Ubuntu
intel-microcode package

intel-microcode upate downloaded from Intel differs from Ubuntu package

Asked by Ruth Ivimey-Cook

[posting in Answers because not sure this is a bug, but it looks odd ...]

I was reading the kernel boot messages and got curious whether the Intel microcode on my CPU, a Core 2 Quad Q8400 had a Spectre, etc, update.

I found this page:

https://downloadcenter.intel.com/download/28087/Linux-Processor-Microcode-Data-File?product=873

which if I understood correctly lists my CPU as having a microcode update in 2018. However my dmesg output indicates the microcode was updated but to a 2010 version.

(This is on xenial's kernel 4.4.141; the intel-microcode package installedq is 3.20180807a.0ubuntu0.16.04.1 amd64 ; my kernel states: [ 0.000000] microcode: CPU0 microcode updated early to revision 0xa0b, date = 2010-09-28. The CPU identifies as: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz (family: 0x6, model: 0x17, stepping: 0xa) )

I downloaded the intel package and located the installed intel-microcode files; there are quite a number of "missing" files (I presume these relate to ) and some binary file differences. I examined a couple of the files and there is at least some similarity between them. For example, f0-06-05 Intel has a blob prefixed to the Ubuntu one.

Do these differences explain why my CPU is not being updated, or is there some other reason?

Why are there differences here in any case?

(/tmp/mc is where I downloaded/expanded the Intel file "microcode-20180807a.tgz")

$ diff -r /lib/firmware/intel-ucode /tmp/mc/intel-ucode
Only in /tmp/mc/intel-ucode: 06-03-02
Only in /tmp/mc/intel-ucode: 06-05-00
Only in /tmp/mc/intel-ucode: 06-05-01
Only in /tmp/mc/intel-ucode: 06-05-02
Only in /tmp/mc/intel-ucode: 06-05-03
Only in /tmp/mc/intel-ucode: 06-06-00
Only in /tmp/mc/intel-ucode: 06-06-05
Only in /tmp/mc/intel-ucode: 06-06-0a
Only in /tmp/mc/intel-ucode: 06-06-0d
Only in /tmp/mc/intel-ucode: 06-07-01
Only in /tmp/mc/intel-ucode: 06-07-02
Only in /tmp/mc/intel-ucode: 06-07-03
Only in /tmp/mc/intel-ucode: 06-08-01
Only in /tmp/mc/intel-ucode: 06-08-03
Only in /tmp/mc/intel-ucode: 06-08-06
Only in /tmp/mc/intel-ucode: 06-08-0a
Only in /tmp/mc/intel-ucode: 06-09-05
Only in /tmp/mc/intel-ucode: 06-0a-00
Only in /tmp/mc/intel-ucode: 06-0a-01
Only in /tmp/mc/intel-ucode: 06-0b-01
Only in /tmp/mc/intel-ucode: 06-0b-04
Only in /tmp/mc/intel-ucode: 06-0d-06
Only in /tmp/mc/intel-ucode: 06-0e-08
Only in /tmp/mc/intel-ucode: 06-0e-0c
Binary files /lib/firmware/intel-ucode/06-0f-02 and /tmp/mc/intel-ucode/06-0f-02 differ
Binary files /lib/firmware/intel-ucode/06-0f-06 and /tmp/mc/intel-ucode/06-0f-06 differ
Binary files /lib/firmware/intel-ucode/06-0f-07 and /tmp/mc/intel-ucode/06-0f-07 differ
Binary files /lib/firmware/intel-ucode/06-0f-0b and /tmp/mc/intel-ucode/06-0f-0b differ
Binary files /lib/firmware/intel-ucode/06-0f-0d and /tmp/mc/intel-ucode/06-0f-0d differ
Binary files /lib/firmware/intel-ucode/06-16-01 and /tmp/mc/intel-ucode/06-16-01 differ
Only in /tmp/mc/intel-ucode: 06-26-01
Only in /tmp/mc/intel-ucode: 06-2c-02
Only in /tmp/mc/intel-ucode: 06-3a-09
Only in /lib/firmware/intel-ucode: 06-3a-09.initramfs
Only in /tmp/mc/intel-ucode: 06-3c-03
Only in /lib/firmware/intel-ucode: 06-3c-03.initramfs
Only in /tmp/mc/intel-ucode: 06-3d-04
Only in /lib/firmware/intel-ucode: 06-3d-04.initramfs
Only in /tmp/mc/intel-ucode: 06-3f-02
Only in /lib/firmware/intel-ucode: 06-3f-02.initramfs
Only in /tmp/mc/intel-ucode: 06-3f-04
Only in /lib/firmware/intel-ucode: 06-3f-04.initramfs
Only in /tmp/mc/intel-ucode: 06-45-01
Only in /lib/firmware/intel-ucode: 06-45-01.initramfs
Only in /tmp/mc/intel-ucode: 06-46-01
Only in /lib/firmware/intel-ucode: 06-46-01.initramfs
Only in /tmp/mc/intel-ucode: 06-47-01
Only in /lib/firmware/intel-ucode: 06-47-01.initramfs
Only in /lib/firmware/intel-ucode: 06-4f-01.initramfs
Only in /tmp/mc/intel-ucode: 06-56-02
Only in /lib/firmware/intel-ucode: 06-56-02.initramfs
Only in /tmp/mc/intel-ucode: 0f-00-07
Only in /tmp/mc/intel-ucode: 0f-00-0a
Only in /tmp/mc/intel-ucode: 0f-01-02
Only in /tmp/mc/intel-ucode: 0f-02-04
Only in /tmp/mc/intel-ucode: 0f-02-05
Only in /tmp/mc/intel-ucode: 0f-02-06
Only in /tmp/mc/intel-ucode: 0f-02-07
Only in /tmp/mc/intel-ucode: 0f-02-09
Only in /tmp/mc/intel-ucode: 0f-03-02
Only in /tmp/mc/intel-ucode: 0f-03-03
Binary files /lib/firmware/intel-ucode/0f-04-01 and /tmp/mc/intel-ucode/0f-04-01 differ
Binary files /lib/firmware/intel-ucode/0f-06-05 and /tmp/mc/intel-ucode/0f-06-05 differ

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu intel-microcode Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Henrique de Moraes Holschuh (hmh) said : 		#1

What Debian and Ubuntu ships *is* a bit different from intel's upstream package, but it contains *MORE* microcode updates than Intel's package, not less. We include updates for *really* old processors, that Intel has dropped from their update package a long time ago.

However, the 64-bit intel-microcode package only has microcodes for processors documented to be able to run in 64-bit mode. That would account for the files you noticed were "missing".

The 32-bits intel-microcode package has them all, since all such processors can run in 32 bit mode (even the 64-bit ones).

As for your processor, Intel has not released the 2018 microcode update of the "Core 2" to the general public, only to OEMs. For that reason, it is not available in the Debian and Ubuntu microcode update packages. You can probably find that update elsewhere, though. Good luck.

Note that for the Core2, the runtime cost of the spectre protections is likely to be quite high. It is already really painful on Nehalem. If security over performance is NOT your thing (e.g. you would not disable HiperThreading for good to protect yourself of some of the worst Spectre-like sidechannels on current and older processors), don't bother chasing for that update.

Revision history for this message
Ruth Ivimey-Cook (rivimey) said : 		#2

Thanks for the explanation, that makes more sense, though I am still unsure why some of the microcode files were changed.

I did finally work out that the microcode for my processor is (should be) in file 06-17-0a, which is present, though I cannot tell what the date of the file is. Is there a tool to decode that from the file itself?

Re Spectre, I am aware of the time-cost of Spectre mitigations. Part of the reason, however, for looking at this in the first place is that the affected processor is internet-facing, and has recently been suffering unexplained freezes.

Thanks again, Ruth

Can you help with this problem?

Provide an answer of your own, or ask Ruth Ivimey-Cook for more information if necessary.

To post a message you must log in.