How to enable automatic microcode updates

Started by meyergru, September 25, 2023, 12:28:17 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 4 5 6
User actions
August 22, 2024, 11:29:21 AM #75 Last Edit: August 22, 2024, 11:34:00 AM by meyergru
But you wrote about problems with fwupd - AFAIK, that is a Linux tool to update device firmwares, not microcodes.

Any decent hypervisor will block CPU microcode updates on VM guests (I know for a fact VMware does that), so you should be safe trying this inside a VM (in vain) - unless my information w/r to this is wrong. Of course, the update code will only try if the emulated CPU matches, anyway, so for KVM, it would have to be "host", not any emulated type (and I bet that the microcode update is not emulated, either).
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
August 25, 2024, 12:27:11 PM #76
How would effectively roll-back these steps / remove the functionality ready for the built-in version upcoming in a release. Do I need to, or can I leave as-is without issue/conflict?
August 26, 2024, 08:59:30 AM #77
Quote from: franco on August 21, 2024, 05:36:47 PM
Yep, doesn't matter [what you did manually to set it up before] as long as you install the right plugin for your CPU.


Cheers,
Franco
August 27, 2024, 03:22:53 PM #78
I updated the 24.7-amd kernel to hold the early loading patches on top of what is probably going to be a good 24.7.3 kernel for further testing. I think we can introduce them in the next 24.7.x kernel round. Hopefully that's not going to be 24.7.4. ;)


Cheers,
Franco
August 28, 2024, 09:06:54 PM #79
Indeed only thing at the moment preventing me to test happy-path of Amd early loading is lack of more fresh microcode, indeed otherwise I'm happy with what we have had so far (the check and "no patch to update" as DEC750 already has the current latest =)
Deciso DEC750 x2
Deciso DEC2752 x1
September 10, 2024, 04:02:16 AM #80
FYI — version 24.7.2 (August 21, 2024), opnsense release doc:

"As a special note we now have native CPU microcode update plugins for either AMD or Intel to install from the GUI. Apart from a reboot these plugins require no further user interaction and will keep the applicable microcode at the latest known version as shipped in the packages repository."
October 01, 2024, 03:17:43 AM #81
After updating my DEC850 's (AMD EPYC) firmware and installing the new microcode plugin, I used SSH to see the running microcode version:

0x800126f

Unfortunately, I forgot to check the microcode version before I installed the plugin.

Is 0x800126f the latest?

When was it released?

If released recently, did it fixed the SinkClose vulnerability?

I didn't find the answers in numerous online searches.

I'm still waiting for the sinkclose fix before I deploy my new DEC850.


October 01, 2024, 03:28:12 AM #82
Why do you think sinkclose is relevant for a dedicated firewall appliance? It's not.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 10, 2024, 01:46:23 AM #83
I see the 24.7.6 having early loading landed in it, thank you! Only thing now missing from the "final test" for my devices is the actual microcode release by AMD. xD
Deciso DEC750 x2
Deciso DEC2752 x1
Print
Go Up Pages 1 ... 4 5 6
User actions