[kwlug-disc] Meltown fix for Linux kernel

doug moen doug at moens.org
Mon Jan 22 18:10:28 EST 2018 

I run Ubuntu 16.04, and intel-microcode *is* installed on my system. It's
part of the "restricted" repository (non-open-source), so if you have that
repository disabled, you won't get it.

On 22 January 2018 at 17:58, Khalid Baheyeldin <kb at 2bits.com> wrote:

> On Mon, Jan 22, 2018 at 5:51 PM, Bob Jonkman <bjonkman at sobac.com> wrote:
>
>> Um, Ubuntu and Debian both have packages "intel-microcode" that have
>> been a standard part of stable/updates for a long time, well before
>> the Spectre/Meltdown issues.
>>
>
> I installed Xubuntu on this Intel laptop, nothing fancy, and microcode did
> not
> get installed:
>
> $ dpkg -l | grep microcod
> $
>
>
>> > Package: intel-microcode Version: 3.20180108.0~ubuntu16.04.2
>> > Priority: extra Section: admin Origin: Ubuntu Maintainer: Ubuntu
>> > Developers <ubuntu-devel-discuss at lists.ubuntu.com>
>> > Original-Maintainer: Henrique de Moraes Holschuh <hmh at debian.org>
>> > Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size:
>> > 1,507 kB Depends: iucode-tool (>= 1.0) Recommends: initramfs-tools
>> > (>= 0.113~) Conflicts: microcode.ctl (<< 0.18~0) Homepage:
>> > http://feeds.downloadcenter.intel.com/rss/?p=483&lang=eng
>> > Supported: 5y Download-Size: 1,088 kB APT-Sources:
>> > http://mirror.csclub.uwaterloo.ca/ubuntu xenial-updates/main amd64
>> > Packages Description: Processor microcode firmware for Intel CPUs
>> > This package contains updated system processor microcode for Intel
>> > i686 and Intel X86-64 processors.  Intel releases microcode updates
>> > to correct processor behavior as documented in the respective
>> > processor specification updates.
>>
>> (yes, that's from the vulnerable one that's just been rolled back)
>>
>> And if your were fortunate/clever enough to purchase AMD instead of
>> Intel then there's "amd64-microcode".
>>
>
> Same on my AMD servers (actually desktops that are used as servers).
> Nothing of that sort got installed by default.
>
>
>> If you haven't been updating *-microcode then your CPU will use the
>> original, burned-in microcode, full of bugs present at original
>> manufacturing (unless you've been updating your BIOS/UEFI, which may
>> have supplied microcode patches for you).
>>
>> I recommend that you install the *-microcode package (at the current
>> revision level), especially in today's environment of rampant hardware
>> vulnerabilities.
>>
>> There's an explanation of how Debian handles microcode:
>> https://wiki.debian.org/Microcode
>>
>> - --Bob, who is about to embark on another round of patching servers.
>>
>
> Will consider installing microcode packages after this whole fiasco is
> over.
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180122/477854d7/attachment.htm>

More information about the kwlug-disc mailing list