开源软件名称(OpenSource Name):intel/Intel-Linux-Processor-Microcode-Data-Files开源软件地址(OpenSource Url):https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files开源编程语言(OpenSource Language):开源软件介绍(OpenSource Introduction):Intel Processor Microcode Package for LinuxAboutThe Intel Processor Microcode Update (MCU) Package provides a mechanism to release updates for security advisories and functional issues, including errata. In addition, MCUs are responsible for starting the SGX enclave (on processors that support the SGX feature), implementing complex behaviors (such as assists), and more. The preferred method to apply MCUs is using the system BIOS. For a subset of Intel's processors, the MCU can also be updated at runtime using the operating system. The Intel Microcode Package shared here contains updates for those processors that support OS loading of MCUs. Why update the microcode?Updating your microcode can help to mitigate certain potential security vulnerabilities in CPUs as well as address certain functional issues that could, for example, result in unpredictable system behavior such as hangs, crashes, unexpected reboots, data errors, etc. To learn more about applying MCUs to an Intel processor, see Microcode Update Guidance. Loading microcode updatesThis package is provided for Linux distributors for inclusion in their OS releases. Intel recommends obtaining the latest MCUs using the OS vendor update mechanism. A good starting point is OS and Software Vendor. Expert users can update their microcode directly outside the OS vendor mechanism. However, this method is complex and could result in errors if performed incorrectly. Such errors could include but are not limited to system freezes, inability to boot, performance impacts, logical processors loading different updates, and some updates not taking effect. As a result, this method should be attempted by expert users only. MCUs are best loaded from the BIOS. Certain MCUs must only be applied from the BIOS. Such MCUs are never packaged in this package since they are not appropriate for OS distribution. An OEM may receive microcode update packages that are a superset of what is contained in this package for inclusion in a BIOS. OS vendors may choose to provide an MCU that the kernel can consume for early loading. For example, Linux can apply an MCU very early in the kernel boot sequence. In situations where a BIOS update isn't available, early loading is the next best alternative to updating processor microcode. Microcode states are reset on a power reset, hence its required that the MCU be loaded every time during boot process. RecommendationUsing the initrd method to load an MCU is recommended as this method will load the MCU at the earliest time for the most coverage. Systems that cannot tolerate downtime may use the late-load method to update a running system without a reboot. About Processor Signature, Family, Model, Stepping and Platform IDThe Processor Signature is a number identifying the model and version of an Intel processor. It can be obtained using the CPUID instruction, via the command lscpu, or from the content of /proc/cpuinfo. It's usually presented as 3 fields: Family, Model, and Stepping. For example, if a processor returns a value of "0x000906eb" from the CPUID instruction:
The corresponding Linux formatted file name will be "06-9e-0b", where:
A processor may be implemented for multiple platform types. Intel processors have a 3bit Platform ID field in MSR(17H) that specifies the platform type for up to 8 types. An MCU file for a specified processor model may support multiple platforms. The Platform ID(s) supported by an MCU is an 8bit mask where each set bit indicates a platform type that the MCU supports. The Platform ID of a processor can be read in Linux using rdmsr from msr-tools. Microcode update instructionsThe intel-ucode directory contains binary MCU files named in the Early-load updateTo update early loading initrd, consult your Linux distribution on how to package MCU files for early loading. Some distributions use Late-load updateTo update the intel-ucode package to the system:
If you are using the OS vendor method to apply an MCU, the above steps may have been done automatically during the update process. The intel-ucode-with-caveats directory contains MCUs that need special handling. The BDX-ML MCU is provided in this directory because it requires special commits in the Linux kernel otherwise updating it might result in unexpected system behavior. OS vendors must ensure that the late loader patches (provided in linux-kernel-patches) are included in the distribution before packaging the BDX-ML MCU for late-loading. The linux-kernel-patches directory consists of kernel patches that address various issues related to applying MCUs. Notes
LicenseSee the license file for details. Security PolicySee the security.md file for details. Release NoteSee the releasenote.md file for details. DisclaimersIntel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at www.intel.com. No product or component can be absolutely secure. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request. Intel provides these materials as-is, with no express or implied warranties. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. *Other names and brands may be claimed as the property of others. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论