[ubuntu-hardened] intel{, amd64}-microcode packages and where is the microcode option (vide "Software & Updates - Additional Drivers" tab)?
daniel curtis
sidetripping at gmail.com
Thu May 10 07:46:39 UTC 2018
Hello Seth,
Thank You for an answer. It seems, that my testing computer processor
is on the list revealed by Intel Corp. I mean a list of processors
that won't receive "Meltdown & Spectre" patches etc. (see my first
message). On Tue. May 8., 'intel-microcode' package has been updated
to v3.20180425.1~ubuntu0.16.04.1 version. However, after system reboot
nothing has changed - no IBRS/IBPB/STIBP microcode support.
The one thing that changed is a 'revision' number. Without
'intel-microcode' package it was e.g. "revision=0xa01", after
mentioned auto-install of 'intel{,amd64}-microcode' packages, via
apt(8), "revision" number has changed to: "0xa02". And now, after
update from Tue. May 8. it's "revision=0xa01" again! Strange. It looks
like the new 'intel-microcode' package version is bringing back the
default "revision" value!
Well, if Intel will not provide any microcode updates for this
particullar processor type, designed to mitigate mentioned
vulnerabilities, I think 'intel-microcode' package can/should be
removed... I don't know what to do. Really.
Seth, and what about 'microcode' options in "Software & Updates -
Additional Drivers" tab? Can You check if it's available in your
system? (It can be checked, for example, by running 'update-manager'
command, next "Settings" and "Additional drivers" tab.)
Thanks, best regards.
2018-05-09 22:48 GMT, Seth Arnold <seth.arnold at canonical.com>:
> On Wed, May 09, 2018 at 06:13:49PM +0000, daniel curtis wrote:
>> So, I would like to ask if it was normal, that apt(8) installed such
>> packages? And why both since it's an Intel processor (but with 64. bit
>
> Hello Daniel,
>
> We're going to modify the kernel packages to require the cpu microcode
> packages to be installed. APT cannot decide whether or not to install
> the microcode packages based on the CPU in use. Everyone will have the
> pacakges installed, regardless if Intel has provided any useful fixes
> for any specific CPU.
>
> I strongly recommend leaving this alone and just install the updates as
> we pass them along from Intel. You do not gain anything from trying to
> second-guess Intel's fixes, if any.
>
> Thanks
>
More information about the ubuntu-hardened
mailing list