Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

cpuinfo Intel microcode version misreported?

Need help with peripherals or devices?
Post Reply
Message
Author
sombunall
Posts: 73
Joined: 2009-05-20 20:36

cpuinfo Intel microcode version misreported?

#1 Post by sombunall »

uname -r: 3.16.0-4-amd64
on debian oldstable jessie

I have a mystery about Intel microcode revisions. I have a small lenovo server and was wondering about the intel memory sinkhole (howler) vulnerability. According to what I read on a gentoo forum I should be vulnerable as it is a core 2 duo, 2 generations behind when Intel fixed that bug. Also the bios version is 8 bins behind:

https://download.lenovo.com/ibmdl/pub/p ... cj977a.txt

Here is cpuinfo for proc 0:

Code: Select all

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 23
model name      : Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz
stepping        : 10
microcode       : 0xa07
cpu MHz         : 2000.000
cache size      : 6144 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 2
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts nopl aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm dtherm tpr_shadow vnmi flexpriority
bogomips        : 5984.99
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:
So it says "microcode : 0xa07" but on this gentoo site somebody says:
FYI: one actually wants revision 0x1D of that microcode to protect oneself against the "LAPIC memory sinkhole" security vulnerability (I've heard HP has it for most/all(?) of their Xeon 56xx/36xx servers, I don't know about other vendors). Revision 0x1A (which is easier to find on server/workstation BIOS updates) is also good, in that it should fix most of the issues, but it does not fix the LAPIC memory sinkhole security vulnerability.
https://forums.gentoo.org/viewtopic-p-8 ... eac645cfe6

So I need 0x1D and I have oxa07. It looks good but... I never installed any microcode from non-free! How is it possible I have such a high revision reported by cpuinfo? Is it wrong?

Code: Select all

# aptitude search micro | grep '^i'
# 
# dmidecode | grep 'Version'
        Version: 5CKT62AUS
        Version: ThinkCentre M58p
        Version: NONE
        Version: NONE
        Version: Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz

sombunall
Posts: 73
Joined: 2009-05-20 20:36

Re: cpuinfo Intel microcode version misreported?

#2 Post by sombunall »

Erm. I think I might have confused people sorry. The date for those files on the lenovo site is 2012 https://pcsupport.lenovo.com/ca/en/prod ... s/DS013586. The blackhat conference on the Intel memory sinkhole (got it confused with an arm-based chinese flaw called howler that affected Orange Pie and a few other SoCs) is 2015. The Lenovo patches on that site would seem to not be for the sinkhole at all!

So now I have an HP 2nd gen intel waiting to replace this server... but... oh wait! Now we have no BIOS patches for Meltdown or spectre because of stupid stuff like this:

Meltdown/Spectre firmware updates from HP, Lenovo and Dell are worthless
https://www.computerworld.com/article/3 ... fixes.html

So not only have I did an epic fail but so has Intel :oops: :P ...and for now I'm sticking with my perfectly fast core 2 duo running only a CLI. Whatever :shock:

Anyway I upgraded to stretch stable and installed non-free anyway and now I have:

Code: Select all

# cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 23
model name      : Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz
stepping        : 10
microcode       : 0xa0b
[SNIP]

Post Reply