WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: [Howto] Create and use AMD microcodes with grub2 bootloader  (Read 1876 times)

aus9

  • Guest
[Howto] Create and use AMD microcodes with grub2 bootloader
« on: March 05, 2023, 05:23:23 AM »
Warning try at own risk

Introduction

ARM processors users can ignore this post as
Quote
An Arm processor SNIP does not use digital microcode SNIP
https://www.zdnet.com/article/arm-processors-everything-you-need-to-know-now/

Bios updates are preferred over using early loading microcodes
Microcodes are useful if motherboard maker has no recent bios updates or
third party bios maker reluctant to provide updates or
you may be reluctant to flash bios as you may be concerned you might "brick" your motherboard.
Some motherboards can have dual bios setups YMMV

Kernel series 6.1 and higher no longer allow late loading of microcodes.
Quote
With kernel version 6.1 a late microcode loading is not possible anymore because it is now disabled by default
https://wiki.gentoo.org/wiki/Microcode

Why else is it important to use early loading microcodes?
Quote
Loading microcode early can fix CPU issues before they are observed during kernel boot time
https://www.kernel.org/doc/html/v5.18/x86/microcode.html

Contents
Post 2 create AMD all current microcodes
Post 3 create AMD microcode for your CPU family

Where possible I include a command and my output in a quote box. I use a quote box
to make certain links scrollable

Research current bios microcodes.
Code: [Select]
grep microcode /proc/cpuinfo
Quote
grep microcode /proc/cpuinfo
microcode   : 0x8108109
microcode   : 0x8108109
microcode   : 0x8108109
microcode   : 0x8108109
The duplication of microcodes means 4 cores.

I also used
https://wiki.archlinux.org/title/microcode

Note that early loading microcodes reside in RAM so are lost on shutdown or reboot.
They can not update your bios firmware. But you can regain them by using the same bootloader menu.

If you are too lazy to have multiple boot loader menus, you could try
a live edit of bootloader to disable microcodes from *ucode image
Quote
dis_ucode_ldr
Proof boot code worked can be seen by not giving any hits for
Code: [Select]
dmesg | grep microcodeNote that boot code needs understems and fails with hyphens.

For those migrating from persistent file distros, we do do not use
Code: [Select]
sudo update-initramfs -uto embed microcodes into our core or rootfs

Research to see if you can use an early loading
microcode for your CPU

step 1
Identify your AMD cpu family
Code: [Select]
grep -F -m 1 "cpu family" /proc/cpuinfo
Quote
cpu family :23

step 2
check link for possible matches
https://wiki.gentoo.org/wiki/AMD_microcode#Microcode_firmware_files
decimal 23 becomes 17 hexadecimal (=17h)

17h has 3 possible firmware but only one is Ryzen so...

step 3 if needed for 17h or 19h....one way to check
Code: [Select]
tce-load -w -i inxi
inxi -Cxxx
Quote
inxi -Cxxx
CPU:
Info: quad core model: AMD Ryzen 3 3200G with Radeon Vega Graphics bits: 64
type: MCP smt: <unsupported> arch: Zen/Zen+ note: check rev: 1 cache:

step 4 If still unsure start a new forum post
I suggest you post inxi -Cxxx and inxi -Mxxx
Quote
inxi -Mxxx
Machine:
  Type: Desktop Mobo: Micro-Star model: B450 GAMING PLUS MAX (MS-7B86) v: 3.0
    serial: <superuser required> BIOS: American Megatrends LLC. v: H.C0
    date: 05/17/2021

You can not use early loading unless your current CPU falls under family
15h to 19h

aus9

  • Guest
Re: [Howto] Create and use AMD microcodes with grub2 bootloader
« Reply #1 on: March 05, 2023, 05:26:33 AM »
Create and use all available AMD microcodes

LIST1 may need more if members find my errors .
LIST2 will need new AMD families added at a later date.
Note sure why no family 18 at this stage. Maybe only for Windows 9? ;)

run command as a local user (not root) please
Code: [Select]
cat >> ~/.local/bin/allamd.sh <<'EOF'
#!/bin/sh
USER=`cat /etc/sysconfig/tcuser`
LIST1="file libarchive "
for Z in $LIST1
    do
    su -c "tce-load -w $Z" $USER
    su -c "tce-load -i $Z" $USER
done

echo 'provides bsdcpio and file commands'

cd /tmp
echo 'cleaning tmp of any microcodes and any old kernel dir'
rm -rf *amd*bin kernel

DIR=kernel/x86/microcode
mkdir -p $DIR

echo 'downloading git microcodes'
URL=https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode
M=microcode_amd_fam
LIST2="15h 16h 17h 19h "
for Z in $LIST2
    do
    su -c "wget -nc --no-check-certificate $URL/$M$Z.bin" $USER
    done

echo $DIR/microcode_amd*.bin > $DIR/AuthenticAMD.bin
echo $DIR/AuthenticAMD.bin | bsdcpio -o -H newc -R 0:0 > amd-ucode.img
file amd-ucode.img
EOF

Make it executable
Code: [Select]
chmod 755 ~/.local/bin/allamd.shNow run it ( I have already downloaded and installed TCEs
 to reduce lines of output)
Code: [Select]
sudo allamd.sh
Quote
sudo allamd.sh
file is already downloaded.
file is already installed!
libarchive is already downloaded.
libarchive is already installed!
provides bsdcpio and file commands
cleaning tmp of any microcodes and any old kernel dir
downloading git microcodes
Connecting to git.kernel.org (145.40.73.55:443)
saving to 'microcode_amd_fam15h.bin'
microcode_amd_fam15h 100% |******************************************************************************| 56327  0:00:00 ETA
'microcode_amd_fam15h.bin' saved
Connecting to git.kernel.org (145.40.73.55:443)
saving to 'microcode_amd_fam16h.bin'
microcode_amd_fam16h 100% |******************************************************************************| 27188  0:00:00 ETA
'microcode_amd_fam16h.bin' saved
Connecting to git.kernel.org (145.40.73.55:443)
saving to 'microcode_amd_fam17h.bin'
microcode_amd_fam17h 100% |******************************************************************************| 68327  0:00:00 ETA
'microcode_amd_fam17h.bin' saved
Connecting to git.kernel.org (145.40.73.55:443)
saving to 'microcode_amd_fam19h.bin'
microcode_amd_fam19h 100% |******************************************************************************|  112k  0:00:00 ETA
'microcode_amd_fam19h.bin' saved
1 block
amd-ucode.img: ASCII cpio archive (SVR4 with no CRC)
Move /tmp/amd-ucode.img to your boot loader folder and adjust your boot loader menu
Copy curent grub2 menuentry (or whatever you are using) and then edit copy with a renamed menuentry to show microcode.
At time of post, I am booting into alpha 14x. Grub2 does not need a boot dir, instead you can use grub dir so line might read
initrd /grub/amd-ucode.img /grub/rootfs64.gz /grub/modules64.gz

Quote
menuentry "microcodes" {
set root=blah blah
linux blah blah
initrd /boot/amd-ucode.img /boot/rootfs64.gz /boot/modules64.gz
}

Full reboot and run
Code: [Select]
dmesg | grep microcode
Quote
dmesg | grep microcode
microcode: CPU0: patch_level=0x08108109
microcode: CPU1: patch_level=0x08108109
microcode: CPU2: patch_level=0x08108109
microcode: CPU3: patch_level=0x08108109
microcode: Microcode Update Driver: v2.2

From Gentoo wiki, to explain why "updated" is missing in my output
Quote
It is possible the microcode has already been fully updated by the system's firmware vendor.
In that case the dmesg output does not contain the update log message
You may have different dmesg results with examples as per arch wiki.

Future updates
For AMD, you can bookmark the URL in your favourite web browser
and check for log date changes.

If you plan to build a specific microcode see next post.

aus9

  • Guest
Re: [Howto] Create and use AMD microcodes with grub2 bootloader
« Reply #2 on: March 05, 2023, 05:28:22 AM »
Create and use single AMD microcode

As per research, you already know your AMD family so just edit
the allamd.sh to name only your family.so for me LIST2="17h"
rename script to something you can recognise eg oneamd.sh
and then run it using sudo powers and move the amd-ucode.img to
boot dir etc

Not alot of space is saved, but its easier to bookmark only one git
log for one CPU family. eg for 17h...below url contains "log"
Quote
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/amd-ucode/microcode_amd_fam17h.bin

Good Luck

aus9

  • Guest
Re: [Howto] Create and use AMD microcodes with grub2 bootloader
« Reply #3 on: August 14, 2023, 03:04:05 AM »
Hi
on TC32 we do not have libarchive so adjust that to libarchive3 please.

2) Also I have only just read of "inception" malware for zen 3 or 4 CPUs
https://www.tomshardware.com/news/amd-inception-vulnerability-affects-zen-3-and-4

one way to check if you are affected if you have not kept your receipts/box etc is

Code: [Select]
tce-load -i inxi
inxi -Cxxx

my result in quote box
Quote
inxi -Cxxx
CPU:
  Info: quad core model: AMD Ryzen 3 3200G with Radeon Vega Graphics bits: 64
    type: MCP smt: <unsupported> arch: Zen/Zen+ note: check rev: 1 cache:
    L1: 384 KiB L2: 2 MiB L3: 4 MiB
SNIP

then go to
https://en.wikipedia.org/wiki/List_of_AMD_Ryzen_processors

and search for your string eg 3200G which tells me I have a ryzen+ which is older than a zen 3 or 4

thanks for reading