Microcodes for Spectre & Meltdown Discussion

davidm71 · January 11, 2018, 3:52pm

Hi,
I kind of have a healthcare related question regarding the Spectre Meltdown flaws such that I wonder if the patches out there are secure enough for privacy healthcare concerns?

mbk1969 · January 11, 2018, 4:21pm

If you use program or site for healthcare just be sure you don`t have 100500+ tabs opened in browser (especially tabs for porn, torrents and other shady stuff) at the same time. Made sessions with this healthcare thing standalone (i.e. isolated).

100PIER · January 11, 2018, 11:38pm

@mbk1969
I have seen and downloaded from Intel site the "microcode.dat" file you refer (dated on 8th January 2018).
I understand that folder named "intel-ucode" is unuseful for Windows users.

How do you extract from the "microcode.dat" file the proper bin-files for a given CPU to be used with UBU ?
Any guide lines and specific tool will be helpful ?

For instance, I have a CPUID "0306F2" (Haswell-E Intel Core-i7-5930K, Socket 2011-v3), HWINFO64 told me (under W10 x64) the current applied Microcode Update Version is "3A" and I would like update it (with UBU Tool for my Sabertooth X99 UEFI Bios v3801), if possible , with a new microcode (if available) which does fix the Meltdown/Spectre issues.

I have checked that UBU Tool v1.69.7 does support the socket (platform ID) of this CPU because applying the "3A" Microcode update does not provide any error message (BIOS version is Aptio 5 format compliant).

The_Master · January 12, 2018, 2:08am

If this is happening there should be come a Sandy and Ivy Bridge Microcode update dream.

mbk1969 · January 12, 2018, 10:28am

@100PIER

Tool would be MC Extractor Intel, AMD, VIA & Freescale Microcode Extraction Tool Discussion by plutomaniac. He explains the bin-file name pattern here https://github.com/platomav/CPUMicrocodes
Bin-file name contains CPUID, but truncated to 5 digits.
And after you locate proper bin-file you can select it in UBU with menu item “m”.

Or you just download updated UBU with microcode for your CPU
[Tool Guide+News] “UEFI BIOS Updater” (UBU) (15)

100PIER · January 12, 2018, 1:18pm

@mbk1969
Many thanks for the guiding procedure. I will take time to understand the puzzle.

With the last UBU v1.69.10 a new µCode update “3B” is offered for my CPU Haswell-E.
The “3B” µCode Revision is dated on 17th November 2017.
Do you think this Revision does fix (partially or totally) the Meltdown/Spectre issue which was ‘released’ two months after ?
I have some doubt on a so anticipated fix…
I see also on the forum some negative feedback about the last µCode revisions for some recent CPUs.
For me these revisions have probably not been “strongly qualified”.
My feeling is the recent µCode revisions for Meltdown/Spectre fixing are delivered in “a hurry” mode…

Horstfuchs · January 12, 2018, 1:30pm

@100PIER I’m not mbk1969, but regarding microcode 3B mentioned by you, I can almost guarantee you that it won’t include a spectre fix as its release date was just too early.
As for the Spectre/Meltdown-patched microcodes, at least for Haswell and Broadwell there were reports those will lead to spontaneous reboots. Now, I’m unsure if this means it will pose a problem for Haswell-E/Broadwell-E as well, but I’d refrain from updating for the moment. Intel has said that if there were problems with the new microcode, they would release a fixed version.
Anything else remains to be seen.

Skello · January 12, 2018, 2:22pm

@100PIER I do not agree with Horstfuchs’s analysis. The November 17th date for the Spectre patch is likely correct. Intel first learned about this vulnerability back in early June from one of Google’s researchers who discovered it (read their blog post). Then a long coordination process took place and other researchers independently found the same flaw and joined the effort. Intel had enough time to come up with a mitigation plan and patch. The date for coordinated public disclosure was set for Jan 9, but the information came out earlier when The Register caught wind that something big is going on behind the scenes since Linux patches (KPTI) were being pushed through review unusually fast. This is why Intel’s package with microcodes has a date of January 8, but the individual microcode patches inside have an earlier date. The microcode revision for my Haswell CPU, which has the Spectre patch, is also November 17th. There’s actually a simple and safe way you can verify that without patching the BIOS. Use the VMware driver to temporarily fling the microcode and then use Microsoft’s PowerShell utility to check for hardware mitigation support. Note: This is just for checking, as Windows will not actually enable the corresponding software patch (you need both), because the VMware driver will apply the microcode too late. However, the PowerShell script, since is executed later, will properly display the hardware support status, confirming if the microcode you flinged contains the patch or not. Will try to post a more detailed guide/explanation when I have time.

UPDATE: Check out the information in this thread.

davidm71 · January 12, 2018, 2:43pm

Was wondering if some of these microcode updates are 'Beta’s? Because my 6850k MC patch says ‘B000000025’ as opposed to 25…

Sorry do not remember particulars this morning…

Thank you

mbk1969 · January 12, 2018, 3:58pm

Paste a link to where you see ‘B000000025’

davidm71 · January 12, 2018, 4:41pm

Paste a link to where you see ‘B000000025’

https://github.com/platomav/CPUMicrocode…RD_F0B0963D.bin

Sorry one too many 0’s

plutomaniac · January 12, 2018, 4:49pm

"Beta" microcodes should be tagged as Pre-Production (PRE) release. That B, or its bits to be precise, most probably means something else. Other microcodes have 0xF, 1, 2 etc there.

100PIER · January 12, 2018, 8:44pm

Thanks Skello.
Fixing this severe issue is not an easy task…

SaFiS · January 13, 2018, 2:14am

ASUS will give updates on the Z170. You should wait…

Obi_Yoann · January 16, 2018, 9:00am

ms178:

<br />It seems that Westmere will also get a microcode update on January 26 (or earlier) - as the HP Z400 Workstation uses it and will get a BIOS update on that date according to: <a href="https://support.hp.com/de-de/document/c05869091" target="_blank">https://support.hp.com/de-de/document/c05869091</a>

unfortunately the z400 was pulled from this page, and it makes sense because there were lots of them that were sold with nehalem cpus, which do not have the PCID feature.

boombastik · January 16, 2018, 10:43am

unfortunately the z400 was pulled from this page, and it makes sense because there were lots of them that were sold with nehalem cpus, which do not have the PCID feature.

The patch for meltdown requires INVPCID (invalidate PCID) witch introduced with Haswell before haswell all have perfomance reduction.

mbk1969 · January 16, 2018, 11:58am

Patch for Meltdown doesn`t require PCID, it just impacts less performance penalty in a presence of PCID (and only on Windows 10, because as I take it MS did not implement support for PCID in Windows 7 and 8)

boombastik · January 16, 2018, 12:41pm

Its required if u dont want to loose perfomance that was the meaning for my post. But because my natual language is not english u wrote it better.

DummyPLUG · January 16, 2018, 5:01pm

I got a intel NCU D54250WYB with haswell ULT, the PCID support is enable for me with win 8.1, what funny is although intel release a new bios with the new microcode but when I check it still on the older microcode “1C” which suppose to be "21"

Now I am look for a tools which can check/update the microcode of the intel bios to see what’s going on.

nikoZ · January 16, 2018, 6:47pm

Looks like in UBU 1.169.10 isnt available latest microcode for 2600k. @SoniX could you please update it?
Thank you very much fur such a wonderful work you’ve done for the entire community.