Versions Compared

Old Version 3

changes.mady.by.user Ross Philipson

Saved on

compared with

New Version 4

changes.mady.by.user Ross Philipson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info
iconNone

Copyright 2016 by Assured Information Security, Inc. Created by Ross Philipson <philipsonr@ainfosec.com>. This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.

General

This is some general information on Intel microcode and the iucode-tool. The latest microcode package can be found here:

https://downloadcenter.intel.com/search?keyword=Linux+Processor+Microcode+Data+File

The following link contains some good information on what exactly is in the microcode file:

http://inertiawar.com/microcode/

The file is actually a text file that has to be decoded by a tool and turned into a binary format that can be fed to a driver in Linux or Xen that can then load the appropriate microcode update for the CPUs (using an MSR specifically for doing this). The iucode-tool can be used on this file to list and to generate various file formats for different loading methods. On Debian you can install the tool with this package:

$ sudo apt-get install iucode-tool

This is an example of a snippet of the listing for the 7/14/2016 microcode file:

$ sudo iucode-tool -l microcode.dat
...
147: sig 0x000306f2, pf mask 0x6f, 2016-03-28, rev 0x0038, size 32768
148: sig 0x000306f4, pf mask 0x80, 2016-06-07, rev 0x000d, size 15360
149: sig 0x00040651, pf mask 0x72, 2016-04-01, rev 0x001f, size 20480
150: sig 0x00040661, pf mask 0x32, 2016-04-01, rev 0x0016, size 24576
151: sig 0x00040671, pf mask 0x22, 2016-04-29, rev 0x0016, size 11264
...

What is shown is the processor signature, processor flags mask, date and microcode revision for each update the package contains. From a serial output capture from Xen, note these lines (e.g. on my Dell E7440):

(XEN) microcode: collect_cpu_info : sig=0x40651, pf=0x40, rev=0x1c
(XEN) microcode: collect_cpu_info : sig=0x40651, pf=0x40, rev=0x1c

Looking at entry 149, the logic for applying a microcode update is the signatures match, the pf mask ANDed with the pf is non-zero and the update revision is greater than the current revision. In this case all the criteria are true so the microcode update will be applied.

Loading with Xen

The old method for loading microcode was to use the microcode_ctl tool in user space to decode and load the microcode via a kernel driver (or in OpenXT's case via a kernel driver that used a hypercall to get Xen to do it). Intel stopped supporting microcode_ctl in 2008 and this method and package are considered obsolete. Xen has the ability to load the microcode and apply it via GRUB modules and a command line argument.