Linux Processor Microcode Data File 20180108 is out now

Jan 10, 2018 11:35 GMT  ·  By

Intel has released an updated microcode patch for Linux-based operating systems to address the Meltdown and Spectre security vulnerabilities.

By now, everyone heard about Meltdown and Spectre, two severe hardware bugs that affect billions of devices, putting them at risk of attacks as unprivileged attackers could steal your sensitive data stored in kernel memory using a locally installed application or via the Internet using malicious scripts. Intel, AMD, and ARM processors are affected by these security exploits.

Intel promised last week to release updated microcode to address the Meltdown and Spectre bugs, and the patch is finally here, available for numerous of its processors released in the past five years. Users are urged to update the microcode (installation instructions are available below) immediately. The entire list is attached at the end of the article, and Intel has also listed some of the officially supported Linux-based operating systems.

These include Red Hat Enterprise Linux 7.4, 7.3, 7.2, 7.1, and 7.0, Red Hat Enterprise Linux 6.8, 6.7, 6.6, 6.5, 6.4, 6.3, and 6.2, SUSE Linux Enterprise Server 12, SP3, SP2, and SP1, SUSE Linux Enterprise Server 11, SP4, SP3, SP2, and SP1, SUSE Linux Enterprise Server (SLES) 12.2, CentOS 7.4, 7.3, 7.2, 7.1, and 7.0, Debian 8.x and 7.x, Fedora 24 and 23, as well as Ubuntu 16.04 LTS and 14.04 LTS.

Intel also lists Red Hat Linux, SUSE Linux, Ubuntu, OpenDesktop, Google Chrome OS, and Chromium OS as supported operating systems, which means that any distro based on these OSes can be updated. Therefore, we recommend all OS vendors to download this patch and port it to their GNU/Linux distribution if it's based on Ubuntu, SUSE, Red Hat, etc.

Here's how to update the Intel CPU microcode on Linux

The archive released by Intel for Linux OSes contains a microcode.dat file, which is available in a traditional text format and still used in some Linux distros, allowing users to update the Intel CPU microcode through the old microcode update interface that's available in the Linux kernel with and can be enabled with the CONFIG_MICROCODE_OLD_INTERFACE=y option.

To update the microcode.dat to the system, you will need to first ensure the existence of /dev/cpu/microcode and then write microcode.dat to the file with the dd if=microcode.dat of=/dev/cpu/microcode bs=1M command in a terminal emulator. Once the writing process is complete, you will have to reboot your computer for any changes to take effect.

"While the regular approach to getting this microcode update is via a BIOS update, Intel realizes that this can be an administrative hassle. The Linux operating system has a mechanism to update the microcode after booting. For example, this file will be used by the operating system mechanism if the file is placed in the /etc/firmware directory of the Linux system," says Intel.

The updated microcode archive also contains an intel-ucode folder, which is the second method of installing the microcode, supported by most modern GNU/Linux distributions. To update this way, ensure the existence of /sys/devices/system/cpu/microcode/reload, copy the entire intel-ucode directory to /lib/firmware, overwrite the files in /lib/firmware/intel-ucode/, write the reload interface to 1 to reload the microcode files (e.g.  echo 1 > /sys/devices/system/cpu/microcode/reload), and reboot.

Show Press Release