An Intel engineer has proposed a Linux patch that would alert users when their system is running outdated microcode. This development comes in the wake of the recent Intel 13th Generation and 14th Generation degradation fiasco, which has now led to a class action lawsuit against the tech giant.
Microcode, a set of low-level instructions embedded within Intel’s processors, plays a crucial role in addressing critical flaws and security vulnerabilities. These microcode updates are typically delivered through BIOS updates or the operating system’s kernel, allowing Intel to push fixes and improvements to its CPUs post-launch.
The proposed Linux patch argues that running a system with outdated microcode cannot be considered safe, as it leaves the system vulnerable to potential issues. The patch suggests that users should be clearly and concisely informed when their system is running an older version of the microcode, effectively tagging the system as “vulnerable” or “not vulnerable” based on the status of the microcode.
This information would be reported in a specific file, “/sys/devices/system/cpu/vulnerabilities/old_microcode,” allowing users to easily check the status of their system’s microcode and take appropriate action if necessary.
To facilitate this process, the patch introduces a new flag, “X86_BUG_OLD_MICROCODE,” which will be used to identify whether the CPU is running an outdated version of the microcode. The Linux kernel will maintain a list of the latest microcode versions based on Intel’s git repository, providing a reference point for determining the system’s microcode status.
However, the patch acknowledges a potential flaw in this approach. Since microcode can be updated through both the BIOS and the operating system’s kernel, the system might report a false positive if the BIOS-loaded microcode is newer than the one in the git repository. To address this issue, the author suggests that Intel should publish an “Authoritative List” of all CPUs and their respective microcode versions, ensuring a comprehensive and accurate reference point for the system’s vulnerability status.
It’s important to note that this patch does not impose any restrictions on running older microcode versions. Instead, its primary objective is to inform the end-user that their system is potentially susceptible to flaws or performance degradation, as evidenced by the recent Intel 13th Generation and 14th Generation issues.
On a positive note, Intel has already begun to roll out microcode updates through the kernel itself, aiming to simplify the process for users and reduce the burden of BIOS updates. However, the company has also reported that the 0x129 microcode, which addresses a significant increase in the minimum voltage to the CPU (Vmin), will not be offered through Windows Updates.
As the industry continues to grapple with the implications of microcode vulnerabilities, this Linux patch from an Intel engineer serves as a proactive step towards empowering users with the information they need to maintain the security and stability of their Intel-based systems. It remains to be seen whether mainstream Linux distributions will adopt a similar approach, and if AMD’s Ryzen series could also benefit from a comparable microcode monitoring solution.
Add Comment