DevHeads.net

microcode updates and spectre variant 2

Koji contains linux-firmware-20171215-82.git2451bb22.fc27 which
contains intel-ucode from 20171117. But I don't know if this firmware
contains the microcode required to completely secure from Spectre
variant 2.

<a href="https://access.redhat.com/articles/3311301" title="https://access.redhat.com/articles/3311301">https://access.redhat.com/articles/3311301</a>
"This vulnerability requires both updated microcode and kernel patches"

Intel has released microcode 20180108, but there are no builds in koji
yet for this version so I manually applied them from
<a href="https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File" title="https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File">https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcod...</a>

and also updated the initramfs with dracut -f so the change is
persistent. This does change the microcode on my laptop compared to
the Fedora supplied microcode.

Intel doesn't provide very good release notes about what the microcode
is doing. Someone asked about this on a message board regarding the
2018 release, and the response is merely "we're looking into it".

<a href="https://communities.intel.com/message/518872#518872" title="https://communities.intel.com/message/518872#518872">https://communities.intel.com/message/518872#518872</a>