Gentoo Linux installations without initramfs: Updating Intel CPU microcode revisited

In a previous post I described how I updated the CPU microcode on my Clevo W230SS laptop running Gentoo Linux (Stable Branch). Today I decided to check if a newer version of microcode had been released since then and apply it.

First I checked the current state of my installation…

The CPU microcode version in use was the version I had installed last year:

root # grep microcode /proc/cpuinfo
microcode       : 0x1c
microcode       : 0x1c
microcode       : 0x1c
microcode       : 0x1c
microcode       : 0x1c
microcode       : 0x1c
microcode       : 0x1c
microcode       : 0x1c

The existing kernel image was still configured as necessary:

root # grep CONFIG_BLK_DEV_INITRD /usr/src/linux/.config
CONFIG_BLK_DEV_INITRD=y
root # grep CONFIG_MICROCODE /usr/src/linux/.config
CONFIG_MICROCODE=y
CONFIG_MICROCODE_INTEL=y
root # CONFIG_MICROCODE_AMD is not set
CONFIG_MICROCODE_OLD_INTERFACE=y
CONFIG_MICROCODE_INTEL_EARLY=y
root # CONFIG_MICROCODE_AMD_EARLY is not set
CONFIG_MICROCODE_EARLY=y
root # grep CONFIG_INITRAMFS_SOURCE /usr/src/linux/.config
CONFIG_INITRAMFS_SOURCE=""

The relevant packages I installed last year were sys-apps/microcode-ctl-1.28-r1, sys-apps/microcode-data-20150121-r1 and sys-apps/iucode_tool-1.3. Since then I have updated the installation regularly, and I now found microcode-ctl-1.28-r1 and iucode_tool-1.5 installed but the package microcode-data had been replaced by the new package sys-firmware/intel-microcode-20160607:

root # eix microcode
[I] sys-apps/microcode-ctl
     Available versions:  1.23 (~)1.27 (~)1.28 (~)1.28-r1 {selinux}
     Installed versions:  1.28-r1(15:06:33 26/08/15)(-selinux)
     Homepage:            https://fedorahosted.org/microcode_ctl/
     Description:         Intel processor microcode update utility

[I] sys-firmware/intel-microcode
     Available versions:  20140430 (~)20140624 (~)20140913 20150121 (~)20150121-r1 (~)20151106 (~)20160607 {initramfs monolithic +split-ucode}
     Installed versions:  20160607(23:02:24 25/06/16)(initramfs split-ucode -monolithic)
     Homepage:            http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=26083
     Description:         Intel IA32/IA64 microcode update data

Found 2 matches
root # eix iucode_tool
[I] sys-apps/iucode_tool
     Available versions:  (~)1.3 (~)1.5
     Installed versions:  1.5(15:57:21 13/12/15)
     Homepage:            https://gitlab.com/iucode-tool/
     Description:         tool to manipulate Intel X86 and X86-64 processor microcode update collections

I checked the relevant contents of package.use and package.accept_keywords and found that Portage had updated automatically the files to reflect the replacement of package sys-apps/microcode-data by the package sys-firmware/intel-microcode (Portage is an excellent package manager!):

root # cat /etc/portage/package.use/microcode-data
# move sys-apps/microcode-data sys-firmware/intel-microcode
sys-firmware/intel-microcode initramfs
root # cat /etc/portage/package.accept_keywords/microcode-data
# move sys-apps/microcode-data sys-firmware/intel-microcode
sys-firmware/intel-microcode ~amd64
sys-apps/iucode_tool ~amd64

The file /lib/firmware/microcode.cpio and the contents of /lib/firmware/intel-ucode/ had indeed changed since I applied the last CPU microcode update:

root # ls -la /lib/firmware/microcode.cpio
-rw-r--r-- 1 root root 946176 Jun 25 23:02 /lib/firmware/microcode.cpio
root # ls -la /lib/firmware/intel-ucode/
total 1052
drwxr-xr-x  2 root root  4096 Jun 25 23:02 .
drwxr-xr-x 75 root root 16384 Jun 25 23:02 ..
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-03-02
-rw-r--r--  1 root root  6144 Jun 25 23:02 06-05-00
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-05-01
-rw-r--r--  1 root root  6144 Jun 25 23:02 06-05-02
-rw-r--r--  1 root root  8192 Jun 25 23:02 06-05-03
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-06-00
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-06-05
-rw-r--r--  1 root root  6144 Jun 25 23:02 06-06-0a
-rw-r--r--  1 root root  6144 Jun 25 23:02 06-06-0d
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-07-01
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-07-02
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-07-03
-rw-r--r--  1 root root 10240 Jun 25 23:02 06-08-01
-rw-r--r--  1 root root  4096 Jun 25 23:02 06-08-03
-rw-r--r--  1 root root 10240 Jun 25 23:02 06-08-06
-rw-r--r--  1 root root  6144 Jun 25 23:02 06-08-0a
-rw-r--r--  1 root root  6144 Jun 25 23:02 06-09-05
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-0a-00
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-0a-01
-rw-r--r--  1 root root  4096 Jun 25 23:02 06-0b-01
-rw-r--r--  1 root root  4096 Jun 25 23:02 06-0b-04
-rw-r--r--  1 root root  2048 Jun 25 23:02 06-0d-06
-rw-r--r--  1 root root  4096 Jun 25 23:02 06-0e-08
-rw-r--r--  1 root root  8192 Jun 25 23:02 06-0e-0c
-rw-r--r--  1 root root  8192 Jun 25 23:02 06-0f-02
-rw-r--r--  1 root root 12288 Jun 25 23:02 06-0f-06
-rw-r--r--  1 root root  8192 Jun 25 23:02 06-0f-07
-rw-r--r--  1 root root  4096 Jun 25 23:02 06-0f-0a
-rw-r--r--  1 root root 28672 Jun 25 23:02 06-0f-0b
-rw-r--r--  1 root root 12288 Jun 25 23:02 06-0f-0d
-rw-r--r--  1 root root 12288 Jun 25 23:02 06-16-01
-rw-r--r--  1 root root 20480 Jun 25 23:02 06-17-06
-rw-r--r--  1 root root  4096 Jun 25 23:02 06-17-07
-rw-r--r--  1 root root 24576 Jun 25 23:02 06-17-0a
-rw-r--r--  1 root root 14336 Jun 25 23:02 06-1a-04
-rw-r--r--  1 root root 10240 Jun 25 23:02 06-1a-05
-rw-r--r--  1 root root 15360 Jun 25 23:02 06-1c-02
-rw-r--r--  1 root root 20480 Jun 25 23:02 06-1c-0a
-rw-r--r--  1 root root  4096 Jun 25 23:02 06-1d-01
-rw-r--r--  1 root root  6144 Jun 25 23:02 06-1e-04
-rw-r--r--  1 root root  7168 Jun 25 23:02 06-1e-05
-rw-r--r--  1 root root  8192 Jun 25 23:02 06-25-02
-rw-r--r--  1 root root  3072 Jun 25 23:02 06-25-05
-rw-r--r--  1 root root 10240 Jun 25 23:02 06-26-01
-rw-r--r--  1 root root 10240 Jun 25 23:02 06-2a-07
-rw-r--r--  1 root root 16384 Jun 25 23:02 06-2d-06
-rw-r--r--  1 root root 17408 Jun 25 23:02 06-2d-07
-rw-r--r--  1 root root 13312 Jun 25 23:02 06-2f-02
-rw-r--r--  1 root root 12288 Jun 25 23:02 06-3a-09
-rw-r--r--  1 root root 22528 Jun 25 23:02 06-3c-03
-rw-r--r--  1 root root 17408 Jun 25 23:02 06-3d-04
-rw-r--r--  1 root root 13312 Jun 25 23:02 06-3e-04
-rw-r--r--  1 root root 11264 Jun 25 23:02 06-3e-06
-rw-r--r--  1 root root 15360 Jun 25 23:02 06-3e-07
-rw-r--r--  1 root root 32768 Jun 25 23:02 06-3f-02
-rw-r--r--  1 root root 15360 Jun 25 23:02 06-3f-04
-rw-r--r--  1 root root 20480 Jun 25 23:02 06-45-01
-rw-r--r--  1 root root 24576 Jun 25 23:02 06-46-01
-rw-r--r--  1 root root 11264 Jun 25 23:02 06-47-01
-rw-r--r--  1 root root 96256 Jun 25 23:02 06-4e-03
-rw-r--r--  1 root root 25600 Jun 25 23:02 06-4f-01
-rw-r--r--  1 root root 28672 Jun 25 23:02 06-56-02
-rw-r--r--  1 root root 96256 Jun 25 23:02 06-5e-03
-rw-r--r--  1 root root  4096 Jun 25 23:02 0f-00-07
-rw-r--r--  1 root root  6144 Jun 25 23:02 0f-00-0a
-rw-r--r--  1 root root  2048 Jun 25 23:02 0f-01-02
-rw-r--r--  1 root root  6144 Jun 25 23:02 0f-02-04
-rw-r--r--  1 root root  8192 Jun 25 23:02 0f-02-05
-rw-r--r--  1 root root  2048 Jun 25 23:02 0f-02-06
-rw-r--r--  1 root root  6144 Jun 25 23:02 0f-02-07
-rw-r--r--  1 root root  6144 Jun 25 23:02 0f-02-09
-rw-r--r--  1 root root  2048 Jun 25 23:02 0f-03-02
-rw-r--r--  1 root root  2048 Jun 25 23:02 0f-03-03
-rw-r--r--  1 root root  7168 Jun 25 23:02 0f-03-04
-rw-r--r--  1 root root 10240 Jun 25 23:02 0f-04-01
-rw-r--r--  1 root root  2048 Jun 25 23:02 0f-04-03
-rw-r--r--  1 root root  3072 Jun 25 23:02 0f-04-04
-rw-r--r--  1 root root  3072 Jun 25 23:02 0f-04-07
-rw-r--r--  1 root root  9216 Jun 25 23:02 0f-04-08
-rw-r--r--  1 root root  2048 Jun 25 23:02 0f-04-09
-rw-r--r--  1 root root  4096 Jun 25 23:02 0f-04-0a
-rw-r--r--  1 root root  3072 Jun 25 23:02 0f-06-02
-rw-r--r--  1 root root  6144 Jun 25 23:02 0f-06-04
-rw-r--r--  1 root root  2048 Jun 25 23:02 0f-06-05
-rw-r--r--  1 root root  2048 Jun 25 23:02 0f-06-08

So I was in a position to apply the latest CPU microcode…

I mounted the /boot partition:

root # mount /dev/sda1 /boot
root # ls -1 /boot
System.map-3.18.11-gentoo
config-3.18.11-gentoo
grub
lost+found
microcode.cpio
vmlinuz-3.18.11-gentoo

Then I copied the new version of the file microcode.cpio to the /boot partition:

root # cp /lib/firmware/microcode.cpio /boot/

I made sure /boot/grub/grub.cfg still contained the extra line ‘initrd /microcode.cpio‘ I had added in the past:

root # grep -B 15 -A 1 initrd /boot/grub/grub.cfg

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Gentoo GNU/Linux' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-525a90f1-8ad2-44a3-ade3-20f18a0a9595' {
        load_video
        insmod gzio
        insmod part_msdos
        insmod ext2
        set root='hd0,msdos1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1  f6ffc085-66fe-4bbe-b080-cec355749f85
        else
          search --no-floppy --fs-uuid --set=root f6ffc085-66fe-4bbe-b080-cec355749f85
        fi
        echo    'Loading Linux 3.18.11-gentoo ...'
        linux   /vmlinuz-3.18.11-gentoo root=/dev/sda5 ro  drm_kms_helper.edid_firmware=edid/1920x1080_Clevo_W230SS.bin i915.modeset=1 rcutree.rcu_idle_gp_delay=1 acpi_enforce_resources=lax
        initrd /microcode.cpio
}
submenu 'Advanced options for Gentoo GNU/Linux' $menuentry_id_option 'gnulinux-advanced-525a90f1-8ad2-44a3-ade3-20f18a0a9595' {
        menuentry 'Gentoo GNU/Linux, with Linux 3.18.11-gentoo' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.18.11-gentoo-advanced-525a90f1-8ad2-44a3-ade3-20f18a0a9595' {
                load_video
                insmod gzio
                insmod part_msdos
                insmod ext2
                set root='hd0,msdos1'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1  f6ffc085-66fe-4bbe-b080-cec355749f85
                else
                  search --no-floppy --fs-uuid --set=root f6ffc085-66fe-4bbe-b080-cec355749f85
                fi
                echo    'Loading Linux 3.18.11-gentoo ...'
                linux   /vmlinuz-3.18.11-gentoo root=/dev/sda5 ro  drm_kms_helper.edid_firmware=edid/1920x1080_Clevo_W230SS.bin i915.modeset=1 rcutree.rcu_idle_gp_delay=1 acpi_enforce_resources=lax
                initrd /microcode.cpio
        }

Then I rebooted and checked to make sure the new version of CPU microcode is being applied:

root # grep microcode /proc/cpuinfo
microcode       : 0x20
microcode       : 0x20
microcode       : 0x20
microcode       : 0x20
microcode       : 0x20
microcode       : 0x20
microcode       : 0x20
microcode       : 0x20
root # dmesg | grep microcode
[    0.000000] CPU0 microcode updated early to revision 0x20, date = 2016-03-16
[    0.049437] CPU1 microcode updated early to revision 0x20, date = 2016-03-16
[    0.064540] CPU2 microcode updated early to revision 0x20, date = 2016-03-16
[    0.079569] CPU3 microcode updated early to revision 0x20, date = 2016-03-16
[    0.265322] microcode: CPU0 sig=0x306c3, pf=0x10, revision=0x20
[    0.265425] microcode: CPU1 sig=0x306c3, pf=0x10, revision=0x20
[    0.265524] microcode: CPU2 sig=0x306c3, pf=0x10, revision=0x20
[    0.265620] microcode: CPU3 sig=0x306c3, pf=0x10, revision=0x20
[    0.265717] microcode: CPU4 sig=0x306c3, pf=0x10, revision=0x20
[    0.265815] microcode: CPU5 sig=0x306c3, pf=0x10, revision=0x20
[    0.265913] microcode: CPU6 sig=0x306c3, pf=0x10, revision=0x20
[    0.266011] microcode: CPU7 sig=0x306c3, pf=0x10, revision=0x20
[    0.266127] microcode: Microcode Update Driver: v2.00 <tigran@aivazian.fsnet.co.uk>, Peter Oruba

Notice the microcode version has changed from 0x1c to 0x20. Mission accomplished.🙂

About Fitzcarraldo
A Linux user with an interest in all things technical.

3 Responses to Gentoo Linux installations without initramfs: Updating Intel CPU microcode revisited

  1. Anonymous says:

    You don’t need to jump through all those hoops once you know the signature for your processor (e.g. by running “iucode_tool -S”, or by looking for the sig=0x microcode update log entries in the kernel boot log).

    You could just search for your processor signature in the changelog published by the Debian’s intel-microcode package maintainer, since all microcode comes ultimately from Intel anyway. Apparently, the Debian people don’t believe in flying as blind as the other distros do… it looks like iucode_tool is actually written by the same guy that packages intel-microcode for Debian and Ubuntu.

    Here: https://anonscm.debian.org/cgit/users/hmh/intel-microcode.git/tree/changelog

  2. Daniel says:

    Hi, Fitzcarraldo, I’d like to ask for your advice, if you don’t mind.

    I’m only since few months ago with Gentoo. I followed the official guide to install it and I think I haven’t read any mention to the necessity of installing this microcode thing, in fact I’m not very sure what it is or what ir serves for.
    But I have an Acer laptop with an Interl Core i3 M370 CPU on which I installed Gentoo few weeks ago and there’s something curious that I think it might be related: whenever I start the machine and the system is ready, every app I open for the first time in the session takes a lot to load, then, if I close and reopen it, it opens almost instantly. One could think it’s something related to caching, that apps like a web browser take a lot to load for the first time and the next times caché helps a lot, but it results that it also happens with minuscule CLI commands: “date”, “cal”, whatever, take a couple of seconds to be executed the first time. I don’t think such tiny commands can be affected by memory or disk speeds, not at least in a computer 5 years old.
    Looking at Ksysguard one can see that one of the two CPU’s cores rises up to 100% for those few seconds it takes for the CLI commands to execute; when relaunching the commands, it doesn’t move a milimeter up in the graphic. So it seems to me that it isn’t related to disk, memory nor caché but to CPU. Does that microcode help with this or it has other purposes?
    On the other hand, the computer that is working with Gentoo since some months ago neither has intel-microcode installed, and works perfectly; it has another different Intel CPU though, but as I say, no microcode and no unexpected risings of CPU use.

    Thanks for you time.

    • Fitzcarraldo says:

      CPUs use microcode (software) instead of hard-wired circuitry for many functions, Read the Wikipedia article on microcode to understand what microcode is: Microcode. That article states:

      “Microcode simplified the job by allowing much of the processor’s behaviour and programming model to be defined via microprogram routines rather than by dedicated circuitry. Even late in the design process, microcode could easily be changed, whereas hard-wired CPU designs were very cumbersome to change. Thus, this greatly facilitated CPU design.”

      CPU manufacturers issue updates to CPU microcode if they find bugs in the microcode. So it is worthwhile making sure your PC is using the latest version of the microcode for your CPU. From an article referenced in my post:

      “All modern CPU vendors have a history of design and implementation defects, ranging from relatively benign stability issues to potential security vulnerabilities. The latest CPU errata release for second generation Intel Core processors describes a total of 120 “erratums”, or hardware bugs. Although most of these errata bugs are listed as “No Fix”, Intel has supported the ability to apply stability and security updates to the CPU in the form of microcode updates for well over a decade.”

      I have two laptops running Gentoo Linux. My Compal NBLB2 laptop uses an initramfs and I build the kernel image and initramfs file using the genkernel utility. My blog post Updating Intel CPU microcode from Gentoo Linux describes how I configured that installation to update the CPU microcode. My Clevo W230SS laptop does not use an initramfs, and I build the kernel using the standard procedure given in the Gentoo Handbook chapter Configuring the Linux kernel. My blog posts Gentoo Linux installations without initramfs: Updating Intel CPU microcode and Gentoo Linux installations without initramfs: Updating Intel CPU microcode revisited cover upgrading the CPU microcode for that type of installation.

      You can also read about updating the CPU microcode of Intel CPUs and AMD CPUs on the following Gentoo Wiki pages:

      Intel microcode

      AMD microcode

      Regarding your question about ‘miniscule commands’ taking much longer to execute the first time they are launched, that is highly unlikely to have anything to do with a bug in CPU microcode. If they run faster when they are launched subsequently, that sounds like caching to me. You can tell how long a command takes by using the time command like so:

      $ time date
      Fri 30 Sep 12:34:34 BST 2016

      real    0m0.001s
      user    0m0.000s
      sys     0m0.000s

      $ time cal
         September 2016
      Mo Tu We Th Fr Sa Su
                1  2  3  4
       5  6  7  8  9 10 11
      12 13 14 15 16 17 18
      19 20 21 22 23 24 25
      26 27 28 29 30
       
       
      real    0m0.001s
      user    0m0.000s
      sys     0m0.000s

      Try doing that the first time and subsequent times to find out the actual difference in execution time.

      Does the laptop’s HDD spin up the first time you enter a command? Also, have you looked in the system log file /var/log/messages for any error messages? Are there any error messages in the output of the dmesg command?

      You could post on the Gentoo Forums to ask if anyone has some ideas.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: