Microcode
This document describes various ways how to update a CPU's microcode in Gentoo.
Contents
Introduction
Modern processors are complex devices that can have bugs. Furthermore, instead of executing x86 instructions directly, modern x86 processors contain internal code that implements support for the x86 instruction set. The internal code is called microcode. Microcode can be updated to fix or mitigate CPU bugs.
And because Gentoo is about choices there there isn't just one way to update a CPU's microcode. Please choose the workflow which suits your setup.
Preconditions
Ensure you have installed the package which is providing microcode updates for your processor. Install sys-kernel/linux-firmware and/or sys-firmware/intel-microcode:
root #emerge --ask sys-kernel/linux-firmware sys-firmware/intel-microcodeAny way to load microcode into the CPU must go through the kernel. Thus the respective options need to be enabled in the kernel configuration. Depending on the make of the CPU installed on the system, choose AMD or Intel microcode loading support (it does not hurt to choose both):
Processor type and features ---> [*] CPU microcode loading support [*] Intel microcode loading support [*] AMD microcode loading support
Dracut
root #dracut --early-microcode/etc/dracut.conf.d/microcode.confearly_microcode="yes"
Genkernel
When using sys-kernel/genkernel, ensure the package containing microcode updates for the processor(s) have been installed (see below). Be sure to call genkernel with the --microcode option:
root #genkernel --microcodeTo generate a new initramfs with microcode included, call:
root #genkernel --microcode initramfsBe sure to instruct the bootloader to load the newly generated initramfs.
It is recommended genkernel.conf is updated to contains the following code:
/etc/genkernel.conf# Add in early microcode support MICROCODE="yes"
so that you don't need to remember to pass the --microcode parameter all the time.
You need >=sys-kernel/genkernel-3.5.0.7 for microcode support which isn't yet stabilized. Please see for how to keyword a single package.
The manual way
<Please help!>
Early microcode loading
Basically you provide the microcode as the first initramfs (aka initrd, in cpio format) to the kernel during boot. Grub (both legacy and grub2) lets you specify multiple cpio images separated by space in the initrd command.
GRUB2 supports loading an early microcode. If the microcode file is named after one of the following: intel-uc.img, intel-ucode.img, amd-uc.img, amd-ucode.img, early_ucode.cpio, or microcode.cpio, it will be automatically detected when running grub-mkconfig. To declare a microcode file named differently, e.g. ucode.cpio, add this line to /etc/default/grub:
/etc/default/grubGRUB_EARLY_INITRD_LINUX_CUSTOM="ucode.cpio"
Regenerate the grub.cfg with:
root #grub-mkconfig -o /boot/grub/grub.cfgGenerating grub configuration file ... Found linux image: /boot/vmlinuz-4.6.3-gentoo Found initrd image: /boot/early_ucode.cpio /initramfs-genkernel-x86_64-4.6.3-gentoo done
This is similar to what you should see, minus the initramfs if you do not have one.
Late microcode loading
To manually instruct the kernel to reload microcodes, do
root #echo 1 > /sys/devices/system/cpu/microcode/reloadand watch dmesg for any errors. This loading mechanism looks for microcode blobs in /lib/firmware/{intel-ucode,amd-ucode}.
You must run the command above after every reboot or firmware package update.
Specifics
<Please help!>
AMD specifics
AMD microcodes are bundled in the sys-kernel/linux-firmware package. A more lengthy guide is found in the AMD microcode article.
Intel specifics
Intel microcodes are bundled in the sys-firmware/intel-microcode package. Detailed instructions can be found in the Intel microcode article.