microcode for Intel E5-2650 v4 unavailable

[craig]

Dear Sirs and Madams

microcode for fixing the security vulnerabilites on Intel E5-2650 v4 is unavailable.

The document here https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf states the fixed version is 0xb000036, but it's nowhere to be found.

According to release notes (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/master/releasenote):

BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->0b000036 Xeon E5/E7 v4; Core i7-69xx/68xx

But the directory is missing in this repo (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/master/intel-ucode)

$ cat /proc/cpuinfo processor : 47 vendor_id : GenuineIntel cpu family : 6 model : 79 model name : Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz stepping : 1 microcode : 0xb00002e [...]

Please provide the newer microcode here. Thank you!

[esyr-rh]

intel-ucode-with-caveats/06-4f-01 is the place where this file resides, since, as already mentioned in release notes, "BDX-ML microcode is provided in [this] directory, because it need special commits in the Linux kernel, otherwise, updating it might result in unexpected system behavior".

[craig]

Oh sorry for the hassle, I didn't see that. Hopefully Red Hat will include the patches shortly.

[Klaas-]

it is included already. Check /usr/share/microcode_ctl/ucode_with_caveats/intel-06-4f-01/readme and /usr/share/doc/microcode_ctl/README.caveats @craig

[esyr-rh]

RHEL packages have been updated recently to include 20190514a Intel microcode release:

• https://access.redhat.com/errata/RHEA-2019:1416
• https://access.redhat.com/errata/RHEA-2019:1415
• https://access.redhat.com/errata/RHEA-2019:1414
• https://access.redhat.com/errata/RHEA-2019:1393
• https://access.redhat.com/errata/RHEA-2019:1392
• https://access.redhat.com/errata/RHEA-2019:1391
• https://access.redhat.com/errata/RHEA-2019:1323
• https://access.redhat.com/errata/RHEA-2019:1390
• https://access.redhat.com/errata/RHEA-2019:1413

06-4f-01 microcode is disabled, however, due to reports of issues even on kernels with the relevant patches included, so it has to be explicitly enabled, please refer to the file /usr/share/doc/microcode_ctl/README.caveats (section "Intel Broadwell-EP/EX ("BDX-ML B/M/R0") caveat") for details.

[craig]

Thanks for the hints! Actually support here is better than the support I'm paying for at Red Hat... :(

[esyr-rh]

Well, I would have replied the same if the bug has been filed against microcode_ctl component on bugzilla.redhat.com.

[craig]

We tried the paid support (Red Hat Partner CCSP) first unfortunately and it was not helpful. Maybe I'll try bugzilla first next time.

[hmh]

@esyr-rh:

06-4f-01 microcode is disabled, however, due to reports of issues even on kernels with the relevant patches included, so it has to be explicitly enabled, please refer to the file /usr/share/doc/microcode_ctl/README.caveats (section "Intel Broadwell-EP/EX ("BDX-ML B/M/R0") caveat") for details.

If this issue could also affect other distros (i.e. the mainline/stable/lts kernels from kernel.org), are there any public reports we could take a look at?

[esyr-rh]

@hmh unfortunately, all the reports are non-public. I'll try to find out if it is possible to provide some information.

[craig]

FYI: Supermicro is publishing a new BIOS within a month for those older boards.

"We are in process working on new BIOS for this X10DRW-iT. At this point, the ETA is one month from now. We target to release BIOS version 3.1c. You may check our BIOS website for this X10DRW-iT in about 3 to 4 weeks."

[craig]

Supermicro provided a new BIOS a few days ago and it works:

[…]
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 79
model name      : Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz
stepping        : 1
microcode       : 0xb000036
[…]