Arch Linux

7733 readers

1 users here now

The beloved lightweight distro

founded 4 years ago

MODERATORS

[email protected]

Loading amd-ucode.img useless on consumer CPUs? (kbin.social)

submitted 1 year ago by [email protected] to c/[email protected]

6 comments fedilink hide all child comments

I read that AMD microcode from the AGESA always has a higher patch version number than the microcode supplied by the kernel. The lastest microcode version from the linux-firmware repo the latest version for family 0x19 are:

Microcode patches in microcode_amd_fam19h.bin:
Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 Length=5568 bytes

My CPU (Ryzen 5900x) reports [ 0.579161] microcode: CPU0: patch_level=0x0a20120a, though? My BIOS is from January, the amd-ucode was update in July.

Others have come to the same observation and speculate that the linux-firmware microcode is only for Epyc. AMD in their statement about inception only talks about updating microcode via AGESA.

https://www.phoronix.com/forums/forum/phoronix/latest-phoronix-articles/1402527-amd-inception-cpu-vulnerability-disclosed?p=1402567#post1402567
https://www.phoronix.com/forums/forum/hardware/processors-memory/1349645-amd-publishes-new-family-19h-cpu-microcode?p=1349760#post1349760
https://www.reddit.com/r/archlinux/comments/hdrron/amd_microcode_not_loading/

Anyone having more information on this?

top 6 comments

sorted by: hot top controversial new old

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago) (1 children)

Anyone having hardware access to an epic CPU ? Could you please report the numbers from zstdcat /lib/firmware/amd-ucode/README.zst vs the patch level reported by grep microcode /proc/cpuinfo, even if you run a different distro ?

[–] [email protected] 2 points 1 year ago (1 children)

I don’t have that README.zst file in Ubuntu 22.04 LTS, but the amd64-microcode version is 3.20191218.1ubuntu2. The package source code should be here (The server has not rebooted since the last package update).

$ grep "\(microcode\|model name\)" /proc/cpuinfo | head -2
model name      : AMD EPYC 7742 64-Core Processor
microcode       : 0x8301025

[–] [email protected] 3 points 1 year ago

Thx a lot for checking this, you gave me the missing part in the puzzle.

It was hard to find the actual patch increase, but the latest commit lists the current patch level:

+      - New microcodes:
+      + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a Length=3200 bytes   &lt;--- Your processor, higher patch version
+      + Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 Length=3200 bytes
+    - Updated microcodes:
+      + Family=0x17 Model=0x08 Stepping=0x02: Patch=0x0800820d Length=3200 bytes
+      + Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
+    - CVE-2023-20593

I guess that pretty much confirms the theory, AMD only rolls microcode for Epyc and there is no magic sauce why the patch version are all over the place on their consumer chips. For me, the worst thing is their lack of transparency. Guess they're justification is ridiculous and incomprehensible from a customer standpoint, otherwise they would have communicated it.

Also funny that Ubuntu 22.04 doesn't ship microcode for Zen3 and higher, why don't they backport such things?

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

If I have a Ryzen 3900x, how would I go about checking this for myself? I can see the patch_level (0x08701030) in my journalctl but not sure which family I should be looking at. It doesn't seem to appear anywhere in that list you linked though.

[–] [email protected] 2 points 1 year ago (1 children)

The family is printed in the kernel log: [ 0.380496] smpboot: CPU0: AMD Ryzen 9 5900X 12-Core Processor (family: 0x19, model: 0x21, stepping: 0x2)

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Ah thanks! Seems like the 3900x isn't even listed in the README.