Contents
What is microcode ?
Simply for a CPU, microcode could be assumed as firmware of the CPU, which generally adds more functionality to the processor and patches hardware level bugs. Mainly Intel and AMD CPUs need more frequent microcode update.
Microcode is not just CPU specific, most hardware like Graphics cards, Disk drives, Network cards also contains microcode. It is the underlying very low level software to make the hardware more functional, secure and fix the bugs. Read the wiki article for more detailed information.
Hardware manufacturers stores the CPU microcode data in the BIOS or UEFI firmware, so the CPU could update microcode form the BIOS/UEFI. So when a relatively newer microcode update available, do we have to update the BIOS/UEFI firmware ?
No, the Linux kernel could update the CPU microcode easily at the early stage of boot process, thou this type of update is volatile, i.e. lost after each shutdown. But it's fairly more simple than updating the BIOS or UEFI.
Installing microcode update packages
On any Debian based system, like Ubuntu or Linux Mint, just install the correct microcode package and reboot the system, that will be enough.
For Inte CPUs,
sudo apt-get install intel-ucode
For AMD CPUs,
sudo apt-get install amd64-ucode
The system will build a new initramfs with the latest microcode to apply it at system startup.
How to know my CPU needs a microcode update ?
It depends on your system, like how much old the CPU is, is there any updated microcode released by the CPU vendor etc. etc. But you cold check it by running the dmesg command, it generally show some helpful information.
dmesg | grep 'microcode'
To know the current CPU microcode version, use the command bellow
grep 'microcode' /proc/cpuinfo
Intel CPUs
There is a tool iucode_tool, for Intel CPU only, which could be used to determine if an Intel CPU needs a microcode update or not. Different GNU/Linux distribution handles the microcode update package differently, I'm showing the example for Debian and Debian based distros only.
sudo apt-get install iucode-tool intel-microcode
/usr/sbin/iucode_tool -tb -lS /lib/firmware/intel-ucode/*
Sample output for a 2nd gen. Intel Core i5 CPU.
If the iucode_tool command returns no selected microcodes: , that means your Intel CPU probably don't need a microcode update.
AMD CPUs
Currently the only method to know if the CPU needs a microcode update. First Install the amd64-microcode package
sudo apt-get install amd64-ucode
Reboot the system and check it with the dmesg command
dmesg | grep 'microcode'
Know If the kernel is configured to apply microcode update at startup
There are few linux kernel build parameters which enables the boot time microcode update by the kernel. To know if your current Linux kernel is capable of doing so, check it with these commands bellow.
grep -i 'microcode' /boot/config-4.2.0-1-amd64
Replace the config-4.2.0-1-amd64 with proper kernel configuration file which math your system. This may not be available for some distro like Arch Linux, Slax, Gentoo, then use the 2nd command bellow
zcat /proc/config.gz | grep -i 'microcode'
Particularly useful if you are using a custom kernel or some other Linux distros like Archlinux or gentoo.
Conclusion
So that's it . sometime old CPU microcodes could cause system instability, very hard to detect what's wrong, so it's better to use updated CPU microcode. Please share your experience here, If you have any suggestion or question just say it 🙂
thanks a lot for you brief description.
Two question:
1-
is microcode updated permanently in CPU? or each time it must be "loaded" to CPU by kernel?
2-
can changing the microcode, effect on performance of CPU?
1. This microcode update is temporary.
2. Yes, changing the microcode affect performance, like updated Intel SSE instruction set in my case.
Hi, Im running Linux mint 18.3 and did an update of the microcode. But after that, the Kernel 4.13 did not boot any moore but left a black screen. So I tried to undoo the update what the machine supposedly did, but nothing changes The 4.13 kernel still does not work, only in the recovery modus I get it started.
Is there any possibilty to reset the microcode to its status when started out? I ve got an old system running, INtel Core 2 Duo T5870 @2.00 GHZ X 2.
The kernel 4.10 works ok, but since the intel chip trouble the 4.13 kernel is supposedly safer then the 4.10 kernel.
Your question, "Is there any possibility to reset the microcode to its status when started out?" Yes, if you uninstall the the microcode related packages and update the initramfs, then it won't be loaded there after.
Hence the problem is temporarily solved, hopefully.
On the recovery terminal, you can use the commands below, running as root.
mount -o rw /apt-get purge intel-ucode
update-initramfs -u
A timely article in view of the fact that microcode upgrades are needed to mitigate against the recently widely publicised Meltdown and Spectre vulnerabilities affecting all modern CPUs including Intel and AMD.
Thank you!
Yeah, those two chip level vulnerabilities seemed to shake the computing world. 😀
I have Intel, but keep getting AMD downloaded updates that of course don't work. I have checked and Intel-Microcode is supposed to be installed. Since I installed Linux Mint 18.3 have also having terrible time getting USB mounted so as to be able to read and write to them and wonder if this is all connected.
Are you sure that
amd64-ucodepackage is not installed?You should try this,
sudo apt-get purge amd64-microcodesudo apt-get install intel-microcodeAnd to prevent the package install in later updates, pin the package amd64-ucode, here's how, https://www.pcsuggest.com/apt-pinning-install-and-upgrade-debian-packages-selectively/