_OLD_INTERFACE=y
[root@pnixos:/home/paul/Downloads/microcode]# ls -lh /dev/cpu/microcode
crw------- 1 root root 10, 184 11 jan 21:46 /dev/cpu/microcode
And now I see the email was from the guy who made Microcode Update Driver: v2.01.
Peter Hoeg
Jan 12, 2018, 12:48:23 AM1/12/18
to Paul Dufresne, nix-devel
Hi Paul,
> ./intel-microcode2ucode.c but I see no such file in the archive.
It's referencing ${./intel-microcode2ucode.c} which is not in the source directory but instead inside nixpkgs.
> -r--r--r-- 1 root root 1,6M 31 déc 1969 intel-ucode.img
> hum... date seems wrong.
That's the date for everything in the nix store.
--
Regards,
Peter
> ./intel-microcode2ucode.c but I see no such file in the archive.
> -r--r--r-- 1 root root 1,6M 31 déc 1969 intel-ucode.img
> hum... date seems wrong.
--
Regards,
Peter
Paul Dufresne
Jan 12, 2018, 1:00:36 AM1/12/18
to nix-devel
Ah ok.
I have seen that this program is to create intel-microcode directory with all the individual files for each family-model-steppings.
But this is already done in the latest version.
I finally was able to do it by using the new way:
I have seen that this program is to create intel-microcode directory with all the individual files for each family-model-steppings.
But this is already done in the latest version.
I finally was able to do it by using the new way:
To update the intel-ucode package to the system, one need: 1. Ensure the existence of /sys/devices/system/cpu/microcode/reload 2. Copy intel-ucode directory to /lib/firmware, overwrite the files in /lib/firmware/intel-ucode/ 3. Write the reload interface to 1 to reload the microcode files, e.g. echo 1 > /sys/devices/system/cpu/microcode/reload
So:
# mkdir -p /lib/firmware/
# cp -r intel-ucode/ /lib/firmware
# echo 1 > /sys/devices/system/cpu/microcode/reload
Now I came from revision 0x44 to 0xd0
[root@pnixos:/home/paul/Downloads/microcode]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
stepping : 6
microcode : 0xd0
cpu MHz : 1600.000
I am so happy to know that my computer will now be slower! :) [but more secure]
So this seems to suggest that the current package does not work.
I don't see how the following is suppose to do the trick:
| installPhase = '' |
| mkdir -p $out kernel/x86/microcode |
| mv microcode.bin kernel/x86/microcode/GenuineIntel.bin |
| echo kernel/x86/microcode/GenuineIntel.bin | bsdcpio -o -H newc -R 0:0 > $out/intel-ucode.img |
Paul Dufresne
Jan 12, 2018, 1:20:28 AM1/12/18
to nix-devel
Sadly after rebooting, the processor microcode revision have switched back to old 0x44 value.
[root@pnixos:/etc/pulse]# cat /proc/cpuinfo | grep microcode
microcode : 0x44
microcode : 0x44
[root@pnixos:/etc/pulse]# echo 1 > /sys/devices/system/cpu/microcode/reload
[root@pnixos:/etc/pulse]# cat /proc/cpuinfo | grep microcode
microcode : 0xd0
microcode : 0xd0
So, a service would be necessary to execute this single line?
[root@pnixos:/etc/pulse]# cat /proc/cpuinfo | grep microcode
microcode : 0x44
microcode : 0x44
[root@pnixos:/etc/pulse]# echo 1 > /sys/devices/system/cpu/microcode/reload
[root@pnixos:/etc/pulse]# cat /proc/cpuinfo | grep microcode
microcode : 0xd0
microcode : 0xd0
So, a service would be necessary to execute this single line?
Leo Gaspard
Jan 12, 2018, 1:25:12 AM1/12/18
to Paul Dufresne, nix-devel
(sorry for double-replying to you, I used the wrong email address at
first and got denied posting to the list)
HTH,
Leo
[1] https://nixos.org/nixos/options.html#microcode
[2]
https://github.com/NixOS/nixpkgs/blob/release-17.09/nixos/modules/hardware/cpu/intel-microcode.nix
Paul Dufresne
Jan 12, 2018, 1:50:09 AM1/12/18
to nix-devel
Yes! Thanks!
I did not know we could search for Nixos options.
Adding "hardware.cpu.intel.updateMicrocode = true;" to /etc/nixos/configuration.nix (maybe I should have put it in hardware.nix)...
#sudo nixos-rebuld --upgrade switch
reboot...
And now:
[paul@pnixos:/etc/pulse]$ dmesg | grep microcode
[ 0.000000] microcode: microcode updated early to revision 0xd0, date = 2010-09-30
[ 0.642337] microcode: sig=0x6f6, pf=0x1, revision=0xd0
[ 0.642393] microcode: Microcode Update Driver: v2.01 <removed email>, Peter Oruba
[paul@pnixos:/etc/pulse]$
What is funny is the year, 2010, would almost suggest that there was no update for the meltdown vulnerability.
I did not know we could search for Nixos options.
Adding "hardware.cpu.intel.updateMicrocode = true;" to /etc/nixos/configuration.nix (maybe I should have put it in hardware.nix)...
#sudo nixos-rebuld --upgrade switch
reboot...
And now:
[paul@pnixos:/etc/pulse]$ dmesg | grep microcode
[ 0.000000] microcode: microcode updated early to revision 0xd0, date = 2010-09-30
[ 0.642337] microcode: sig=0x6f6, pf=0x1, revision=0xd0
[ 0.642393] microcode: Microcode Update Driver: v2.01 <removed email>, Peter Oruba
[paul@pnixos:/etc/pulse]$
What is funny is the year, 2010, would almost suggest that there was no update for the meltdown vulnerability.
an...@nix-devel.l.notmuch.email
Jan 12, 2018, 9:37:59 AM1/12/18
to nix-devel, Paul Dufresne
While we are at that topic:
While I was testing those intel updates I discovered that my primarly
notebook (Thinkpad T460p) doesn't accept any kind of uCode updates
anymore - other machines of the same kind do. The only way to update the
microcode is by updating the BIOS firmware (and potentially patching old
updates with newer ucode? Haven't tried yet).
Older machines that I've around accept it as well..
I recall an "ancient" BIOS switch where you could disable microcode
updates from userspace/after POST. But those aren't to be found anymore.
Anyway I'd like to hear from people with similar (or newer) machines
that also do not accept the microcode update after enabling the
mentioned nixos option and reboot after an nixos-rebuild {boot, switch}.
As far as I could see the only derivation from "mainstream"
configuration that I am running is:
- Disabled WWAN
- Disabled Camera
- Disabled Microphone
- Boot password (no disk password, LUKS does that way better..)
- Custom Secure Boot keys, removed all the Lenovo & Microsoft keys.
Anyone running a similar setup and observing such issues?
Regards,
andi-
While I was testing those intel updates I discovered that my primarly
notebook (Thinkpad T460p) doesn't accept any kind of uCode updates
anymore - other machines of the same kind do. The only way to update the
microcode is by updating the BIOS firmware (and potentially patching old
updates with newer ucode? Haven't tried yet).
Older machines that I've around accept it as well..
I recall an "ancient" BIOS switch where you could disable microcode
updates from userspace/after POST. But those aren't to be found anymore.
Anyway I'd like to hear from people with similar (or newer) machines
that also do not accept the microcode update after enabling the
mentioned nixos option and reboot after an nixos-rebuild {boot, switch}.
As far as I could see the only derivation from "mainstream"
configuration that I am running is:
- Disabled WWAN
- Disabled Camera
- Disabled Microphone
- Boot password (no disk password, LUKS does that way better..)
- Custom Secure Boot keys, removed all the Lenovo & Microsoft keys.
Anyone running a similar setup and observing such issues?
Regards,
andi-
Leo Gaspard
Jan 12, 2018, 11:01:57 AM1/12/18
to nix-...@googlegroups.com, Paul Dufresne
the microcode update: [1] states current unstable is at f607771d0f5, and
if I can trust git log the microcode update has been added at
3314c421ab5a340f14e452fa0e8939adcf4c9c2f, which is later.
So you'll likely have to either wait for unstable to update once again,
or cherry-pick the microcode update into your local configuration.
That said, having year 2010 is a bit odd, as already last November the
version was supposed to be 20170707.
[1] https://howoldis.herokuapp.com/
Paul Dufresne
Jan 12, 2018, 3:11:47 PM1/12/18
to nix-devel
I believe the CPU of the Thinkpad T460p is Family=6-Model=0x94-Stepping=3.
Source: https://launchpadlibrarian.net/299178605/ProcCpuinfo.txt from https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1651454.
This CPU is not listed in the current 20180108 version.
So I guess it is normal you cannot update it with this version.
I guess it means your CPU is not affected by Meltdown vulnerability.
Source: https://launchpadlibrarian.net/299178605/ProcCpuinfo.txt from https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1651454.
This CPU is not listed in the current 20180108 version.
So I guess it is normal you cannot update it with this version.
I guess it means your CPU is not affected by Meltdown vulnerability.
Message has been deleted
Paul Dufresne
Jan 12, 2018, 3:24:45 PM1/12/18
to nix-devel
>I guess you are running unstable?
No, stable.
[paul@pnixos:/etc/pulse]$ sudo nix-channel --list
[sudo] Mot de passe de paul :
nixos https://nixos.org/channels/nixos-17.09
[sudo] Mot de passe de paul :
nixos https://nixos.org/channels/nixos-17.09
[paul@pnixos:/etc/pulse]$ nix search -u microcode-intel
Attribute name: nixpkgs.microcodeIntel
Package name: microcode-intel
Version: 20180108
Description: Microcode for Intel processors
Attribute name: nixpkgs.microcodeIntel
Package name: microcode-intel
Version: 20180108
Description: Microcode for Intel processors
[paul@pnixos:/etc/pulse]$ nixos-version
17.09.2683.360089b3521 (Hummingbird)
17.09.2683.360089b3521 (Hummingbird)
Paul Dufresne
Jan 12, 2018, 3:34:29 PM1/12/18
to nix-devel
On Friday, January 12, 2018 at 3:11:47 PM UTC-5, Paul Dufresne wrote:
I believe the CPU of the Thinkpad T460p is Family=6-Model=0x94-Stepping=3.
Oops, 94 is in decimal, so 5E in hexa.
So we have 06-5E-03, and indeed there is a pach for it.
So I don't know why it does not apply it for you.
Paul Dufresne
Jan 13, 2018, 11:10:21 PM1/13/18
to nix-devel
Oops, yeah, my user paul is in unstable, but root is in stable:
[paul@pnixos:~/.nix-profile]$ nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable
[paul@pnixos:~/.nix-profile]$ sudo nix-channel --list
[paul@pnixos:~/.nix-profile]$ nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable
[paul@pnixos:~/.nix-profile]$ sudo nix-channel --list
It must be when I installed nix 1.12.
I thought it was activating unstable, only the time to install that package...
but it looks like it did just activate unstable.
I thought it was activating unstable, only the time to install that package...
but it looks like it did just activate unstable.
Reply all
Reply to author
Forward
0 new messages