Still no fix available against Spectre for Asus Z97-K , Haswell-DT , Intel Quadcore i7 4770K…??
Latest Bios-version from April 2016 , 2902 bios . ( !!)
April 2 2018
https://newsroom.intel.com/wp-content/up…te-guidance.pdf
Production Status:
Stopped – After a comprehensive investigation of the microarchitectures and microcode capabilities for these products,
Intel has determined to not release microcode updates for these products
edit: 2018-04-03
Gulftown: Production(0x1E) → Stopped.
Well, yeah. Maybe for the Core2 and some of the older stuff, before Core i*. But as far as I can tell, looks like technical reasons are NOT the case for Nehalem and Westmere. In fact, I am running a Spectre-protected Nehalem Xeon right now, and FWIW the microcode seems to do what is written in the tin as far as trying the several public exploits go. And if it works on Nehalem, it would work on Westmere just fine.
The Nehalem and Westmere updates are dated from the second batch of fixes, after Intel identified the root cause of the weird crashes on Broadwell… so, they have been in "beta" for a long time.
Westmere has an issue that, AFAIK, it really wants a bios update as well, and the microcode update could disable AES-NI on some/all? boards (e.g. Supermicro C7X58, S8SAX, and others of the same generation). Why, I have no idea (missing MSR write in BIOS to ensure it is kept enabled? Feature removal due to malfunctions? <insert paranoia reason here>?). It is also going to disable TXT and maybe even brick things if the BIOS is really outdated, or doing idiotic things to the LAPIC base address (this last one is also true for the Nehalem update, due to a security fix that went in on microcode rev 0x1a for Nehalem server).
So, the real reason for many of the "STOPs" is "lack of interest from vendors" into distributing updates… especially when it would [possibly] cause regressions without a full BIOS/UEFI platform init and ACM update (i.e. not just a microcode table update).
Included in the link by mbk1969, but it looks like KB4100347 is now available for the Windows 10 April 2018 Update (Windows 10 version 1803). This one includes updated microcodes for Ivy Bridge and Sandy Bridge.
Yep, yep. Microsoft, do you know where microcode for Apollo Lake CPUs is?
I have a hex editor (wxHexEditor v.24) but I’m new at this and would like to be able to follow your guidance to add “0x00 padding of 0x400 size at the microcode end” but I am not sure exactly what that means.
Should I just add “00” to the end of that 106a5.bin file using the editor? 0x400 = 1024 so do I just tell the hexeditor to inject 00 for 1024 bytes? I have attached a screen cap of that option:
UPDATE: That is exactly what you meant… I got it to work by adding those 00 in each byte up to exactly 12k (12288)
Here is the padded bin for CPUID 06A5 update rev 1c that will work with MMTOOL. I have an Asus P6x58d Premium mobo.
cpu106A5_plat03_ver01C_MMTool.zip (11.2 KB)
Another head up: the HP DL360 G7 received the P68(A) update.
cpu106A5_plat03_ver0000001D_2018-05-11_PRD_AB179397
cpu206C2_plat03_ver0000001F_2018-05-08_PRD_77DADA73
Can’t attach file.
Any idea how to extract "CPQP6803.4B5" - file?
Ah, saw this after pushing the new MCE DB and Repository at GitHub. Updated again. Thank you a lot for your heads up @noInk as I don’t monitor HPE.
As hinted by DeathBringer, you need to run the following under DOS: ROMPAQ /d CPQP6803.4B5 CPQP6803.ROM
microcode revision guidance
July 13 2018
https://www.intel.com/content/dam/www/pu…te-guidance.pdf
Gemini Lake 706A1 0x26 → 0x22
This MCU has been reverted to a previous version while Intel investigates a sighting related to this MCU.
This error is currently under investigation and no workaround has been identified.
Intel currently is recommending to stop deployment of version 0x26 and revert to the previous production version 0x22.
Intel will provide an update on progress in 2 weeks.
Microsoft updated pages with microcodes for Win10 (24 July):
"Intel recently announced that they have completed their validations and started to release microcode for recent CPU platforms related to Spectre Variant 2 (CVE 2017-5715 [“Branch Target Injection”])."
1803
https://support.microsoft.com/en-us/help/4100347
1709
https://support.microsoft.com/en-us/help…crocode-updates
1703
https://support.microsoft.com/en-us/help…crocode-updates
1607
https://support.microsoft.com/en-us/help…crocode-updates
RTM
https://support.microsoft.com/en-us/help…crocode-updates
Microcode Revision Guidance
August 8 2018
https://www.intel.com/content/dam/www/pu…te-guidance.pdf
Gemini Lake 706A1 0x22 -> 0x28
Just in case people have not noticed yet: all microcode updates that fix SSBD also fix L1TR, so Intel upstream microcode releases 20180703 and 20180807 are about SSBD+L1TR mitigation.
We just did not notice that extra bit set in the CPUID leafs at the time
And yes, they also close the SGX info leak.
new-microsoftintel-microcode-update-kb4100347-breaks-haswell-e-and-broadwell-e-overclocks:
https://www.guru3d.com/news-story/new-mi…overclocks.html
Another side channel vulnerability. It’s called CVE-2018-12130 ZombieLoad:
https://zombieloadattack.com/
https://techcrunch.com/2019/05/14/zombie…tel-processors/
https://zombieloadattack.com/zombieload.pdf
https://github.com/IAIK/ZombieLoad
https://mdsattacks.com/
Zombieload is not the only one… we also have RIDL & Fallout
FYI: https://software.intel.com/security-soft…l-data-sampling