CPU Microcode: Difference between revisions

From Alpine Linux
m (→‎Obtaining microcode updates on Alpine: Added warning for Intel Atom PSE errata: This can only be fixed via firmware update)
m (→‎Obtaining microcode updates on Alpine: Added warning for Broadwell and Haswell too.)
Line 7: Line 7:
== Obtaining microcode updates on Alpine ==
== Obtaining microcode updates on Alpine ==


{{Warning| Intel Atom users with a "PSE erratum" message in dmesg: The microcode update can only be applied by BIOS or UEFI update, not via initrd!}}
{{Warning| Certain Intel CPUs, such Intel Atom with PSE errata, and Intel Haswell + Broadwell with TSX errata, can only be fixed via BIOS or UEFI update (which includes microcode); if you are using one of these CPUs, please do not use the instructions below}}


On Alpine Linux, CPU microcode is loaded early via initrd images, premade images are available from packages:
On Alpine Linux, CPU microcode is loaded early via initrd images, premade images are available from packages:

Revision as of 17:53, 6 August 2023

CPU microcode is a form of firmware that controls the processor's internals.

In modern processors, the microcode handles execution of complex and highly specialized instructions. Parts of the microcode also act as firmware for the processor's embedded controllers, and it is even used to fix or to mitigate processor design/implementation errata/bugs. Given the complexity of modern processors, a CPU may have over a hundred such errata.

Recently, microcode updates have become mandatory for security due to side-channel attacks against CPUs.

Obtaining microcode updates on Alpine

Warning: Certain Intel CPUs, such Intel Atom with PSE errata, and Intel Haswell + Broadwell with TSX errata, can only be fixed via BIOS or UEFI update (which includes microcode); if you are using one of these CPUs, please do not use the instructions below


On Alpine Linux, CPU microcode is loaded early via initrd images, premade images are available from packages:

To obtain the microcode update package for AMD processors:

apk add amd-ucode

To obtain the microcode update package for Intel processors:

apk add intel-ucode

If you are using syslinux or grub in a typical setup, the packages will automatically append your extlinux.conf or grub.conf file and merely a reboot will be required to run the new microcode. Users using UEFI's built-in boot manager will have to use efibootmgr to add a second initrd line.

Verifying that the microcode image has loaded

Run the command:

dmesg | grep microcode

If the microcode initrd image was loaded, the microcode update driver will print a signature and revision

[ 2.198775 ] microcode: sig=0x6fd, pf=0x80, revision=0xa4

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=CPU_Microcode&oldid=24062"