This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
Microcode
This document describes various ways how to update a CPU's microcode in Gentoo.
Introduction
The microcode is a form of firmware that controls the processor's internals. In modern x86 processors the microcode often handles execution of complex and highly specialized instructions. Parts of microcode also act as firmware for processor's embedded controllers. Furthermore, the microcode can be used to fix or mitigate processor design and implementation errata/bugs. Given the complexity of modern processors, a processor may have over one hundred of such errata[1].
Recent processors have ability to patch their microcode via microcode updates. Microcode updates are stored in volatile memory and thus they have to be applied during each system boot.
A BIOS/EFI can perform a microcode update early on. This kind of microcode updates are provided by BIOS/EFI and thus their version depends on the installed BIOS/EFI version. BIOS/EFI can be upgraded via a BIOS update but still, the shipped microcode version depends on motherboard/BIOS vendor.
The kernel itself can also perform a microcode update[2] from given firmware binary blobs during boot. This way it is possible to patch the microcode with a newer microcode update than the one provided by BIOS/EFI.
Severity of processor errata patched by microcode updates varies. It ranges from an extremely rare system instability to data corruption or a severe hardware vulnerability[3].
Because Gentoo is about choices there there isn't just one way to update a CPU's microcode. Please choose the workflow which suits your setup.
Preconditions
Ensure you have installed the package which is providing microcode updates for your processor. Install sys-kernel/linux-firmware and/or sys-firmware/intel-microcode:
root #emerge --ask sys-kernel/linux-firmware sys-firmware/intel-microcodeAny way to load microcode into the CPU must go through the kernel. Thus the respective options need to be enabled in the kernel configuration. Depending on the make of the CPU installed on the system, choose AMD or Intel microcode loading support (it does not hurt to choose both):
Processor type and features ---> [*] CPU microcode loading support [*] Intel microcode loading support [*] AMD microcode loading support
Dracut
root #dracut --early-microcode/etc/dracut.conf.d/microcode.confearly_microcode="yes"
Genkernel
When using sys-kernel/genkernel, ensure the package containing microcode updates for the processor(s) have been installed (see below). Be sure to call genkernel with the --microcode option:
root #genkernel --microcodeTo generate a new initramfs with microcode included, call:
root #genkernel --microcode initramfsBe sure to instruct the bootloader to load the newly generated initramfs.
It is recommended genkernel.conf is updated to contains the following code:
/etc/genkernel.conf# Add in early microcode support MICROCODE="yes"
so that you don't need to remember to pass the --microcode parameter all the time.
You need >=sys-kernel/genkernel-3.5.0.7 for microcode support which isn't yet stabilized. Please see for how to keyword a single package.
The manual way
<Please help!>
Early microcode loading
Basically you provide the microcode as the first initramfs (aka initrd, in cpio format) to the kernel during boot. Grub (both legacy and grub2) lets you specify multiple cpio images separated by space in the initrd command.
GRUB2 supports loading an early microcode. If the microcode file is named after one of the following: intel-uc.img, intel-ucode.img, amd-uc.img, amd-ucode.img, early_ucode.cpio, or microcode.cpio, it will be automatically detected when running grub-mkconfig. To declare a microcode file named differently, e.g. ucode.cpio, add this line to /etc/default/grub:
/etc/default/grubGRUB_EARLY_INITRD_LINUX_CUSTOM="ucode.cpio"
Regenerate the grub.cfg with:
root #grub-mkconfig -o /boot/grub/grub.cfgGenerating grub configuration file ... Found linux image: /boot/vmlinuz-4.6.3-gentoo Found initrd image: /boot/early_ucode.cpio /initramfs-genkernel-x86_64-4.6.3-gentoo done
This is similar to what you should see, minus the initramfs if you do not have one.
Late microcode loading
To manually instruct the kernel to reload microcodes, do
root #echo 1 > /sys/devices/system/cpu/microcode/reloadand watch dmesg for any errors. This loading mechanism looks for microcode blobs in /lib/firmware/{intel-ucode,amd-ucode}.
You must run the command above after every reboot or firmware package update.
Specifics
<Please help!>
AMD specifics
AMD microcodes are bundled in the sys-kernel/linux-firmware package. A more lengthy guide is found in the AMD microcode article.
Intel specifics
Intel microcodes are bundled in the sys-firmware/intel-microcode package. Detailed instructions can be found in the Intel microcode article.
See also
- Linux firmware — contains binary blobs of firmware necessary for partial or full functionality of certain hardware devices on Linux systems.
- AMD microcode — describes updating the microcode for AMD processors.
- Intel microcode — describes the process of updating the microcode on Intel processors.
References
- ↑ 6th Generation Intel® Processor Family, Intel. Retrieved on October 24, 2018
- ↑ Fenghua Yu, Borislav Petkov, The Linux Microcode Loader, kernel.org. Retrieved on October 24, 2018
- ↑ Microcode Revision Guidance, Intel. Retrieved on October 24, 2018