Tiny Core Linux
General TC => General TC Talk => Topic started by: aus9 on March 05, 2023, 05:23:23 AM
-
Warning try at own risk
Introduction
ARM processors users can ignore this post as
An Arm processor SNIP does not use digital microcode SNIP
https://www.zdnet.com/article/arm-processors-everything-you-need-to-know-now/
Bios updates are preferred over using early loading microcodes
Microcodes are useful if motherboard maker has no recent bios updates or
third party bios maker reluctant to provide updates or
you may be reluctant to flash bios as you may be concerned you might "brick" your motherboard.
Some motherboards can have dual bios setups YMMV
Kernel series 6.1 and higher no longer allow late loading of microcodes.
With kernel version 6.1 a late microcode loading is not possible anymore because it is now disabled by default
https://wiki.gentoo.org/wiki/Microcode
Why else is it important to use early loading microcodes?
Loading microcode early can fix CPU issues before they are observed during kernel boot time
https://www.kernel.org/doc/html/v5.18/x86/microcode.html
Contents
Post 2 create AMD all current microcodes
Post 3 create AMD microcode for your CPU family
Where possible I include a command and my output in a quote box. I use a quote box
to make certain links scrollable
Research current bios microcodes.
grep microcode /proc/cpuinfo
grep microcode /proc/cpuinfo
microcode : 0x8108109
microcode : 0x8108109
microcode : 0x8108109
microcode : 0x8108109
The duplication of microcodes means 4 cores.
I also used
https://wiki.archlinux.org/title/microcode
Note that early loading microcodes reside in RAM so are lost on shutdown or reboot.
They can not update your bios firmware. But you can regain them by using the same bootloader menu.
If you are too lazy to have multiple boot loader menus, you could try
a live edit of bootloader to disable microcodes from *ucode image
dis_ucode_ldr
Proof boot code worked can be seen by not giving any hits for
dmesg | grep microcodeNote that boot code needs understems and fails with hyphens.
For those migrating from persistent file distros, we do do not use sudo update-initramfs -uto embed microcodes into our core or rootfs
Research to see if you can use an early loading
microcode for your CPU
step 1
Identify your AMD cpu family
grep -F -m 1 "cpu family" /proc/cpuinfocpu family :23
step 2
check link for possible matches
https://wiki.gentoo.org/wiki/AMD_microcode#Microcode_firmware_files
decimal 23 becomes 17 hexadecimal (=17h)
17h has 3 possible firmware but only one is Ryzen so...
step 3 if needed for 17h or 19h....one way to check
tce-load -w -i inxi
inxi -Cxxxinxi -Cxxx
CPU:
Info: quad core model: AMD Ryzen 3 3200G with Radeon Vega Graphics bits: 64
type: MCP smt: <unsupported> arch: Zen/Zen+ note: check rev: 1 cache:
step 4 If still unsure start a new forum post
I suggest you post inxi -Cxxx and inxi -Mxxx
inxi -Mxxx
Machine:
Type: Desktop Mobo: Micro-Star model: B450 GAMING PLUS MAX (MS-7B86) v: 3.0
serial: <superuser required> BIOS: American Megatrends LLC. v: H.C0
date: 05/17/2021
You can not use early loading unless your current CPU falls under family
15h to 19h
-
Create and use all available AMD microcodes
LIST1 may need more if members find my errors .
LIST2 will need new AMD families added at a later date.
Note sure why no family 18 at this stage. Maybe only for Windows 9? ;)
run command as a local user (not root) please
cat >> ~/.local/bin/allamd.sh <<'EOF'
#!/bin/sh
USER=`cat /etc/sysconfig/tcuser`
LIST1="file libarchive "
for Z in $LIST1
do
su -c "tce-load -w $Z" $USER
su -c "tce-load -i $Z" $USER
done
echo 'provides bsdcpio and file commands'
cd /tmp
echo 'cleaning tmp of any microcodes and any old kernel dir'
rm -rf *amd*bin kernel
DIR=kernel/x86/microcode
mkdir -p $DIR
echo 'downloading git microcodes'
URL=https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode
M=microcode_amd_fam
LIST2="15h 16h 17h 19h "
for Z in $LIST2
do
su -c "wget -nc --no-check-certificate $URL/$M$Z.bin" $USER
done
echo $DIR/microcode_amd*.bin > $DIR/AuthenticAMD.bin
echo $DIR/AuthenticAMD.bin | bsdcpio -o -H newc -R 0:0 > amd-ucode.img
file amd-ucode.img
EOF
Make it executable
chmod 755 ~/.local/bin/allamd.shNow run it ( I have already downloaded and installed TCEs
to reduce lines of output)
sudo allamd.sh
sudo allamd.sh
file is already downloaded.
file is already installed!
libarchive is already downloaded.
libarchive is already installed!
provides bsdcpio and file commands
cleaning tmp of any microcodes and any old kernel dir
downloading git microcodes
Connecting to git.kernel.org (145.40.73.55:443)
saving to 'microcode_amd_fam15h.bin'
microcode_amd_fam15h 100% |******************************************************************************| 56327 0:00:00 ETA
'microcode_amd_fam15h.bin' saved
Connecting to git.kernel.org (145.40.73.55:443)
saving to 'microcode_amd_fam16h.bin'
microcode_amd_fam16h 100% |******************************************************************************| 27188 0:00:00 ETA
'microcode_amd_fam16h.bin' saved
Connecting to git.kernel.org (145.40.73.55:443)
saving to 'microcode_amd_fam17h.bin'
microcode_amd_fam17h 100% |******************************************************************************| 68327 0:00:00 ETA
'microcode_amd_fam17h.bin' saved
Connecting to git.kernel.org (145.40.73.55:443)
saving to 'microcode_amd_fam19h.bin'
microcode_amd_fam19h 100% |******************************************************************************| 112k 0:00:00 ETA
'microcode_amd_fam19h.bin' saved
1 block
amd-ucode.img: ASCII cpio archive (SVR4 with no CRC)
Move /tmp/amd-ucode.img to your boot loader folder and adjust your boot loader menu
Copy curent grub2 menuentry (or whatever you are using) and then edit copy with a renamed menuentry to show microcode.
At time of post, I am booting into alpha 14x. Grub2 does not need a boot dir, instead you can use grub dir so line might read
initrd /grub/amd-ucode.img /grub/rootfs64.gz /grub/modules64.gz
menuentry "microcodes" {
set root=blah blah
linux blah blah
initrd /boot/amd-ucode.img /boot/rootfs64.gz /boot/modules64.gz
}
Full reboot and run
dmesg | grep microcode
dmesg | grep microcode
microcode: CPU0: patch_level=0x08108109
microcode: CPU1: patch_level=0x08108109
microcode: CPU2: patch_level=0x08108109
microcode: CPU3: patch_level=0x08108109
microcode: Microcode Update Driver: v2.2
From Gentoo wiki, to explain why "updated" is missing in my output
It is possible the microcode has already been fully updated by the system's firmware vendor.
In that case the dmesg output does not contain the update log message
You may have different dmesg results with examples as per arch wiki.
Future updates
For AMD, you can bookmark the URL in your favourite web browser
and check for log date changes.
If you plan to build a specific microcode see next post.
-
Create and use single AMD microcode
As per research, you already know your AMD family so just edit
the allamd.sh to name only your family.so for me LIST2="17h"
rename script to something you can recognise eg oneamd.sh
and then run it using sudo powers and move the amd-ucode.img to
boot dir etc
Not alot of space is saved, but its easier to bookmark only one git
log for one CPU family. eg for 17h...below url contains "log"
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/amd-ucode/microcode_amd_fam17h.bin
Good Luck
-
Hi
on TC32 we do not have libarchive so adjust that to libarchive3 please.
2) Also I have only just read of "inception" malware for zen 3 or 4 CPUs
https://www.tomshardware.com/news/amd-inception-vulnerability-affects-zen-3-and-4
one way to check if you are affected if you have not kept your receipts/box etc is
tce-load -i inxi
inxi -Cxxx
my result in quote box
inxi -Cxxx
CPU:
Info: quad core model: AMD Ryzen 3 3200G with Radeon Vega Graphics bits: 64
type: MCP smt: <unsupported> arch: Zen/Zen+ note: check rev: 1 cache:
L1: 384 KiB L2: 2 MiB L3: 4 MiB
SNIP
then go to
https://en.wikipedia.org/wiki/List_of_AMD_Ryzen_processors
and search for your string eg 3200G which tells me I have a ryzen+ which is older than a zen 3 or 4
thanks for reading