Bug 1598756

Summary: [SPECTRE/MELTDOWN] Intel microcode not updating --> [Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode to XXX (or later)
Product: [Fedora] Fedora Reporter: user <hlenor>
Component: microcode_ctlAssignee: Anton Arapov <aarapov>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 28CC: aarapov, jarodwilson, jonathan, mikedep333
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: microcode_ctl-2.1-24.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-07-16 18:25:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Spectre Meltdown Checker none

Description user 2018-07-06 12:04:20 UTC
Created attachment 1456992 [details]
Spectre Meltdown Checker

Description of problem:

Continuation from https://bugzilla.redhat.com/show_bug.cgi?id=1501362

On latest Fedora Atomic Workstation, initramfs regeneration enabled, microcode_ctl installed, rpm-ostree upgrade all applied and rebooted, dracut -fv applied the microcode just gets never upgraded.

$ cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 78
model name	: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
stepping	: 3
microcode	: 0x33
cpu MHz		: 800.022
cache size	: 3072 KB
physical id	: 0
siblings	: 4
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 22
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass
bogomips	: 4800.00
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management:

Version-Release number of selected component (if applicable):
microcode_ctl-2.1-23

How reproducible:

I suspect it's not just bound to the Atomic Workstation but the regular one as well, however I'll list the steps I did

Steps to Reproduce:
1. rpm-ostree install microcode_ctl
2. rpm-ostree upgrade
3. systemctl reboot
4. dracut -fv
5. systemctl reboot
6. cat /proc/cpuinfo

= Microcode not updated (in my case 0x33).

7. rpm-ostree initramfs --enable
8. dracut -fv
9. systemctl reboot
10. cat /proc/cpuinfo 

= Microcode not updated, vulnerable to spectre/meltdown.

Actual results:

Microcode as supplied by BIOS-Vendor (sadly no BIOS-Update existing)

Expected results:

Correctly updated Microcode

Additional info:

See attachment sh-script for checking the vulernabilities

Comment 1 Fedora Update System 2018-07-09 08:16:31 UTC
microcode_ctl-2.1-24.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2005870f6f

Comment 2 Fedora Update System 2018-07-11 23:40:47 UTC
microcode_ctl-2.1-24.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2005870f6f

Comment 3 Fedora Update System 2018-07-16 18:25:59 UTC
microcode_ctl-2.1-24.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.