Microcodes for Spectre & Meltdown Discussion


Do you happen to own such system or are you notifying those who might?

No. Tried it in a Windows 7 Prof. virtual machine, stop error…

cpu106A5_plat03_ver0000001C_2018-01-24_PRD_77105048
cpu206C2_plat03_ver0000001E_2018-01-23_PRD_B8C45629
cpu206F2_plat05_ver0000003A_2018-01-19_PRD_9CAD50BA
cpu206E6_plat04_ver0000000C_2018-01-18_PRD_AFAC8230

mc.rar (44.2 KB)

@noInk


Hi, I asked the previous question to you because it is not possible to extract the new microcodes from that HPE BIOS without an actual such system. The setup does not let you continue and thus decrypt the BIOS. If you have that system, can you run the setup and attach the decrypted BIOS (I think it is 1 or 2 MB) so that everyone can get the new microcodes?



thanks for this new MicroCodes.
no problem patching 206C2 to my AMI Bios with MMTool - but 106A5 gives an error "this is not a valid CPU MicroCode Patch file".
I remember there was an similar error on previous MicroCodes and somebody fixed it.
Actually no big deal as I’m running a Xeon X5690 but just wondering…


Append 0x00 padding of 0x400 size at the microcode end.

@plutomaniac

Hi, the microcode are already attached on your previous post.

finally i update my bios using new microcode, mmtools and now is proctect spectre and meltdown

using cpu206C2_plat03_ver0000001E_2018-01-23_PRD_B8C45629

thanks




These were from another system’s BIOS but if the ones from that HPE system are the same (check via MC Extractor) then ok.


Read this - https://www.mail-archive.com/ipxe-devel@…g/msg03393.html


Perfect, thank you very much!

Capture.PNG



From what I can tell, ROMPAQ is a DOS only utility.

https://www.bleepingcomputer.com/news/se…ed-branchscope/

:confused:
microcodeupdate protect for this?



they say a mc update is not required and it s already fixed because of the spectre patches, but who knows…it s intel…
The next microcode update will disable any cpu feature Lol, the best future proof fix


how bad is the update for sandybridge, i m a bit scared

FWIW, the 0x106a5 rev 0x1c data file is strictly correct (and works quite well on a xeon x5550). It is 100% compliant to the Intel documentation, which only asks for a 1KiB size alignment (among other details). There has never been any requirement that it should be a multiple of 2KiB or 4KiB for that matter.

Any tool that complains about its size is simply being annoying. It should have added whatever padding it wanted silently (e.g. to round up to flash page size, or to a particular BIOS implementation’s quirks).

Still no fix available against Spectre for Asus Z97-K , Haswell-DT , Intel Quadcore i7 4770K…??
Latest Bios-version from April 2016 , 2902 bios . ( !!)

April 2 2018
https://newsroom.intel.com/wp-content/up…te-guidance.pdf
Production Status:
Stopped – After a comprehensive investigation of the microarchitectures and microcode capabilities for these products,
Intel has determined to not release microcode updates for these products

edit: 2018-04-03
Gulftown: Production(0x1E) → Stopped.

Well, yeah. Maybe for the Core2 and some of the older stuff, before Core i*. But as far as I can tell, looks like technical reasons are NOT the case for Nehalem and Westmere. In fact, I am running a Spectre-protected Nehalem Xeon right now, and FWIW the microcode seems to do what is written in the tin as far as trying the several public exploits go. And if it works on Nehalem, it would work on Westmere just fine.

The Nehalem and Westmere updates are dated from the second batch of fixes, after Intel identified the root cause of the weird crashes on Broadwell… so, they have been in "beta" for a long time.

Westmere has an issue that, AFAIK, it really wants a bios update as well, and the microcode update could disable AES-NI on some/all? boards (e.g. Supermicro C7X58, S8SAX, and others of the same generation). Why, I have no idea (missing MSR write in BIOS to ensure it is kept enabled? Feature removal due to malfunctions? <insert paranoia reason here>?). It is also going to disable TXT and maybe even brick things if the BIOS is really outdated, or doing idiotic things to the LAPIC base address (this last one is also true for the Nehalem update, due to a security fix that went in on microcode rev 0x1a for Nehalem server).

So, the real reason for many of the "STOPs" is "lack of interest from vendors" into distributing updates… especially when it would [possibly] cause regressions without a full BIOS/UEFI platform init and ACM update (i.e. not just a microcode table update).

https://newsroom.intel.com/wp-content/up…te-guidance.pdf

All KBs are updated
https://support.microsoft.com/en-gb/help…crocode-updates

Included in the link by mbk1969, but it looks like KB4100347 is now available for the Windows 10 April 2018 Update (Windows 10 version 1803). This one includes updated microcodes for Ivy Bridge and Sandy Bridge.