Intel microcode

This article Article description::describes the process of updating the [[microcode on Intel processors.]]

Kernel
The following kernel support is required to be built-in:

Emerge
Install the microcode firmware package and the manipulation tool:

Configuration
To manually generate the microcode archive use :

Genkernel
If is used to generate the initrd then add the  option to have it prepend an early cpio with the Intel and AMD microcode inside. No modifications to the bootloader config are necessary below.

Syslinux
Multiple initrd files are separated by commas in the  line. Set to load first:

GRUB Legacy
Add the generated microcode to the kernel command-line as the first. The root initramfs goes second separated by space. This step is necessary even if the system does not use an initrd image in order to boot. The microcode update merely leverages the initrd hooks:

GRUB
Starting with version 2.02-r1, GRUB supports loading an early microcode. If the microcode file is named after one of the following:, , , , , or , it will be automatically detected when running. To declare a microcode file named differently, e.g., add this line to :

Regenerate the with:

Or, for earlier versions than 2.02-r1, edit directly to add the  as the first initrd:

Finally, reboot.

rEFInd
This example system has the EFI partition mounted to. The Linux kernel and initrd files have been placed in on the Linux rootfs.

If using the initrd keyword instead of the options keyword for specifying initrd, then try specifying multiple initrd files via separate initrd keywords, or migrate the declarations into options. Specifying multiple initrd via one initrd keyword fails on rEFInd. As always, make sure is the first initrd specified.

Review and edit the kernel cmdline options from the rEFInd bootloader. With the Gentoo OS entry highlighted, press to access the menu entries, and press  again over the desired entry to review and edit. This is very useful for quick experimenting without need to edit.

{{FileBox|filename=/boot/refind_linux.conf|lang=text|1= "Boot using default options"    "root=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX rw initrd=boot\intel-ucode.img initrd=boot\amd-ucode.img initrd=boot\initramfs-%v.img" } }}

Finalize the configuration in. Keep in mind that rEFInd searches initramfs relatively partition, so if the /boot partition is separate, search it with "initrd=intel-ucode.img initrd=initramfs-%v.img" (because boot partition don't have /boot folder). Use backslashes \, or the kernel may not find the files. See for keyword descriptions and The rEFInd Homepage for more on how to use rEFInd.

systemd-boot
Add the microcode as an argument to an initrd line. If an initrd line already exists, ensure the microcode entry occurs first. The path to the microcode should be absolute to the root of the ESP.

For more information, see The Boot Loader Specification.

Xen (EFI)
Add a line to the with the ucode option. The path to the microcode is relative to the binary. Ensure to write the microcode into the correct location (default is ) or copy it there.

For more information, see the Xen EFI documentation.

Software
The -20171117-r1 package has been rewritten to use to process microcode data files. Users can now use the MICROCODE_SIGNATURES variable to install only a subset of microcode data files.

To install microcode data files for the system processor(s):

To install microcode data files for a specific processor use, or   to exclude a specific processor. An empty or undefined MICROCODE_SIGNATURES variable will install all microcode data files.

Install the microcode data files:

The -20171117-r1 installs which can be used to identify the processor signature(s).

To find the appropriate filename(s) for the listed signature(s) use:

The signature is found in microcode bundle, so the filename to use is.

Kernel
Enable and configure the CONFIG_MICROCODE, CONFIG_MICROCODE_INTEL , CONFIG_FIRMWARE_IN_KERNEL , CONFIG_EXTRA_FIRMWARE and CONFIG_EXTRA_FIRMWARE_DIR kernel options.

Rebuild and install the kernel as usual.

Verification
After the next reboot, the loaded microcode revision can be verified by running:

The output should include:

Here is an example of a CPU with no available microcode updates (microcode already current) or the system was not configured to load them properly:

Here is the same CPU but with microcode updates being applied successfully:

External resources

 * http://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html - An example unofficial source for microcodes