Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

BIOS and microcode on Debian

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

BIOS and microcode on Debian

#1 Post by Wheelerof4te »

I am currently using Windows 10 and have updated BIOS for the Meltdown from my device manufacturer. Now, if I were to reinstall Debian again in the future, will I need to apply microcode update again?
Do I need firmware update from Intel on Debian, or will Debian use existing microcode in previously updated BIOS?

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: BIOS and microcode on Debian

#2 Post by bw123 »

I think the answer would depend on how the microcode is implemented. If it's a new firmware flashed into a physical bios chip then I think it would be 'permanent' no matter what os was installed. If it's some kind of hack and has a loader made specifically for windows then, yeah that would be a problem.

https://duckduckgo.com/html/?q=differen ... +microcode
resigned by AI ChatGPT

Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

Re: BIOS and microcode on Debian

#3 Post by Wheelerof4te »

I have used a installer made for Windows to re-flash BIOS to a new version. I remember Debian complaining at the first boot about realtek and radeon graphics formware, but not intel microcode. So I guess it doesn't need installing any microcode.

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: BIOS and microcode on Debian

#4 Post by bw123 »

Wheelerof4te wrote:I have used a installer made for Windows to re-flash BIOS to a new version. I remember Debian complaining at the first boot about realtek and radeon graphics formware, but not intel microcode. So I guess it doesn't need installing any microcode.
The way I understand it, the cpu has no way of knowing if it "needs" to load a piece of microcode. Unlike a firmware file for a peripheral, the cpu won't request it, because it doesn't know anything about it. I guess there could be exceptions.

I have played with the intel ucode tool for debian once or twice and found it really unhelpful. Do all cpus need this? If not, then which ones? How do you tell?


https://wiki.debian.org/Microcode
resigned by AI ChatGPT

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: BIOS and microcode on Debian

#5 Post by pylkko »

If you changed the BIOS/firmware, then that part is OS independent, you can always boot a machine to it's BIOS or UEFI even if there is no kernel/operating system. A true BIOS is on a seperate ROM chip, so it will be up to date even if you pull out the hard drive and boot it without it. An UEFI is partially on in the motherboard NVRAM and mostly on disk.

Microcode, on the other hand, can be given either via firmware or as a image that the kernel or bootloader hands to the CPU at boot. This is just a package that you install on Debian.

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: BIOS and microcode on Debian

#6 Post by stevepusser »

The Linux kernel has a way to load new microcode at boot, such as from the "intel-microcode" package. Currently Windows depends on the BIOS instead, though apparently it also has the feature that Linux has. It's just not used at the moment.

Source: about 80% through the last Security Now podcast: https://www.grc.com/sn/sn-646.txt
STEVE: Now, here's one of the really interesting things, speaking of Linux, is the way microcode is updated. When we talk about updating our microcode or needing like a microcode patch or a microcode fix, notice that it always comes in the form of a BIOS update.

LEO: It's firmware, yeah.

STEVE: Well, yes. But it's not written into the processor. And that's the key is that it is dynamically loaded by the BIOS every time you boot. So if you look at the second link here at the end of the show notes, Leo, this is Intel has published the Linux processor microcode data file. Linux has the ability to load updated microcode for, I mean, to me it looks like every processor Intel has ever made.

LEO: Yeah. It's a modular kernel. So I'm sure it's part - it's a kernel mod, probably.

STEVE: Well, it turns out if it's - I think it was under, god, it was in the - if you place this file in a certain directory in Linux...

LEO: Oh, how interesting.

STEVE: ...it will dynamically...

LEO: Oh, that's awesome.

STEVE: Yes.

LEO: I need this. Because I'll tell you what, none of my Linux machines are mitigated as far as I can tell. There's been many patches and updates to Arch Linux and to Ubuntu and to Debian. But none of them have received firmware updates. So this is going to be a boon.

STEVE: Yes.

LEO: If you figure out what processor you have.

STEVE: Yes.

LEO: That's nice. You just put this file in the right spot, and you're good to go.

STEVE: Yes.

LEO: Love that.
MX Linux packager and developer

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: BIOS and microcode on Debian

#7 Post by bw123 »

Before installing intel-microcode, be sure and read the bug reports. There is a newer version in sid, but it has some issues. I haven't tried it, and it looks like the only way to tell if you need it is to install it and see if one of the blobs is loaded.

https://bugs.debian.org/intel-microcode
resigned by AI ChatGPT

User avatar
dotlj
Posts: 646
Joined: 2009-12-25 17:21

Re: BIOS and microcode on Debian

#8 Post by dotlj »

As mentioned above, there are the two methods of microcode updates for CPUs.
If you have an Intel processor, as I do, you can apply the update from Intel. https://downloadcenter.intel.com/downlo ... -Data-File
Check your CPU with the list on the Intel site first, mine is i7 6th generation and the update worked and continues to work.
BUT, please see also:
https://www.bleepingcomputer.com/news/h ... e-updates/
https://www.bleepingcomputer.com/news/s ... ot-issues/

Applying the update once means its done and works whatever OS you boot (if you boot different OSs), or like me boot more than one Debian from different disks by choosing Boot Menu during startup.

You might also want to check your /etc/modprobe.d/intel-microcode-blacklist.conf if you have one, as it probably blacklists the microcode.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: BIOS and microcode on Debian

#9 Post by Head_on_a_Stick »

I have no idea how Debian will handle the microcode updates, especially given that the intel-microcode package is not part of the official release.

The sid & buster versions have the 2018-01-08 fixes but not the other branches, AFAICT.

I download the Arch Linux intel-ucode package, unpack that and place their intel-ucode.img into /boot and preload it in GRUB (immediately before initrd.img), this is a pre-prepared initramfs image that will apply the microcode to the processor before booting Debian's initrd.img.
deadbang

Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

Re: BIOS and microcode on Debian

#10 Post by Wheelerof4te »

bw123 wrote:Before installing intel-microcode, be sure and read the bug reports. There is a newer version in sid, but it has some issues. I haven't tried it, and it looks like the only way to tell if you need it is to install it and see if one of the blobs is loaded.

https://bugs.debian.org/intel-microcode
Debian 9, codename "Stretch" is supported, and will receive updates both through the stretch-backports official backports repository (faster than point-releases), and through Debian stable point-releases.
This answers my question. As always, Debian wiki has the info. Thanks.
I will reinstall Debian when 9.4 comes out with fixed microcode and linux updates.

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: BIOS and microcode on Debian

#11 Post by bw123 »

Wheelerof4te wrote:I am currently using Windows 10 and have updated BIOS for the Meltdown from my device manufacturer. Now, if I were to reinstall Debian again in the future, will I need to apply microcode update again?
Do I need firmware update from Intel on Debian, or will Debian use existing microcode in previously updated BIOS?
https://www.computerworld.com/article/3 ... fixes.html

in english:

belay-that-order-intel-says you-should-not-install-its meltdown-firmware-fixes.html

Of course this is just -one- source, and there were dozens that said, "...apply all updates," as soon as available.

I Wonder Sometimes...
resigned by AI ChatGPT

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: BIOS and microcode on Debian

#12 Post by stevepusser »

So...what does that mean for the 20180108 version in Debian testing? Don't touch it with a 10-meter pole? (microcode does nuthin' for Meltdown, at least that's what I thought)
MX Linux packager and developer

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: BIOS and microcode on Debian

#13 Post by bw123 »

stevepusser wrote:So...what does that mean for the 20180108 version in Debian testing? Don't touch it with a 10-meter pole? (microcode does nuthin' for Meltdown, at least that's what I thought)
From what I can tell, it means that while you can remove the microcode on debian if it hoses your system, if you flashed your BIOS from the mfg, you're up the creek until they get a new fix for the fix that causes all the reboots.
resigned by AI ChatGPT

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: BIOS and microcode on Debian

#14 Post by Head_on_a_Stick »

stevepusser wrote:So...what does that mean for the 20180108 version in Debian testing? Don't touch it with a 10-meter pole?
The 2018-01-08 version causes Haswell machines to crash.

The Debian sid intel-microcode package has been downgraded to 2017-11-17, that contains fixes for Spectre v1 but not v2 (AFAIUI).

I'm relying on OpenBSD and that is now applying 2017-11-17 on every boot (reverted from 2018-01-08).
deadbang

Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

Re: BIOS and microcode on Debian

#15 Post by Wheelerof4te »

bw123 wrote:belay-that-order-intel-says you-should-not-install-its meltdown-firmware-fixes.html
I haven't experienced any problems so far after the BIOS update (F.24 Rev.A), and my notebook doesn't auto-reboot (it's Broadwell). Granted, I'm still on fully updated Windows 10, but that might change so it's good Debian is being careful. I wonder with what microcode version will Debian 9.4 ship?

Post Reply