teoberi
commented
1 month ago If the device is in the life cycle, you can use the microcode updates provided by Lenovo through the BIOS updates on the product page (recommended because some microcode updates are effective only if loaded through the BIOS). If Lenovo provides the microcode update included in the BIOS via LVFS you can use that as well. If the device is no longer in the life cycle, you can use intel-ucode to load the microcode that will replace the existing version in the BIOS, but as I wrote above, it is not always effective. There should be no conflicts, the last microcode version loaded will be used even if it is not useful. You can install every microcode update version. If the processor does not benefit from a new microcode update, nothing happens. For critical systems (servers or workstations) it is recommended to use the version of microcode delivered by the manufacturer through the BIOS update even if it is not the newest because it is tested and is functional for that system. https://pve.proxmox.com/wiki/Firmware_Updates https://wiki.archlinux.org/title/Microcode
I am currently utilizing the microcode updates provided by Lenovo on the LVFS for my T16 Gen1.
However, recent CVE's (CVE-2023-39368, CVE-2023-38575, CVE-2023-28746) were ignored by Lenovo until 2024-05-09 with the release of CVE-2023-45733, even though the other three CVe's all had a higher CVSS scores than CVE-2023-45733.
Since I don't want to give up the option for firmware-updates via lvfs, microcode-updates are still getting installed on my device via lvfs, when I update the firmware of it.
1) Now my question is, if I switch to the Arch
intel-ucodepackage for the microcode updates, will they conflict with the microcode updates published by lenovo on the lvfs or will everything be fine?2) Will there be any problems, if I install every microcode-update, even though it doesn't affect my CPU?
I'd appreciate every answer I can get, so I can decide which way I want to go.