[ubuntu-hardened] intel{, amd64}-microcode packages and where is the microcode option (vide "Software & Updates - Additional Drivers" tab)?

daniel curtis sidetripping at gmail.com
Wed May 9 18:13:49 UTC 2018 

Hello.

I would like to ask a question about 'intel{,amd64}-microcode'
packages. During system and Linux v4.4.0-123-generic kernel updating
process via apt(8), on one of my testing computer running 16.04 LTS
Release, there was an information that "The following NEW packages
will be installed" etc. (it was about both mentioned 'microcode'
packages). I did not have these packages installed, until then.

It's an Intel processor, but it seems, that Intel Corporation will not
publish any microcode updates for some processor. Intel reveals (on
Apr. 3., 2018) list of processors that won't receive "Meltdown &
Spectre" patches. It seems, that some of older processors won't
receive any microcode updates designed to mitigate mentioned
vulnerabilities. On the list we can find, for example: Bloomfield,
Bloomfield Xeon, Clarksfield, Gulftown, Gulftown, Harpertown Xeon C0
and E0 etc.

So, I would like to ask if it was normal, that apt(8) installed such
packages? And why both since it's an Intel processor (but with 64. bit
instruction support)? There is not and was not any informations about
this, for example, on the Xenial-changes mailing list! I'm really
confused by this.

Anyway, can I remove both packages (since there is no changes related
to the microcode and "Spectre & Meltdown" mitigations on this testing
computer; just 'revision' change in '/proc/cpuinfo' virtual file
or/and dmesg(1) etc.)?

On Tue., May 8. there was a security update for 'intel-microcode'
package (see 1). But what about 'amd64-microcode'? The last time,
apt(8) installed both packages: 'intel{,amd64}-microcode'. Maybe it
was a bug?

By the way: a couple of weeks ago, about a month ago, I noticed, that
there is no microcode option in the "Additional Drivers" tab
(available, for example, in Xfce4 "Settings" menu etc.) There is just
one option to choose: NVIDIA driver or an Open Source version -
'nouveau'. There always was an option to choose/enable device -
microcode (an example of how it looked; see 2.) Now, there is no
'microcode' option, even with 'intel{,amd64}-microcode' packages
installed.

Can someone of you check this one on his own computer? (For now, I
have an access to my testing computer only). Maybe it's a bug and
should be a bug report should be created on Launchpad?

Thanks, best regards.
_____________________
1. https://lists.ubuntu.com/archives/xenial-changes/2018-May/020972.html
2. https://i.stack.imgur.com/8WAEw.png

More information about the ubuntu-hardened mailing list