How to install/update Intel microcode firmware on Linux

ADVERTISEMENTS



How to find out current status of microcode

I am a new Linux sysadmin. How do I install or update microcode firmware for Intel/AMD CPUs on Linux using the command line option?A microcode is nothing but CPU firmware provided by Intel or AMD. The Linux kernel can update the CPU’s firmware without the BIOS update at boot time. Processor microcode is stored in RAM and kernel update the microcode during every boot. These microcode updates from Intel/AMD needed to fix bugs or apply errata to avoid CPU bugs. This page shows how to install AMD or Intel microcode update using package manager or processor microcode updates supplied by Intel on Linux.

Run the following command as root user:

# dmesg | grep microcode

Sample outputs:



Please note that it is entirely possible that there is no microcode update available for your CPU. In that case it will look as follows:

[ 0.952699] microcode: sig=0x306a9, pf=0x10, revision=0x1c [ 0.952773] microcode: Microcode Update Driver: v2.2.

How to install Intel microcode firmware on Linux using a package manager

Tool to transform and deploy CPU microcode update for x86/amd64 comes with Linux. The procedure to install AMD or Intel microcode firmware on Linux is as follows:

Open the terminal app Debian/Ubuntu Linux user type: sudo apt install intel-microcode CentOS/RHEL Linux user type: sudo yum install microcode_ctl

The package names are as follows for popular Linux distros:

microcode_ctl and linux-firmware – CentOS/RHEL microcode update package

intel-microcode – Debian/Ubuntu and clones microcode update package for Intel CPUS

amd64-microcode – Debian/Ubuntu and clones microcode firmware for AMD CPUs

linux-firmware – Arch Linux microcode firmware for AMD CPUs (installed by default and no action is needed on your part)

intel-ucode – Arch Linux microcode firmware for Intel CPUs

microcode_ctl, linux-firmware and ucode-intel – Suse/OpenSUSE Linux microcode update package

Warning: In some cases, microcode update may cause boot issues such as server getting hang or resets automatically at the time of boot. The procedure worked for me, and I am an experienced sysadmin. I do not take responsibility for any hardware failures. Do it at your own risk.

Examples

Type the following apt command/apt-get command on a Debian/Ubuntu Linux for Intel CPU:

$ sudo apt-get install intel-microcode

Sample outputs:



You must reboot the box to activate micocode update:

$ sudo reboot

Verify it after reboot:

# dmesg | grep 'microcode'

Sample outputs:

[ 0.000000] microcode: microcode updated early to revision 0x1c, date = 2015-02-26 [ 1.604672] microcode: sig=0x306a9, pf=0x10, revision=0x1c [ 1.604976] microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba

If you are using RHEL/CentOS try installing or updating the following two packages using yum command:

$ sudo yum install linux-firmware microcode_ctl

$ sudo reboot

$ sudo dmesg | grep 'microcode'

How to update/install microcode downloaded from Intel site

Only use the following method when recommended by your vendor otherwise stick to Linux packages as described above. Most Linux distro maintainer update microcode via the package manager. Package manager method is safe as tested by many users.

How to install Intel processor microcode blob for Linux (20180108 release)

Ok, first visit AMD or Intel site to grab the latest microcode firmware. In this example, I have a file named ~/Downloads/microcode-20180108.tgz (don’t forget to check for checksum) that suppose to help with meltdown/Spectre. First extract it using the tar command:

$ mkdir firmware

$ cd firmware

$ tar xvf ~/Downloads/microcode-20180108.tgz

$ ls -l

Sample outputs:

drwxr-xr-x 2 vivek vivek 4096 Jan 8 12:41 intel-ucode -rw-r--r-- 1 vivek vivek 4847056 Jan 8 12:39 microcode.dat -rw-r--r-- 1 vivek vivek 1907 Jan 9 07:03 releasenote

I tested the following instructions on a CentOS 7.x/RHEL 7.x/Debian 9.x and Ubuntu 17.10 only. Older kernel shipped with older distro might not work if you do not see /sys/devices/system/cpu/microcode/reload file. See discussion below. Please note that few customers getting of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center cpus used in server. Do not apply Intel firmware release 20180108 on Intel Broadwell and Haswell CPUs. If possible use package manager method.

Make sure /sys/devices/system/cpu/microcode/reload exits:

$ ls -l /sys/devices/system/cpu/microcode/reload

You must copy all files from intel-ucode to /lib/firmware/intel-ucode/ using the cp command:

$ sudo cp -v intel-ucode/* /lib/firmware/intel-ucode/

You just copied intel-ucode directory to /lib/firmware/. Write the reload interface to 1 to reload the microcode files:

# echo 1 > /sys/devices/system/cpu/microcode/reload

Update an existing initramfs so that next time it get loaded via kernel:

$ sudo update-initramfs -u

$ sudo reboot

Verifying that microcode got updated on boot or reloaded by echo command:

# dmesg | grep microcode

That is all. You have just updated firmware for your Intel CPU.

References