SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
No, kernel-firmware contains binary blobs to be loaded in the ethernet card and so on.
You get the latest Intel microcode via BIOS updates from the PC vendor, or you can install intel-microcode from slackbuilds.org. Intel has given out new microcode only for some cpus. If you have installed iucode_tool from slackbuilds.org, "iucode_tool -S" prints the processor signature, like 0x000206a7. Only these new microcodes are ready:
Code:
2017-12-15 (unofficial bundle with CVE-2017-5715 mitigation):
* Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
CVE-2017-5715 is SPECTRE. The page table isolation fixes MELTDOWN.
Nice ! Thanks Petri Kaukasoina !!
Nothing ready for my Intel 6700K just yet:
Code:
# iucode_tool -S
iucode_tool: system has processor(s) with signature 0x000506e3
The SlackBuild simply appends a `date` stamp when the SlackBuild was run.
I don't think you can tell. The SlackBuild strips all git information from it, including the latest commit. But the SlackBuild does just grab the latest from "master", so if you go through the commit log, just find where your package date falls in and that's what version you're running.
I don't think you can tell. The SlackBuild strips all git information from it, including the latest commit. But the SlackBuild does just grab the latest from "master", so if you go through the commit log, just find where your package date falls in and that's what version you're running.
Thanks bassmadrigal.
Thats what I read in the SlackBuild.
But Aeterna's version: linux-firmware-20180103-r1 looked completely different than the kernel-firmware version from Pat's SlackBuild soo I wondered if there was a version I missed somewhere on the git site.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,003
Rep:
Quote:
Originally Posted by kjhambrick
Thanks bassmadrigal.
Thats what I read in the SlackBuild.
But Aeterna's version: linux-firmware-20180103-r1 looked completely different than the kernel-firmware version from Pat's SlackBuild soo I wondered if there was a version I missed somewhere on the git site.
-- kjh
ehh..
I am sorry kjhambrick, wrong distro (regarding linux firmware version, not that you need all the updates: kernel and firmware or microcode)
No, kernel-firmware contains binary blobs to be loaded in the ethernet card and so on.
You get the latest Intel microcode via BIOS updates from the PC vendor, or you can install intel-microcode from slackbuilds.org. Intel has given out new microcode only for some cpus. If you have installed iucode_tool from slackbuilds.org, "iucode_tool -S" prints the processor signature, like 0x000206a7. Only these new microcodes are ready:
Code:
2017-12-15 (unofficial bundle with CVE-2017-5715 mitigation):
* Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
CVE-2017-5715 is SPECTRE. The page table isolation fixes MELTDOWN.
There are a few minor issues still known with this release that people
have run into. Hopefully they will be resolved this weekend, as the
patches have not landed in Linus's tree.
For now, as always, please test your in environment.
The Intel location has a really comprehensive list of Intel CPU's and the tar file once exploded has a release_note file which explains two methods of using the 11-17-2017 firmware. My Pentium D 820 is included in that file, per the Intel web site. However, the instruction talk about using microcode.dat or the intel-ucode directory.
1) IS it correct that Slackware is using the microcode.dat in /dev/cpu/ rather than placing the firmware in /lib/firmware/intel-ucode, since Slackware64 14.2 has /lib/firmware/intel but not intel-ucode?
1a) Do the owner and groups also need to be changed when using "# dd if=microcode.dat of=/dev/cpu/microcode bs=1M" ?
2) Does the 11-17-2017 microcode have the meltdown/spectre fix if the kernel also is fixed? Or are we still waiting on Intel to fix the microcode?
3) Iucode_tools tells me the processor code but not the microcode firmware version date. Is there a way to tell the loaded version date?
4) ls /var/log/packages is telling me I have multile kernel-firmware-xxxxxxxxx-noarch-1 files loaded, because I always have used the recommended approach of installpkg for all things kernel. But isn't this redundant for this one kernel file, ie aren't all the firmware files inclusive of previous version plus the newest firmware, so really there should be only one kernel-firmware on the system at any one time?
1) IS it correct that Slackware is using the microcode.dat in /dev/cpu/ rather than placing the firmware in /lib/firmware/intel-ucode, since Slackware64 14.2 has /lib/firmware/intel but not intel-ucode?
AFAIK, Intel microcode can only be applied via BIOS/UEFI updates or as part of your initrd. It can't be loaded on the fly like AMD's microcode can (which gets distributed with the kernel-firmware package).
Quote:
Originally Posted by bamunds
2) Does the 11-17-2017 microcode have the meltdown/spectre fix if the kernel also is fixed? Or are we still waiting on Intel to fix the microcode?
Pretty sure it doesn't. There's a 15 DEC 2017 version floating around, but as far as I know, it is unofficial (possibly put out by Intel, but not as an official release).
Quote:
Originally Posted by bamunds
4) ls /var/log/packages is telling me I have multile kernel-firmware-xxxxxxxxx-noarch-1 files loaded, because I always have used the recommended approach of installpkg for all things kernel. But isn't this redundant for this one kernel file, ie aren't all the firmware files inclusive of previous version plus the newest firmware, so really there should be only one kernel-firmware on the system at any one time?
That's correct. You only need one kernel-firmware package. You should always "installpkg" kernel-generic, kernel-huge, kernel-modules, and kernel-source. kernel-firmware can be upgraded because it all resides in the same location.
You can safely remove all older kernel-firmware packages. removepkg is smart enough to not remove any files that exist in any other packages, so if the filenames didn't change at all, it would just remove the entry from /var/log/packages/.
AFAIK, Intel microcode can only be applied via BIOS/UEFI updates or as part of your initrd. It can't be loaded on the fly like AMD's microcode can (which gets distributed with the kernel-firmware package).
In fact yes there is a method to load microcode in a running system but it's considered as unsafe in README file installed with iucode_tool package.
Quote:
***** WARNING ***** the method below is unsafe ***** WARNING *****
1. Place the binary microcode in /lib/firmware/ with the correct
file name (iucode_tool -K can do this automatically for Intel
microcode);
2. Trigger a microcode refresh action, either by the initial load
of the kernel "microcode" module, or if it is already loaded,
by running the shell commands:
(Linux v3.6 and later)
echo 1 > /sys/devices/system/cpu/microcode/reload
For intel, firmware microcode files go in /lib/firmware/intel-ucode/
That was a crazy read, but it was put forward really well and made it easier to understand what's going on. It's amazing that people even figured out that this was possible.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
