- AMD and Intel both are actively harming users by providing incomplete and delayed microcode updates (to Linux)
- Why microcode?
- Microcode updates provide functional and security fixes and are most importantly available out-of-band. This allows operating systems to provide rapid updates side stepping the need for vendor BIOS/EFI update releases and their installation.
This is most clear with AMD by the following two reasons. Their goal is to push cloud providers to enterprise platforms and discourage use of cheaper consumer platforms.
- AMD only provides direct microcode updates for enterprise platforms. Consumer platforms only get microcode updates via AGESA updates.
- Direct microcode updates are hot-loadable offering minimal downtime.
- AGESA updates would require eg. the shuffling of virtual machines to another system and a reboot of the host.
- AMD actively delays updates to consumer systems by 2-3 months
- This is before the delay from vendors providing system/motherboard updates
| bulletin | publication date | earliest enteprise microcode | earliest consumer agesa |
|---|---|---|---|
| AMD-SB-7005 | 2023-08-08 | 2023-06-09 | 2023-08-22 |
| AMD-SB-7008 | 2023-07-24 | 2023-06-06 | 2023-11-21 |
| AMD-SB-7014 | 2024-08-09 | 2024-05-03 | 2024-07-30 |
| provider | # supported cpuids | # outdated |
|---|---|---|
| Intel (official) | 290 | 120 |
| Intel (real-ucode) | 615 | 2 |
| AMD (linux-firmware) | 41 | 11 |
| AMD (real-ucode) | 106 | 3 |
- CentOS 9/Stream
- Fedora 38/39/40/41/etc.
- See the LICENSE file
- Fedora via Divested-RPM: https://divested.dev/index.php?page=software#divested-release
- Install the package
- Regenerate initramfs: dracut -f
- Reboot
- You can do this a few ways:
- Checking logs, eg.
journalctl -b0 | grep -i microcodethen-b-1 - Less reliable, running
lscpubefore and after, then diffing
- Checking logs, eg.
| Board | CPU | CPUID | Version | Change | Notes |
|---|---|---|---|---|---|
| ASUS M1605YA | 7530U | 00A50F00 | 302 | 0x0a50000d -> 0x0a50000f | |
| ASUS M5402RA | 6800H | 00A40F41 | 301 | 0x0a404101 -> 0x0a404102 | severe breakage, stuck at 400MHz after suspend |
| ASUS TUF Gaming X570 | 5900X | 00A20F10 | 5003 | already latest | |
| ASUS TUF Gaming X670E | 7950X | 00A60F12 | 1809 | already latest | |
| Gigabyte B450-DS3H | 3600 | 00870F10 | F65b | already latest | |
| Lenovo 15ACH6A | 5800H | 00A50F00 | G9CN33WW | 0x0a50000c -> 0x0a50000f | |
| Lenovo S340-15API | 3500U | 00810F81 | AMCN31WW | already latest | |
| MSI A5EFK | 5800H | 00A50F00 | E15CKAMS.10C | 0x0a50000? -> 0x0a50000f | |
| MSI A5M-288 | 5700U | 00860F81 | E155LAMS.115 | 0x08608103 -> 0x08608104 | |
| MSI X570 A-PRO | 5900X | 00A20F12 | 7C37vHL | 0x0a20120a -> 0x0a20120e |
- git clone [THIS REPO]
- CentOS: rpmbuild -ba real-ucode.spec
- Fedora: rpmbuild -ba real-ucode.spec
- git clone [THIS REPO]
- git clone https://github.com/platomav/CPUMicrocodes
- git clone https://github.com/AndyLavr/amd-ucodegen
- cd amd-ucodegen
- git apply ../amd-ucodegen-tweak.diff
- make
- cd ../CPUMicrocodes
- mv ../amd-ucodegen/amd-ucodegen .
- source ../process-amd.sh
- source ../process-intel.sh
- update version/date in real-ucode.spec
- commit it with the short git hash of the CPUMicrocodes repo
- Huge thanks to Plato Mavropoulos for the actual microcode collection
- Guenter Roeck for the AMD conversion program
- @chinobino for their extensive microcode collection
- Contributors to the Winraid/Level1Techs forum, such as @westlake, @lfb6, and @jen11, for additional microcode
- There is an Arch Linux port on the AUR by @moparisthebest:
- Forum threads for this are here:
- Determine CPUID:
cpuid | grep "processor serial number =" | head -n1 | sed 's/.* = //;s/-0000.*//;s/-//'