intel/Intel-Linux-Processor-Microcode-Data-Files
The Intel Processor Microcode Update (MCU) Package provides a mechanism to release updates for security advisories and functional issues, including errata. In addition, MCUs are responsible for starting the SGX enclave (on processors that support the SGX feature), implementing complex behaviors (such as assists), and more. The preferred method to apply MCUs is using the system BIOS. For a subset of Intel’s processors, the MCU can also be updated at runtime using the operating system. The Intel Microcode Package shared here contains updates for those processors that support OS loading of MCUs.
Updating your microcode can help to mitigate certain potential security vulnerabilities in CPUs as well as address certain functional issues that could, for example, result in unpredictable system behavior such as hangs, crashes, unexpected reboots, data errors, etc. To learn more about applying MCUs to an Intel processor, see Microcode Update Guidance.
Loading microcode updates
This package is provided for Linux distributors for inclusion in their OS releases. Intel recommends obtaining the latest MCUs using the OS vendor update mechanism. A good starting point is OS and Software Vendor. Expert users can update their microcode directly outside the OS vendor mechanism. However, this method is complex and could result in errors if performed incorrectly. Such errors could include but are not limited to system freezes, inability to boot, performance impacts, logical processors loading different updates, and some updates not taking effect. As a result, this method should be attempted by expert users only.
MCUs are best loaded from the BIOS. Certain MCUs must only be applied from the BIOS. Such MCUs are never packaged in this package since they are not appropriate for OS distribution. An OEM may receive microcode update packages that are a superset of what is contained in this package for inclusion in a BIOS.
OS vendors may choose to provide an MCU that the kernel can consume for early loading. For example, Linux can apply an MCU very early in the kernel boot sequence. In situations where a BIOS update isn’t available, early loading is the next best alternative to updating processor microcode. Microcode states are reset on a power reset, hence its required that the MCU be loaded every time during boot process.
Using the initrd method to load an MCU is recommended as this method will load the MCU at the earliest time for the most coverage. Systems that cannot tolerate downtime may use the late-load method to update a running system without a reboot.
About Processor Signature, Family, Model, Stepping and Platform ID
The Processor Signature is a number identifying the model and version of an Intel processor. It can be obtained using the CPUID instruction, via the command lscpu, or from the content of /proc/cpuinfo. It’s usually presented as 3 fields: Family, Model, and Stepping.
For example, if a processor returns a value of «0x000906eb» from the CPUID instruction:
| Reserved | Extended Family | Extended Model | Reserved | Processor Type | Family Code | Model Number | Stepping ID |
|---|---|---|---|---|---|---|---|
| 31:28 | 27:20 | 19:16 | 15:14 | 13:12 | 11:8 | 7:4 | 3:0 |
| xxxx | 00000000b | 1001b | xx | 00b | 0110b | 1110b | 1011b |
The corresponding Linux formatted file name will be «06-9e-0b», where:
- Extended Family + Family = 0x06
- Extended Model + Model Number = 0x9e
- Stepping dir=»auto»>A processor may be implemented for multiple platform types. Intel processors have a 3bit Platform ID field in MSR(17H) that specifies the platform type for up to 8 types. An MCU file for a specified processor model may support multiple platforms. The Platform ID(s) supported by an MCU is an 8bit mask where each set bit indicates a platform type that the MCU supports. The Platform ID of a processor can be read in Linux using rdmsr from msr-tools.
Microcode update instructions
The intel-ucode directory contains binary MCU files named in the family-model-stepping format. This file format is supported by most modern Linux distributions. It’s generally located in the /lib/firmware directory and can be updated through the microcode reload interface following the late-load update instructions below.
To update early loading initrd, consult your Linux distribution on how to package MCU files for early loading. Some distributions use update-initramfs or dracut . Use the OS vendors recommended method to help ensure that the MCU file is updated for early loading before attempting the late-load procedure below.
To update the intel-ucode package to the system:
- Ensure the existence of /sys/devices/system/cpu/microcode/reload
- Download the latest microcode firmware
$ git clone https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git or
$ wget https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip - Copy intel-ucode directory to /lib/firmware , overwriting the files in /lib/firmware/intel-ucode/
- Write the reload interface to 1 to reload the microcode files, e.g.
$ echo 1 > /sys/devices/system/cpu/microcode/reload
Microcode updates will be applied automatically without rebooting the system. - Update an existing initramfs so that next time it gets loaded via kernel:
$ sudo update-initramfs -u
$ sudo reboot - Verify that the microcode was updated on boot or reloaded by echo command:
$ dmesg | grep microcode or
$ cat /proc/cpuinfo | grep microcode | sort | uniq
If you are using the OS vendor method to apply an MCU, the above steps may have been done automatically during the update process.
The intel-ucode-with-caveats directory contains MCUs that need special handling. The BDX-ML MCU is provided in this directory because it requires special commits in the Linux kernel otherwise updating it might result in unexpected system behavior. OS vendors must ensure that the late loader patches (provided in linux-kernel-patches) are included in the distribution before packaging the BDX-ML MCU for late-loading.
The linux-kernel-patches directory consists of kernel patches that address various issues related to applying MCUs.
- You can only update to a higher MCU version (downgrade is not possible with the provided instructions)
- To calculate Family-Model-Stepping, use Linux command:
$ printf «%x\n» - There are multiple ways to check the MCU version number BEFORE update. After cloning this Intel Microcode update repo , run the following:
- $ iucode_tool -l intel-ucode | grep -wF sig (iucode_tool package is required)
- $ od -t x4 will read the first 16 bytes of the microcode binary header specified in . The third block is the microcode version. For example: $ od -t x4 06-55-04
0000000 00000001 *02000065* 09052019 00050654
See the license file for details.
See the security.md file for details.
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
Releases: intel/Intel-Linux-Processor-Microcode-Data-Files
microcode-20230512-rev2
Release Notes
microcode-20230512-rev2
Purpose
• Update for functional issues. Refer to 13th Generation Intel® Core™ Processor Specification Update for details.
• Update for functional issues. Refer to 12th Generation Intel® Core™ Processor Family for details.
• Update for functional issues. Refer to 11th Gen Intel® Core™ Processor Specification Update for details.
• Update for functional issues. Refer to 10th Generation Intel® Core™ Processor Specification Update for details.
• Update for functional issues. Refer to 10th Gen Intel® Core™ Processor Families Specification Update for details.
• Update for functional issues. Refer to 8th and 9th Generation Intel® Core™ Processor Family Spec Update for details.
• Update for functional issues. Refer to 8th Generation Intel® Core™ Processor Families Specification Update for details.
• Update for functional issues. Refer to 7th and 8th Generation Intel® Core™ Processor Specification Update for details.
• Update for functional issues. Refer to Intel® Processors and Intel® Core™ i3 N-Series for details.
• Update for functional issues. Refer to 4th Gen Intel® Xeon® Scalable Processors Specification Update for details.
• Update for functional issues. Refer to 3rd Generation Intel® Xeon® Scalable Processors Specification Update for details.
• Update for functional issues. Refer to 2nd Generation Intel® Xeon® Processor Scalable Family Specification Update for details.
• Update for functional issues. Refer to Intel® Xeon® Processor Scalable Family Specification Update for details.
• Update for functional issues. Refer to 3rd Generation Intel® Xeon® Processor Scalable Family Specification Update for details.
• Update for functional issues. Refer to Intel® Xeon® E-2300 Processor Specification Update for details.
• Update for functional issues. Refer to Intel® Xeon® D-2700 Processor Specification Update for details.
• Update for functional issues. Refer to Intel® Xeon® D-2100 Processor Specification Update for details.New Platforms
Processor Stepping F-M-S/PI Old Ver New Ver Products ADL-N A0 06-be-00/01 00000010 Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E AZB A0 06-9a-04/40 00000004 Intel(R) Atom(R) C1100 AZB R0 06-9a-04/40 00000004 Intel(R) Atom(R) C1100 Updated Platforms
Processor Stepping F-M-S/PI Old Ver New Ver Products ADL L0 06-9a-03/80 00000429 0000042a Core Gen12 ADL L0 06-9a-04/80 00000429 0000042a Core Gen12 AML-Y22 H0 06-8e-09/10 000000f0 000000f2 Core Gen8 Mobile AML-Y42 V0 06-8e-0c/94 000000f4 000000f6 Core Gen10 Mobile CFL-H R0 06-9e-0d/22 000000f4 000000f8 Core Gen9 Mobile CFL-H/S P0 06-9e-0c/22 000000f0 000000f2 Core Gen9 CFL-H/S/E3 U0 06-9e-0a/22 000000f0 000000f2 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 06-9e-0b/02 000000f0 000000f2 Core Gen8 CFL-U43e D0 06-8e-0a/c0 000000f0 000000f2 Core Gen8 Mobile CLX-SP B0 06-55-06/bf 04003303 04003501 Xeon Scalable Gen2 CLX-SP B1 06-55-07/bf 05003303 05003501 Xeon Scalable Gen2 CML-H R1 06-a5-02/20 000000f4 000000f6 Core Gen10 Mobile CML-S102 Q0 06-a5-05/22 000000f4 000000f6 Core Gen10 CML-S62 G1 06-a5-03/22 000000f4 000000f6 Core Gen10 CML-U62 V1 A0 06-a6-00/80 000000f4 000000f6 Core Gen10 Mobile CML-U62 V2 K1 06-a6-01/80 000000f4 000000f6 Core Gen10 Mobile CML-Y42 V0 06-8e-0c/94 000000f4 000000f6 Core Gen10 Mobile CPX-SP A1 06-55-0b/bf 07002503 07002601 Xeon Scalable Gen3 ICL-D B0 06-6c-01/10 01000211 01000230 Xeon D-17xx, D-27xx ICL-U/Y D1 06-7e-05/80 000000b8 000000ba Core Gen10 Mobile ICX-SP D0 06-6a-06/87 0d000389 0d000390 Xeon Scalable Gen3 KBL-G/H/S/E3 B0 06-9e-09/2a 000000f0 000000f2 Core Gen7; Xeon E3 v6 KBL-U/Y H0 06-8e-09/c0 000000f0 000000f2 Core Gen7 Mobile LKF B2/B3 06-8a-01/10 00000032 00000033 Core w/Hybrid Technology RKL-S B0 06-a7-01/02 00000057 00000058 Core Gen11 RPL-H 6+8 J0 06-ba-02/07 0000410e 00004112 Core Gen13 RPL-P 6+8 J0 06-ba-02/07 0000410e 00004112 Core Gen13 RPL-S S0 06-b7-01/32 00000112 00000113 Core Gen13 RPL-U 2+8 Q0 06-ba-03/07 0000410e 00004112 Core Gen13 SKX-D H0 06-55-04/b7 02006e05 02006f05 Xeon D-21xx SKX-SP B1 06-55-03/97 01000161 01000171 Xeon Scalable SKX-SP H0/M0/U0 06-55-04/b7 02006e05 02006f05 Xeon Scalable SPR-HBM B3 06-8f-08/10 2c000170 2c0001d1 Xeon Max SPR-SP E0 06-8f-04/87 2b000181 2b000461 Xeon Scalable Gen4 SPR-SP E2 06-8f-05/87 2b000181 2b000461 Xeon Scalable Gen4 SPR-SP E3 06-8f-06/87 2b000181 2b000461 Xeon Scalable Gen4 SPR-SP E4 06-8f-07/87 2b000181 2b000461 Xeon Scalable Gen4 SPR-SP E5 06-8f-08/87 2b000181 2b000461 Xeon Scalable Gen4 SPR-SP S2 06-8f-07/87 2b000181 2b000461 Xeon Scalable Gen4 SPR-SP S3 06-8f-08/87 2b000181 2b000461 Xeon Scalable Gen4 TGL B1 06-8c-01/80 000000a6 000000aa Core Gen11 Mobile TGL-H R0 06-8d-01/c2 00000042 00000044 Core Gen11 Mobile TGL-R C0 06-8c-02/c2 00000028 0000002a Core Gen11 Mobile WHL-U V0 06-8e-0c/94 000000f4 000000f6 Core Gen8 Mobile WHL-U W0 06-8e-0b/d0 000000f0 000000f2 Core Gen8 Mobile