This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spectre, etc: Would installing the Linux processor microcode (/etc/firmware) break UTM?

Hi

I'm running 9.506-2 home edition on a fanless mini PC (based on an Intel j1900 and with a big SSD and 4 GB of RAM). I sourced the hardware - advertised as an 'industrial router ' - from a Chinese supplier, and whilst I am totally delighted with it, they have just informed me that they will not be producing any BIOS updates (to patch the microcode) and obviously, we are all now aware of this Spectre and Meltdown stuff, so my curiosity was piqued when just watching the 'Security Now!' podcast (SN-646) and Steve Gibson mentioning that Linux based machines can patch the microcode on the fly (by simply placing it in the /etc/firmware directory) and I was just curious to know whether anybody had tried this (or had any thoughts on trying this) with a Sophos UTM installation (and, of course, whether the UTM build would even implement it)?

Looking at the UTM installation, I see there's no firmware directory in /etc, but it would be easy enough to create one and copy the code from a USB stick. Whether there would be any benefit in doing so is not something I have yet looked into (though I strongly suspect not, for Sophos installation) but the idea of it intrigued me enough to post this question (and also just to make Linux users aware of this).

Below is the text from the Intel page and below that is the URL to that page:

Purpose

This microcode data file contains the latest microcode definitions for all Intel processors. Intel releases these updates periodically. These microcode data files correct processor behavior as documented in the respective processor specification guidelines.

While the regular approach to getting this microcode update is via a BIOS update, Intel realizes that this can be an administrative hassle. The Linux* operating system has a mechanism to update the microcode after booting. For example, this file will be used by the operating system mechanism if the file is placed in the /etc/firmware directory of the Linux system.

downloadcenter.intel.com/.../Linux-Processor-Microcode-Data-File

All the best
Briain :-)


This thread was automatically locked due to age.
Parents
  • Well I didn't try this with the UTM. In general this is normal behavior for an OS, Windows does this too. But as you stated there is no directory for that, so maybe this will not be loaded.

    And more important Intel draw the Updates back and a lot of companies too. VMware for example, after I finished patching the hosts :-)

    So wait before you get more problems then before.

    -

Reply
  • Well I didn't try this with the UTM. In general this is normal behavior for an OS, Windows does this too. But as you stated there is no directory for that, so maybe this will not be loaded.

    And more important Intel draw the Updates back and a lot of companies too. VMware for example, after I finished patching the hosts :-)

    So wait before you get more problems then before.

    -

Children
No Data